Assertion '((jmem_cpointer_t) uint_ptr) == uint_ptr' failed in jmem_decompress_pointer #2528
Description
Jerry version:
Checked revision: 2d83d8ed
Build command: ./tools/build.py --clean --debug --error-messages=on --profile=es2015-subset --logging=on
OS:
Ubuntu 18.04, x86_64
Test case:
for ( /a/ in yield => { } , yield => { } , yield => { } ) throw 1Backtrace:
ICE: Assertion '((jmem_cpointer_t) uint_ptr) == uint_ptr' failed at jerryscript/jerry-core/jmem/jmem-allocator.c(jmem_decompress_pointer):219.
Error: ERR_FAILED_INTERNAL_ASSERTION
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff6e43801 in __GI_abort () at abort.c:79
#2 0x00000000006ce0c5 in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-port/default/default-fatal.c:71
#3 0x00000000005c40de in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:63
#4 0x00000000005c4136 in jerry_assert_fail (assertion=0x71de20 <.str.7> "((jmem_cpointer_t) uint_ptr) == uint_ptr",
file=0x71dbc0 <.str.1> "jerryscript/jerry-core/jmem/jmem-allocator.c", function=0x71dde0 <__func__.jmem_decompress_pointer> "jmem_decompress_pointer", line=219)
at jerryscript/jerry-core/jrt/jrt-fatals.c:87
#5 0x00000000005c0abd in jmem_decompress_pointer (compressed_pointer=4325382) at jerryscript/jerry-core/jmem/jmem-allocator.c:219
#6 0x000000000059db93 in ecma_op_function_get_compiled_code (function_p=0x1559098 <jerry_global_heap+248>) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:299
#7 ecma_op_function_list_lazy_property_names (object_p=0x1559098 <jerry_global_heap+248>, separate_enumerable=true, main_collection_p=0x15590b8 <jerry_global_heap+280>,
non_enum_collection_p=0x15590b0 <jerry_global_heap+272>) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1122
#8 0x00000000005b34c2 in ecma_op_object_get_property_names (obj_p=0x1559098 <jerry_global_heap+248>, is_array_indices_only=false, is_enumerable_only=true, is_with_prototype_chain=true)
at jerryscript/jerry-core/ecma/operations/ecma-objects.c:1399
#9 0x00000000006c4df8 in opfunc_for_in (left_value=251, result_obj_p=0x7fffffffaf40) at jerryscript/jerry-core/vm/opcodes.c:259
#10 0x00000000006044f7 in vm_loop (frame_ctx_p=0x7fffffffd500) at jerryscript/jerry-core/vm/vm.c:2385
#11 0x00000000005f42e3 in vm_execute (frame_ctx_p=0x7fffffffd500, arg_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:3051
#12 0x00000000005f37d0 in vm_run (bytecode_header_p=0x15592e8 <jerry_global_heap+840>, this_binding_value=27, lex_env_p=0x1558fd0 <jerry_global_heap+48>, parse_opts=0, arg_list_p=0x0, arg_list_len=0)
at jerryscript/jerry-core/vm/vm.c:3144
#13 0x00000000005f2c2d in vm_run_global (bytecode_p=0x15592e8 <jerry_global_heap+840>) at jerryscript/jerry-core/vm/vm.c:227
#14 0x000000000051c2d3 in jerry_run (func_val=203) at jerryscript/jerry-core/api/jerry.c:534
#15 0x000000000051514d in main (argc=3, argv=0x7fffffffe058) at jerryscript/jerry-main/main-unix.c:676
Found by Fuzzinator with grammarinator.