Assertion 'lit_is_valid_cesu8_string (string_p, string_size)' failed in ecma_new_ecma_string_from_utf8 #2769
Description
Jerry version:
Checked revision: d4e27d30
Build command: ./tools/build.py --clean --debug --profile=es2015-subset --error-messages=on --logging=on
OS:
Linux-4.15.0-43-generic-x86_64-with-Ubuntu-18.04-bionic
Test case:
delete JSON[Symbol.toStringTag];
JSON[Symbol.toStringTag ] = "𖠀";
Map.prototype.toString.call(JSON);Backtrace:
ICE: Assertion 'lit_is_valid_cesu8_string (string_p, string_size)' failed at jerryscript/jerry-core/ecma/base/ecma-helpers-string.c(ecma_new_ecma_string_from_utf8):247.
Error: ERR_FAILED_INTERNAL_ASSERTION
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff7a24801 in __GI_abort () at abort.c:79
#2 0x000055555555f7d3 in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-port/default/default-fatal.c:71
#3 0x000055555558aef0 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:58
#4 0x000055555558af42 in jerry_assert_fail (assertion=0x5555555eb990 "lit_is_valid_cesu8_string (string_p, string_size)",
file=0x5555555e7328 "jerryscript/jerry-core/ecma/base/ecma-helpers-string.c", function=0x5555555d2490 <__func__.3354.lto_priv.688> "ecma_new_ecma_string_from_utf8", line=247)
at jerryscript/jerry-core/jrt/jrt-fatals.c:82
#5 0x00005555555cd17e in ecma_new_ecma_string_from_utf8 (string_p=0x5555558fc5a8 <jerry_global_heap+448> "[object 𖠀]\004\005\005\330\002", string_size=13)
at jerryscript/jerry-core/ecma/base/ecma-helpers-string.c:247
#6 0x00005555555b6082 in ecma_builtin_helper_object_to_string_tag_helper (tag_value=641) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-helpers.c:92
#7 0x00005555555b6244 in ecma_builtin_helper_object_to_string (this_arg=219) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-helpers.c:155
#8 0x00005555555874f4 in ecma_builtin_object_prototype_object_to_string (this_arg=219) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-object-prototype.c:59
#9 0x000055555558746f in ecma_builtin_object_prototype_dispatch_routine (builtin_routine_id=64, this_arg_value=219, arguments_list=0x7fffffffd844, arguments_number=0)
at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-object-prototype.inc.h:32
#10 0x00005555555bb90d in ecma_builtin_dispatch_routine (builtin_object_id=ECMA_BUILTIN_ID_OBJECT_PROTOTYPE, builtin_routine_id=64, this_arg_value=219, arguments_list_p=0x7fffffffd844,
arguments_list_len=0) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1016
#11 0x00005555555bba5f in ecma_builtin_dispatch_call (obj_p=0x5555558fc568 <jerry_global_heap+384>, this_arg_value=219, arguments_list_p=0x7fffffffda88, arguments_list_len=0)
at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1041
#12 0x000055555559fa9e in ecma_op_function_call (func_obj_p=0x5555558fc568 <jerry_global_heap+384>, this_arg_value=219, arguments_list_p=0x7fffffffda88, arguments_list_len=0)
at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:717
#13 0x000055555557fc14 in ecma_builtin_function_prototype_object_call (this_arg=387, arguments_list_p=0x7fffffffda84, arguments_number=1)
at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-function-prototype.c:219
#14 0x000055555557f7fe in ecma_builtin_function_prototype_dispatch_routine (builtin_routine_id=66, this_arg_value=387, arguments_list=0x7fffffffda84, arguments_number=1)
at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-function-prototype.inc.h:42
#15 0x00005555555bb90d in ecma_builtin_dispatch_routine (builtin_object_id=ECMA_BUILTIN_ID_FUNCTION_PROTOTYPE, builtin_routine_id=66, this_arg_value=387, arguments_list_p=0x7fffffffda84,
arguments_list_len=1) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1016
#16 0x00005555555bba5f in ecma_builtin_dispatch_call (obj_p=0x5555558fc588 <jerry_global_heap+416>, this_arg_value=387, arguments_list_p=0x7fffffffdd2c, arguments_list_len=1)
at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1041
#17 0x000055555559fa9e in ecma_op_function_call (func_obj_p=0x5555558fc588 <jerry_global_heap+416>, this_arg_value=387, arguments_list_p=0x7fffffffdd2c, arguments_list_len=1)
at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:717
#18 0x0000555555595c48 in opfunc_call.lto_priv.386 (frame_ctx_p=0x7fffffffdd70) at jerryscript/jerry-core/vm/vm.c:541
#19 0x000055555557775b in vm_execute (frame_ctx_p=0x7fffffffdd70, arg_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:3463
#20 0x0000555555577a0b in vm_run (bytecode_header_p=0x5555558fc680 <jerry_global_heap+664>, this_binding_value=27, lex_env_p=0x5555558fc418 <jerry_global_heap+48>, parse_opts=0, arg_list_p=0x0,
arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:3575
#21 0x00005555555956e9 in vm_run_global (bytecode_p=0x5555558fc680 <jerry_global_heap+664>) at jerryscript/jerry-core/vm/vm.c:242
#22 0x00005555555c2483 in jerry_run (func_val=203) at jerryscript/jerry-core/api/jerry.c:547
#23 0x00005555555c0d7f in main (argc=3, argv=0x7fffffffe1a8) at jerryscript/jerry-main/main-unix.c:676
Found by Fuzzinator with grammarinator.