Memory corruption in parser_parse_class
anbu1024 opened this issue · 0 comments
anbu1024 commented
jerryScript version 3.0.0:
commit 05dbbd1
Build platform:
Ubuntu 20.04
Build cmd:
python tools/build.py --debug --profile=es.next --lto=off --compile-flag=-D_POSIX_C_SOURCE=200809 --compile-flag=-Wno-strict-prototypes --stack-limit=15
Test case
function foo() {
class Bar {
static {
var x = `
for (let i = 0, j = 10; i < j;) {
}
function baz() {
return arguments;
}
class Proto {
}
`;
eval(x);
}
}
return foo;
}
new Promise(foo);
Error message:
SEGV on debug version
Segmentation fault (core dumped)
Error messages in ASAN version:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3670588==ERROR: AddressSanitizer: SEGV on unknown address 0x00000008 (pc 0x5671dd80 bp 0xffa2bf18 sp 0xffa2be60 T0)
==3670588==The signal is caused by a READ memory access.
==3670588==Hint: address points to the zero page.
#0 0x5671dd7f in parser_parse_class jerry-core/parser/js/js-parser-expr.c:1107
#1 0x567421af in parser_parse_statements jerry-core/parser/js/js-parser-statm.c:2787
#2 0x56662c82 in parser_parse_source jerry-core/parser/js/js-parser.c:2280
#3 0x56668fb5 in parser_parse_script jerry-core/parser/js/js-parser.c:3326
#4 0x56614236 in ecma_op_eval_chars_buffer jerry-core/ecma/operations/ecma-eval.c:86
#5 0x5661415b in ecma_op_eval jerry-core/ecma/operations/ecma-eval.c:56
#6 0x566d8c14 in ecma_builtin_global_object_eval jerry-core/ecma/builtin-objects/ecma-builtin-global.c:109
#7 0x566da71e in ecma_builtin_global_dispatch_routine jerry-core/ecma/builtin-objects/ecma-builtin-global.c:594
#8 0x565f26de in ecma_builtin_dispatch_routine jerry-core/ecma/builtin-objects/ecma-builtins.c:1460
#9 0x565f28fb in ecma_builtin_dispatch_call jerry-core/ecma/builtin-objects/ecma-builtins.c:1489
#10 0x566184a8 in ecma_op_function_call_native_built_in jerry-core/ecma/operations/ecma-function-object.c:1217
#11 0x56618e8c in ecma_op_function_call jerry-core/ecma/operations/ecma-function-object.c:1411
#12 0x56618d91 in ecma_op_function_validated_call jerry-core/ecma/operations/ecma-function-object.c:1371
#13 0x566a03a5 in opfunc_call jerry-core/vm/vm.c:758
#14 0x566c08fe in vm_execute jerry-core/vm/vm.c:5217
#15 0x566c0f17 in vm_run jerry-core/vm/vm.c:5312
#16 0x566182ba in ecma_op_function_call_simple jerry-core/ecma/operations/ecma-function-object.c:1176
#17 0x56618e70 in ecma_op_function_call jerry-core/ecma/operations/ecma-function-object.c:1406
#18 0x566a7707 in vm_loop jerry-core/vm/vm.c:1794
#19 0x566c0899 in vm_execute jerry-core/vm/vm.c:5211
#20 0x566c0f17 in vm_run jerry-core/vm/vm.c:5312
#21 0x566967f4 in opfunc_init_static_class_fields jerry-core/vm/opcodes.c:1081
#22 0x566a9f4a in vm_loop jerry-core/vm/vm.c:2150
#23 0x566c0899 in vm_execute jerry-core/vm/vm.c:5211
#24 0x566c0f17 in vm_run jerry-core/vm/vm.c:5312
#25 0x566182ba in ecma_op_function_call_simple jerry-core/ecma/operations/ecma-function-object.c:1176
#26 0x56618e70 in ecma_op_function_call jerry-core/ecma/operations/ecma-function-object.c:1406
#27 0x5662f276 in ecma_promise_run_executor jerry-core/ecma/operations/ecma-promise-object.c:447
#28 0x5662f4dc in ecma_op_create_promise_object jerry-core/ecma/operations/ecma-promise-object.c:514
#29 0x566ec87f in ecma_builtin_promise_dispatch_construct jerry-core/ecma/builtin-objects/ecma-builtin-promise.c:476
#30 0x565f2ba9 in ecma_builtin_dispatch_construct jerry-core/ecma/builtin-objects/ecma-builtins.c:1518
#31 0x56619172 in ecma_op_function_construct_built_in jerry-core/ecma/operations/ecma-function-object.c:1537
#32 0x566196cf in ecma_op_function_construct jerry-core/ecma/operations/ecma-function-object.c:1717
#33 0x566a08f1 in opfunc_construct jerry-core/vm/vm.c:840
#34 0x566c093c in vm_execute jerry-core/vm/vm.c:5236
#35 0x566c0f17 in vm_run jerry-core/vm/vm.c:5312
#36 0x5669e5a3 in vm_run_global jerry-core/vm/vm.c:286
#37 0x565a2753 in jerry_run jerry-core/api/jerryscript.c:548
#38 0x5674f754 in jerryx_source_exec_script jerry-ext/util/sources.c:68
#39 0x5659d688 in main jerry-main/main-desktop.c:156
#40 0xf7653ed4 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x1aed4)