Segmentation Fault in release. Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed on debug.

Question

Segmentation Fault in release. Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed on debug.

anbu1024 opened this issue a year ago · 0 comments

jerryScript version 3.0.0:
commit 05dbbd1

Build platform:
Ubuntu 20.04

Build cmd:

python tools/build.py --debug --profile=es.next --lto=off --compile-flag=-D_POSIX_C_SOURCE=200809 --compile-flag=-Wno-strict-prototypes --stack-limit=15

Test case

class Foo {
    valueOf(m, n) {
        var a;
        
        try { a = this.valueOf(); } catch (e) {}
        
        var b = `
            class Bar extends m {
                constructor(a21, a22) {
                }
                static {
                    for (let i25 = 0; i25 < 5;) {
                    }
                }
                /*
                constructor(a31) {
                    /0()*/;
                    isNaN(a);
                }
                */
            }
        `;
        eval(b, eval, this, a);
    }
}

var c = new Foo();

c.valueOf();

Error message:

SEGV on ASAN version

AddressSanitizer:DEADLYSIGNAL
=================================================================
==505902==ERROR: AddressSanitizer: SEGV on unknown address 0x000000002cee (pc 0x55ca4212e04b bp 0x7ffc2cef5740 sp 0x7ffc2cef56a0 T0)
==505902==The signal is caused by a READ memory access.

Aborted with assertion error in debug version:

ICE: Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at jerry-core/parser/js/js-parser.c(parser_parse_function_arguments):1587.
Error: JERRY_FATAL_FAILED_ASSERTION
Aborted (core dumped)