Segmentation fault in lit_is_valid_cesu8_string

[renatahodovan]

JerryScipt version:

Checked revision: e944cdaa

Build command: ./tools/build.py --clean --debug --compile-flag=-m32 --profile=es2015-subset --system-allocator=on --error-messages=on --logging=on

OS:

Linux-4.15.0-43-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

Test case

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x5658493d in lit_is_valid_cesu8_string (cesu8_buf_p=0x5671c000 <error: Cannot access memory at address 0x5671c000>, buf_size=4096)
    at jerryscript/jerry-core/lit/lit-strings.c:135
135     lit_utf8_byte_t c = cesu8_buf_p[idx++];
(gdb) bt
#0  0x5658493d in lit_is_valid_cesu8_string (cesu8_buf_p=0x5671c000 <error: Cannot access memory at address 0x5671c000>, 
    buf_size=4096) at jerryscript/jerry-core/lit/lit-strings.c:135
#1  0x565c080f in ecma_new_ecma_string_from_utf8 (string_p=0x5671c000 <error: Cannot access memory at address 0x5671c000>, 
    string_size=4096) at jerryscript/jerry-core/ecma/base/ecma-helpers-string.c:249
#2  0x565704d6 in parser_module_add_item_to_node (context_p=0xffffcb7c, module_node_p=0xffffca9c, import_name_p=0x566fa4a4, 
    local_name_p=0x566fa4a4, is_import_item=false) at jerryscript/jerry-core/parser/js/js-parser-module.c:246
#3  0x56570920 in parser_module_parse_export_item_list (context_p=0xffffcb7c)
    at jerryscript/jerry-core/parser/js/js-parser-module.c:422
#4  0x56557232 in parser_parse_export_statement (context_p=0xffffcb7c)
    at jerryscript/jerry-core/parser/js/js-parser-statm.c:1758
#5  0x5655789c in parser_parse_statements (context_p=0xffffcb7c)
    at jerryscript/jerry-core/parser/js/js-parser-statm.c:2077
#6  0x56588d8a in parser_parse_source (arg_list_p=0x0, arg_list_size=0, source_p=0x565f90e0 <buffer.lto_priv> "export {}\n", 
    source_size=10, parse_opts=0, error_location_p=0xffffccf8)
    at jerryscript/jerry-core/parser/js/js-parser.c:2468
#7  0x56589936 in parser_parse_script (arg_list_p=0x0, arg_list_size=0, source_p=0x565f90e0 <buffer.lto_priv> "export {}\n", 
    source_size=10, parse_opts=0, bytecode_data_p=0xffffcd50)
    at jerryscript/jerry-core/parser/js/js-parser.c:2937
#8  0x565b4be0 in jerry_parse (resource_name_p=0xffffd178 "/home/reni/work/fuzzer/data/fuzzinator-configs/test.js", 
    resource_name_length=54, source_p=0x565f90e0 <buffer.lto_priv> "export {}\n", source_size=10, parse_opts=0)
    at jerryscript/jerry-core/api/jerry.c:406
#9  0x565b3810 in main (argc=2, argv=0xffffcf54) at jerryscript/jerry-main/main-unix.c:733

If JerryScript was built with:

./tools/build.py --clean --debug --profile=es2015-subset --error-messages=on --logging=on

the test causes an assertion failure:

ICE: Assertion 'string_p != NULL || string_size == 0' failed at jerryscript/jerry-core/ecma/base/ecma-helpers-string.c(ecma_new_ecma_string_from_utf8):248.
Error: ERR_FAILED_INTERNAL_ASSERTION

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff7a24801 in __GI_abort () at abort.c:79
#2  0x000055555555f6e3 in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION)
    at jerryscript/jerry-port/default/default-fatal.c:71
#3  0x0000555555588ce2 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION)
    at jerryscript/jerry-core/jrt/jrt-fatals.c:58
#4  0x0000555555588d34 in jerry_assert_fail (assertion=0x5555555ee228 "string_p != NULL || string_size == 0", 
    file=0x5555555ee0d8 "jerryscript/jerry-core/ecma/base/ecma-helpers-string.c", 
    function=0x5555555d4cb0 <__func__.3360.lto_priv.716> "ecma_new_ecma_string_from_utf8", line=248)
    at jerryscript/jerry-core/jrt/jrt-fatals.c:82
#5  0x00005555555cd88e in ecma_new_ecma_string_from_utf8 (string_p=0x0, string_size=4096)
    at jerryscript/jerry-core/ecma/base/ecma-helpers-string.c:248
#6  0x0000555555574794 in parser_module_add_item_to_node (context_p=0x7fffffffd7b0, module_node_p=0x7fffffffd650, 
    import_name_p=0x5555558ff558 <jerry_global_heap+352>, local_name_p=0x5555558ff558 <jerry_global_heap+352>, 
    is_import_item=false) at jerryscript/jerry-core/parser/js/js-parser-module.c:246
#7  0x0000555555574c41 in parser_module_parse_export_item_list (context_p=0x7fffffffd7b0)
    at jerryscript/jerry-core/parser/js/js-parser-module.c:422
#8  0x0000555555559acc in parser_parse_export_statement (context_p=0x7fffffffd7b0)
    at jerryscript/jerry-core/parser/js/js-parser-statm.c:1758
#9  0x000055555555a23f in parser_parse_statements (context_p=0x7fffffffd7b0)
    at jerryscript/jerry-core/parser/js/js-parser-statm.c:2077
#10 0x000055555558f204 in parser_parse_source (arg_list_p=0x0, arg_list_size=0, 
    source_p=0x5555557fe100 <buffer.lto_priv> "export {}\n", source_size=10, parse_opts=0, error_location_p=0x7fffffffd9dc)
    at jerryscript/jerry-core/parser/js/js-parser.c:2468
#11 0x000055555558fef2 in parser_parse_script (arg_list_p=0x0, arg_list_size=0, 
    source_p=0x5555557fe100 <buffer.lto_priv> "export {}\n", source_size=10, parse_opts=0, bytecode_data_p=0x7fffffffda50)
    at jerryscript/jerry-core/parser/js/js-parser.c:2937
#12 0x00005555555c289d in jerry_parse (resource_name_p=0x7fffffffe174 "/home/reni/work/fuzzer/data/fuzzinator-configs/test.js", 
    resource_name_length=54, source_p=0x5555557fe100 <buffer.lto_priv> "export {}\n", source_size=10, parse_opts=0)
    at jerryscript/jerry-core/api/jerry.c:406
#13 0x00005555555c13f4 in main (argc=3, argv=0x7fffffffdd88) at jerryscript/jerry-main/main-unix.c:733

^{Found by Fuzzinator with grammarinator.}

[rerobika]

Closing the issue since it has been fixed via #2792.