jerryscript-project/jerryscript

Assertion 'compressed_pointer != JMEM_CP_NULL' failed

voidptr127 opened this issue · 0 comments

voidptr127 commented
JerryScript revision
05dbbd134c3b9e2482998f267857dd3722001cd7
Build platform
Linux-6.2.15-200.fc37.x86_64-x86_64-with-glibc2.34
clang version 14.0.6 (Red Hat 14.0.6-4.el9_1)
Build steps
CC=/usr/bin/clang python3 tools/build.py --clean \
    --debug \
    --strip=off \
    --compile-flag=-fsanitize=address \
    --lto=off \
    --compile-flag=-g \
    --error-messages=on \
    --promise-callback=on \
    --logging=on \
    --line-info=on \
    --stack-limit=128
Test case
void new Uint8Array(new String());
void new Uint8Array(new Promise(Number.__proto__),new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(Reflect,Reflect),Reflect),Proxy),Reflect),Proxy),Reflect));
void (new Function(`0324--help${new Proxy(Number.MAX_VALUE=new Date(new Proxy(Number.__proto__=new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(Reflect,new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(Reflect,Reflect),Reflect),Reflect),Reflect),Proxy)),Reflect),Proxy),Reflect),Reflect),Number.MAX_VALUE=new Date(new Proxy(Number.__proto__=new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(Reflect,new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(Reflect,Reflect),Proxy),Proxy),Reflect),Reflect)),Reflect),new Proxy(Reflect,Reflect)),Proxy),Reflect),Reflect),Reflect),new Proxy(Reflect,Reflect)),Proxy))),Reflect),Reflect)),Reflect)}`,new Proxy())%new Reflect());
Execution and Output

Depending on how JerryScript is used a different error message is printed.

Case 1: Filename or via stdin

./build/bin/jerry poc.js

# or

cat poc.js | ./build/bin/jerry

Output:

ICE: Assertion 'compressed_pointer != JMEM_CP_NULL' failed at /home/rocky/jerryscript/jerry-core/jmem/jmem-allocator.c(jmem_decompress_pointer):216.
Error: JERRY_FATAL_FAILED_ASSERTION
Aborted (core dumped)

This is similar to the closed issue #3779

Case 2: Filename is an absolute path

./build/bin/jerry /home/rocky/poc.js

Output:

Unhandled exception: TypeError: Argument 'this' is not a Date object
 0: /home/rocky/poc.js:3:1
ICE: Assertion 'JERRY_CONTEXT (jmem_heap_allocated_size) == 0' failed at /home/rocky/jerryscript/jerry-core/jmem/jmem-heap.c(jmem_heap_finalize):108.
Error: JERRY_FATAL_FAILED_ASSERTION
Aborted (core dumped)

This is similar to the open issue #5062