Assertion 'literal_p->prop.index >= register_count' failed in parser_post_processing #2699
Description
Jerry version:
Checked revision: 93ec2266
Build command: ./tools/build.py --clean --debug --compile-flag=-m32 --profile=es2015-subset --system-allocator=on --error-messages=on --logging=on
OS:
Linux-4.15.0-43-generic-x86_64-with-Ubuntu-18.04-bionic
Test case:
Uint8Array.from(Uint32Array,
function ( JSON ) {
arguments
function JSON( ) { }
});Backtrace:
ICE: Assertion 'literal_p->prop.index >= register_count' failed at jerryscript/jerry-core/parser/js/js-parser.c(parser_post_processing):2089.
Error: ERR_FAILED_INTERNAL_ASSERTION
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff7a24801 in __GI_abort () at abort.c:79
#2 0x000055555555f2f6 in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-port/default/default-fatal.c:71
#3 0x000055555558b3a3 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:58
#4 0x000055555558b3f5 in jerry_assert_fail (assertion=0x5555555de9d8 "literal_p->prop.index >= register_count", file=0x5555555de600 "jerryscript/jerry-core/parser/js/js-parser.c",
function=0x5555555d4ab0 <__func__.5156.lto_priv.396> "parser_post_processing", line=2089) at jerryscript/jerry-core/jrt/jrt-fatals.c:82
#5 0x0000555555590fd1 in parser_post_processing (context_p=0x7fffffffdc30) at jerryscript/jerry-core/parser/js/js-parser.c:2089
#6 0x0000555555591e22 in parser_parse_function (context_p=0x7fffffffdc30, status_flags=14) at jerryscript/jerry-core/parser/js/js-parser.c:2640
#7 0x000055555556f516 in lexer_construct_function_object (context_p=0x7fffffffdc30, extra_status_flags=14) at jerryscript/jerry-core/parser/js/js-lexer.c:1992
#8 0x0000555555571d14 in parser_parse_function_expression (context_p=0x7fffffffdc30, status_flags=14) at jerryscript/jerry-core/parser/js/js-parser-expr.c:954
#9 0x0000555555572640 in parser_parse_unary_expression (context_p=0x7fffffffdc30, grouping_level_p=0x7fffffffda58) at jerryscript/jerry-core/parser/js/js-parser-expr.c:1324
#10 0x0000555555574352 in parser_parse_expression (context_p=0x7fffffffdc30, options=4) at jerryscript/jerry-core/parser/js/js-parser-expr.c:2158
#11 0x0000555555572eaf in parser_process_unary_expression (context_p=0x7fffffffdc30) at jerryscript/jerry-core/parser/js/js-parser-expr.c:1624
#12 0x000055555557435e in parser_parse_expression (context_p=0x7fffffffdc30, options=2) at jerryscript/jerry-core/parser/js/js-parser-expr.c:2163
#13 0x000055555555a657 in parser_parse_statements (context_p=0x7fffffffdc30) at jerryscript/jerry-core/parser/js/js-parser-statm.c:2110
#14 0x00005555555916c4 in parser_parse_source (arg_list_p=0x0, arg_list_size=0,
source_p=0x5555557f5100 <buffer.lto_priv> "Uint8Array.from(Uint32Array,\n function ( JSON ) {\n arguments \n function JSON( ) { }\n});\n", source_size=105, parse_opts=0,
error_location_p=0x7fffffffde44) at jerryscript/jerry-core/parser/js/js-parser.c:2397
#15 0x0000555555592356 in parser_parse_script (arg_list_p=0x0, arg_list_size=0,
source_p=0x5555557f5100 <buffer.lto_priv> "Uint8Array.from(Uint32Array,\n function ( JSON ) {\n arguments \n function JSON( ) { }\n});\n", source_size=105, parse_opts=0,
bytecode_data_p=0x7fffffffde90) at jerryscript/jerry-core/parser/js/js-parser.c:2848
#16 0x00005555555c236a in jerry_parse (resource_name_p=0x7fffffffe4d2 "test.js", resource_name_length=7,
source_p=0x5555557f5100 <buffer.lto_priv> "Uint8Array.from(Uint32Array,\n function ( JSON ) {\n arguments \n function JSON( ) { }\n});\n", source_size=105, parse_opts=0)
at jerryscript/jerry-core/api/jerry.c:401
#17 0x00005555555c0f0c in main (argc=3, argv=0x7fffffffe1b8) at jerryscript/jerry-main/main-unix.c:667
Found by Fuzzinator with grammarinator.