terminate called after throwing an instance of 'Escargot::esprima::Error*' in Escargot::esprima::Parser::parsePrimaryExpression

Question

terminate called after throwing an instance of 'Escargot::esprima::Error*' in Escargot::esprima::Parser::parsePrimaryExpression

Ye0nny opened this issue a year ago · 1 comments

Escargot

OS: Ubuntu 20.04.5 LTS (Linux 5.4.0-144-generic x86_64)
Revision : 023b7ea

Build Steps

cmake -DCMAKE_CXX_FLAGS=-fsanitize=address -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=shell -GNinja

Describe the bug
Aborted

Test case

testcase

var r = new Uint8Array ( 1 ) ; class n extends Int8Array { constructor ( r ) { super ( r ) ; eval ( " super ( ) ; 0 " ) ; } } r. constructor = n, r. map ( function ( ) { } ) ; func0 ( ) ;

// poc.js
var r = new Uint8Array ( 1 ) ;
class n extends Int8Array {
        constructor ( r ) {
                super ( r ) ;
                eval ( " super ( ) ; " ) ;
        }
}
r. constructor = n, r. map ( function ( ) { } ) ;

Execution steps & Output

$ ./escargot poc.js
terminate called after throwing an instance of 'Escargot::esprima::Error*'
Aborted

Backtrace

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7a70859 in __GI_abort () at abort.c:79
#2  0x00007ffff7e488d1 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#3  0x00007ffff7e5437c in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#4  0x00007ffff7e543e7 in std::terminate() () from /lib/x86_64-linux-gnu/libstdc++.so.6
#5  0x00007ffff7e54699 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6
#6  0x00005555557cf464 in Escargot::EscargotLexer::ErrorHandler::throwError (index=1, line=1, col=2, description=0xe72f0, code=Escargot::ErrorCode::SyntaxError) at src/parser/Lexer.cpp:482
#7  0x000055555581edc8 in Escargot::esprima::Parser::throwUnexpectedToken (this=0x7fffffffd420, token=..., message=0x0) at src/parser/esprima_cpp/esprima.cpp:646
#8  0x000055555581fce3 in Escargot::esprima::Parser::throwIfSuperOperationIsNotAllowed (this=0x7fffffffd420) at src/parser/esprima_cpp/esprima.cpp:864
#9  0x0000555555846ec5 in Escargot::esprima::Parser::parsePrimaryExpression<Escargot::NodeGenerator> (this=0x7fffffffd420, builder=...) at src/parser/esprima_cpp/esprima.cpp:1223
#10 0x000055555584aef1 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::NodeGenerator, Escargot::Node* (Escargot::esprima::Parser::*)(Escargot::NodeGenerator&)> (this=0x7fffffffd420, builder=..., parseFunction=
    (class Escargot::Node *(Escargot::esprima::Parser::*)(class Escargot::esprima::Parser * const, class Escargot::NodeGenerator &)) 0x5555558461c0 <Escargot::esprima::Parser::parsePrimaryExpression<Escargot::NodeGenerator>(Escargot::NodeGenerator&)>) at src/parser/esprima_cpp/esprima.cpp:1013
#11 0x000055555586d45d in Escargot::esprima::Parser::parseLeftHandSideExpressionAllowCall<Escargot::NodeGenerator> (this=0x7fffffffd420, builder=...) at src/parser/esprima_cpp/esprima.cpp:2482
#12 0x000055555584aef1 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::NodeGenerator, Escargot::Node* (Escargot::esprima::Parser::*)(Escargot::NodeGenerator&)> (this=0x7fffffffd420, builder=..., parseFunction=
    (class Escargot::Node *(Escargot::esprima::Parser::*)(class Escargot::esprima::Parser * const, class Escargot::NodeGenerator &)) 0x55555586d0d4 <Escargot::esprima::Parser::parseLeftHandSideExpressionAllowCall<Escargot::NodeGenerator>(Escargot::NodeGenerator&)>) at src/parser/esprima_cpp/esprima.cpp:1013
#13 0x000055555588ac6b in Escargot::esprima::Parser::parseUpdateExpression<Escargot::NodeGenerator> (this=0x7fffffffd420, builder=...) at src/parser/esprima_cpp/esprima.cpp:2772
#14 0x0000555555873d39 in Escargot::esprima::Parser::parseUnaryExpression<Escargot::NodeGenerator> (this=0x7fffffffd420, builder=...) at src/parser/esprima_cpp/esprima.cpp:2929
#15 0x000055555584aef1 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::NodeGenerator, Escargot::Node* (Escargot::esprima::Parser::*)(Escargot::NodeGenerator&)> (this=0x7fffffffd420, builder=..., parseFunction=
    (class Escargot::Node *(Escargot::esprima::Parser::*)(class Escargot::esprima::Parser * const, class Escargot::NodeGenerator &)) 0x5555558731a2 <Escargot::esprima::Parser::parseUnaryExpression<Escargot::NodeGenerator>(Escargot::NodeGenerator&)>) at src/parser/esprima_cpp/esprima.cpp:1013
#16 0x000055555585ee1f in Escargot::esprima::Parser::parseExponentiationExpression<Escargot::NodeGenerator> (this=0x7fffffffd420, builder=...) at src/parser/esprima_cpp/esprima.cpp:2937
#17 0x000055555584aef1 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::NodeGenerator, Escargot::Node* (Escargot::esprima::Parser::*)(Escargot::NodeGenerator&)> (this=0x7fffffffd420, builder=..., parseFunction=
    (class Escargot::Node *(Escargot::esprima::Parser::*)(class Escargot::esprima::Parser * const, class Escargot::NodeGenerator &)) 0x55555585ecfc <Escargot::esprima::Parser::parseExponentiationExpression<Escargot::NodeGenerator>(Escargot::NodeGenerator&)>) at src/parser/esprima_cpp/esprima.cpp:1013
#18 0x000055555584a601 in Escargot::esprima::Parser::parseBinaryExpression<Escargot::NodeGenerator> (this=0x7fffffffd420, builder=...) at src/parser/esprima_cpp/esprima.cpp:3035
#19 0x000055555584aef1 in Escargot::esprima::Parser::inheritCoverGrammar<Escargot::NodeGenerator, Escargot::Node* (Escargot::esprima::Parser::*)(Escargot::NodeGenerator&)> (this=0x7fffffffd420, builder=..., parseFunction=
    (class Escargot::Node *(Escargot::esprima::Parser::*)(class Escargot::esprima::Parser * const, class Escargot::NodeGenerator &)) 0x55555584a4c2 <Escargot::esprima::Parser::parseBinaryExpression<Escargot::NodeGenerator>(Escargot::NodeGenerator&)>) at src/parser/esprima_cpp/esprima.cpp:1013
#20 0x000055555583c03e in Escargot::esprima::Parser::parseConditionalExpression<Escargot::NodeGenerator> (this=0x7fffffffd420, builder=...) at src/parser/esprima_cpp/esprima.cpp:3186
#21 0x000055555583a193 in Escargot::esprima::Parser::parseAssignmentExpression<Escargot::NodeGenerator, false> (this=0x7fffffffd420, builder=...) at src/parser/esprima_cpp/esprima.cpp:3228
#22 0x000055555583bc7b in Escargot::esprima::Parser::isolateCoverGrammar<Escargot::NodeGenerator, Escargot::Node* (Escargot::esprima::Parser::*)(Escargot::NodeGenerator&)> (this=0x7fffffffd420, builder=..., parseFunction=
    (class Escargot::Node *(Escargot::esprima::Parser::*)(class Escargot::esprima::Parser * const, class Escargot::NodeGenerator &)) 0x555555839ed4 <Escargot::esprima::Parser::parseAssignmentExpression<Escargot::NodeGenerator, false>(Escargot::NodeGenerator&)>) at src/parser/esprima_cpp/esprima.cpp:989
#23 0x0000555555850560 in Escargot::esprima::Parser::parseExpression<Escargot::NodeGenerator> (this=0x7fffffffd420, builder=...) at src/parser/esprima_cpp/esprima.cpp:3609
#24 0x0000555555855de5 in Escargot::esprima::Parser::parseExpressionStatement<Escargot::NodeGenerator> (this=0x7fffffffd420, builder=...) at src/parser/esprima_cpp/esprima.cpp:4065
#25 0x0000555555845dc9 in Escargot::esprima::Parser::parseStatement<Escargot::NodeGenerator> (this=0x7fffffffd420, builder=..., allowFunctionDeclaration=true, shouldTopLevelDeclaration=false) at src/parser/esprima_cpp/esprima.cpp:4972
#26 0x00005555558396b9 in Escargot::esprima::Parser::parseStatementListItem<Escargot::NodeGenerator> (this=0x7fffffffd420, builder=...) at src/parser/esprima_cpp/esprima.cpp:3662
#27 0x0000555555823158 in Escargot::esprima::Parser::parseProgram (this=0x7fffffffd420, builder=...) at src/parser/esprima_cpp/esprima.cpp:6895
#28 0x000055555582449e in Escargot::esprima::parseProgram (ctx=0xa3af0, source=..., outerClassInfo=0x555555d17bb0, isModule=false, strictFromOutside=true, inWith=false, allowSuperCallFromOutside=false, allowSuperPropertyFromOutside=false, allowNewTargetFromOutside=false, allowArgumentsFromOutside=true)
    at src/parser/esprima_cpp/esprima.cpp:7121
#29 0x00005555557055a5 in Escargot::ByteCodeGenerator::collectByteCodeLOCData (context=0xa3af0, codeBlock=0xd6b70, locData=0x555555d19600) at src/interpreter/ByteCodeGenerator.cpp:311
#30 0x00005555556edf8f in Escargot::ByteCodeBlock::fillLOCData (this=0xd9d30, context=0xa3af0, locData=0x555555d19600) at src/interpreter/ByteCode.cpp:172
#31 0x00005555556ee0e0 in Escargot::ByteCodeBlock::computeNodeLOCFromByteCode (this=0xd9d30, c=0xa3af0, codePosition=40, cb=0xd6b70, locData=0x555555d19600) at src/interpreter/ByteCode.cpp:187
#32 0x0000555555958b4d in Escargot::SandBox::processCatch (this=0x7fffffffdf30, error=..., result=...) at src/runtime/SandBox.cpp:78
#33 0x0000555555958d3f in Escargot::SandBox::run (this=0x7fffffffdf30, scriptRunner=0x5555556418a7 <Escargot::Evaluator::<lambda(Escargot::ExecutionState&, void*)>::_FUN(Escargot::ExecutionState &, void *)>, data=0x7fffffffdee0) at src/runtime/SandBox.cpp:113
#34 0x00005555556419a0 in Escargot::Evaluator::executeFunction (ctx=0xa3af0,
    runner=0x5555559aa0bd <Escargot::Evaluator::executeImpl<Escargot::ContextRef, Escargot::ScriptRef*>(Escargot::ContextRef*, Escargot::ValueRef* (*)(Escargot::ExecutionStateRef*, Escargot::ScriptRef*), Escargot::ScriptRef*)::{lambda(Escargot::ExecutionStateRef*, void*, void*)#1}::_FUN(Escargot::ExecutionStateRef*, void*, void*)>,
    data=0x7fffffffdfc0, data2=0x5555559a706f <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>) at src/api/EscargotPublic.cpp:1089
#35 0x00005555559aa17f in Escargot::Evaluator::executeImpl<Escargot::ContextRef, Escargot::ScriptRef*> (p=0xa3af0, fn=0x5555559a706f <<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)>::_FUN(Escargot::ExecutionStateRef *, Escargot::ScriptRef *)>) at src/api/EscargotPublic.h:614
#36 0x00005555559a92e1 in Escargot::Evaluator::execute<Escargot::ScriptRef*, evalScript(Escargot::ContextRef*, Escargot::StringRef*, Escargot::StringRef*, bool, bool)::<lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)> >(Escargot::ContextRef *, <lambda(Escargot::ExecutionStateRef*, Escargot::ScriptRef*)> &&) (ctx=0xa3af0,
    closure=...) at src/api/EscargotPublic.h:585
#37 0x00005555559a7375 in evalScript (context=0xa3af0, source=0xd4f70, srcName=0x7a070, shouldPrintScriptResult=false, isModule=false) at src/shell/Shell.cpp:787
#38 0x00005555559a8765 in main (argc=2, argv=0x7fffffffe318) at src/shell/Shell.cpp:113

when executed in release mode

Output

terminate called after throwing an instance of 'Escargot::esprima::Error*'
Aborted

Expected behavior

undefined:1: ReferenceError: Super constructor may only be called once
 super ( ) ; 
 ^
ReferenceError: Super constructor may only be called once
    at eval (eval at n (poc.js:5:3), <anonymous>:1:2)
    at new n (poc.js:5:3)
    at Uint8Array.map (<anonymous>)
    at poc.js:8:24

Credits: @Ye0nny, @EJueon

Answer 1 · 2024-03-20T06:27:00.000Z

Fixed by #1327
Thanks for reporting.