Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEGV /jerryscript/jerry-core/vm/vm.c:1648:55 in vm_loop #5114

Closed
Qbtly opened this issue Nov 23, 2023 · 0 comments · Fixed by #5145
Closed

SEGV /jerryscript/jerry-core/vm/vm.c:1648:55 in vm_loop #5114

Qbtly opened this issue Nov 23, 2023 · 0 comments · Fixed by #5145

Comments

@Qbtly
Copy link

Qbtly commented Nov 23, 2023

JerryScript revision

ff9ff8f

Build platform

Ubuntu 22.04.3

Build steps
python ./tools/build.py --builddir=xxx --clean --debug --compile-flag=-fsanitize=address --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --stack-limit=20
Test case
function JSEtest() {
    var a;
    for (a[a = class b { }] = [ this ]; ;)
        break;
}
  with (JSEtest)  {  for ( const  a = 0; a < 130; a++)
{
 try {    while (a < 3) {
         var c = class extends  constructor  { static { } ; } ; 
    }   } catch (err) {  } 
}  }  
Execution steps
./xxx/bin/jerry poc.js
Output(Debug)
ICE: Assertion 'block_found' failed at /jerryscript/jerry-core/parser/js/js-parser-statm.c(parser_parse_try_statement_end):1922.
Error: JERRY_FATAL_FAILED_ASSERTION
Aborted
Backtrace
Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140737350406336) at ./nptl/pthread_kill.c:44
44	./nptl/pthread_kill.c: No such file or directory.
(gdb) bt
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737350406336) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=140737350406336) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=140737350406336, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff7cb4476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff7c9a7f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00005555558742f5 in jerry_port_fatal (code=code@entry=JERRY_FATAL_FAILED_ASSERTION) at /jerryscript/jerry-port/common/jerry-port-process.c:29
#6  0x00005555557623b8 in jerry_fatal (code=code@entry=JERRY_FATAL_FAILED_ASSERTION) at /jerryscript/jerry-core/jrt/jrt-fatals.c:63
#7  0x000055555576226c in jerry_assert_fail (assertion=<optimized out>, file=<optimized out>, function=<optimized out>, line=line@entry=1922) at /jerryscript/jerry-core/jrt/jrt-fatals.c:83
#8  0x000055555586106c in parser_parse_try_statement_end (context_p=0x7fffffffdd20) at /jerryscript/jerry-core/parser/js/js-parser-statm.c:1922
#9  parser_parse_statements (context_p=0x7fffffffdd20) at /jerryscript/jerry-core/parser/js/js-parser-statm.c:3132
#10 0x000055555577c016 in parser_parse_source (source_p=source_p@entry=0x7ffff5e00aa0, parse_opts=parse_opts@entry=0, options_p=options_p@entry=0x7ffff5f00830)
    at /jerryscript/jerry-core/parser/js/js-parser.c:2280
#11 0x000055555577a391 in parser_parse_script (source_p=0x3ad128, source_p@entry=0x7ffff5e00aa0, parse_opts=3854632, parse_opts@entry=0, options_p=0x6, options_p@entry=0x7ffff5f00830)
    at /jerryscript/jerry-core/parser/js/js-parser.c:3326
#12 0x000055555568d3ca in jerry_parse_common (source_p=0x7ffff5e00aa0, options_p=options_p@entry=0x7ffff5f00830, parse_opts=parse_opts@entry=0) at /jerryscript/jerry-core/api/jerryscript.c:412
#13 0x000055555568d22c in jerry_parse (source_p=<optimized out>, source_size=<optimized out>, options_p=<optimized out>) at /jerryscript/jerry-core/api/jerryscript.c:480
#14 0x0000555555872962 in jerryx_source_parse_script (path_p=<optimized out>) at /jerryscript/jerry-ext/util/sources.c:52
#15 0x0000555555872b54 in jerryx_source_exec_script (path_p=0x3ad128 <error: Cannot access memory at address 0x3ad128>) at /jerryscript/jerry-ext/util/sources.c:63
#16 0x00005555556860bc in main (argc=<optimized out>, argv=<optimized out>) at /jerryscript/jerry-main/main-desktop.c:156
Output(Release)
Program received signal SIGSEGV, Segmentation fault.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3586260==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x55eb8a697df2 bp 0x7ffc5c8bad00 sp 0x7ffc5c8bab00 T0)
==3586260==The signal is caused by a WRITE memory access.
==3586260==Hint: address points to the zero page.
    #0 0x55eb8a697df2 in vm_loop /jerryscript/jerry-core/vm/vm.c:1648:55
    #1 0x55eb8a68d287 in vm_execute /jerryscript/jerry-core/vm/vm.c:5211:37
    #2 0x55eb8a68c1a1 in vm_run /jerryscript/jerry-core/vm/vm.c:5312:10
    #3 0x55eb8a68bec8 in vm_run_global /jerryscript/jerry-core/vm/vm.c:286:25
    #4 0x55eb8a5ba4c6 in jerry_run /jerryscript/jerry-core/api/jerryscript.c:554:24
    #5 0x55eb8a71f984 in jerryx_source_exec_script /jerryscript/jerry-ext/util/sources.c:68:14
    #6 0x55eb8a5b55b2 in main /jerryscript/jerry-main/main-desktop.c:156:20
    #7 0x7f9cc50f9d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #8 0x7f9cc50f9e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #9 0x55eb8a4f5424 in _start (/jerryscript/0323re/bin/jerry+0x41424) (BuildId: efa40b4121fb9ed9276f89fc661eef85c730ab65)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /jerryscript/jerry-core/vm/vm.c:1648:55 in vm_loop
==3586260==ABORTING
@Qbtly Qbtly changed the title Assertion 'block_found' failed at /jerryscript/jerry-core/parser/js/js-parser-statm.c(parser_parse_try_statement_end):1922 SEGV /jerryscript/jerry-core/vm/vm.c:1648:55 in vm_loop Mar 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant