Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer #3822

owl337 · 2020-06-01T03:10:23Z

JerryScript revision

d06c3a7

Build platform

Ubuntu 16.04.6 LTS (Linux 4.15.0-99-generic x86_64)

Build steps

python tools/build.py --profile=es2015-subset --lto=off --compile-flag=-g \
--error-messages=on --debug --compile-flag=-g --strip=off --logging=on \
--compile-flag=-fsanitize=address --stack-limit=15

Test case

function f ({array, 'a', { value: 'foo', enumerable: true } : 36})
{}

Output

ICE: Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at /home/JerryScript/jerryscript/jerry-core/parser/js/js-parser-expr.c(parser_parse_object_initializer):3230.
Error: ERR_FAILED_INTERNAL_ASSERTION
Aborted (core dumped)

Credits: This vulnerability is detected by chong from OWL337.

The text was updated successfully, but these errors were encountered:

This patch fixes jerryscript-project#3822. JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu

This patch fixes jerryscript-project#3822 and fixes jerryscript-project#3823. JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu

This patch fixes jerryscript-project#3822 and fixes jerryscript-project#3823 and fixes jerryscript-project#3824. JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu

This patch fixes jerryscript-project#3822 and fixes jerryscript-project#3823 and fixes jerryscript-project#3824 and fixes jerryscript-project#3825. JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu

This patch fixes #3822 and fixes #3823 and fixes #3824 and fixes #3825. JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu

rerobika self-assigned this Jun 2, 2020

rerobika added bug Undesired behaviour parser Related to the JavaScript parser labels Jun 2, 2020

rerobika added a commit to rerobika/jerryscript that referenced this issue Jun 2, 2020

Fix PropertyDefinition parsing in ObjectInitializer

8319771

This patch fixes jerryscript-project#3822. JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu

rerobika mentioned this issue Jun 2, 2020

Fix PropertyDefinition parsing in ObjectInitializer #3832

Merged

dbatyai closed this as completed in #3832 Jun 3, 2020

dbatyai pushed a commit that referenced this issue Jun 3, 2020

Fix PropertyDefinition parsing in ObjectInitializer (#3832)

4660bab

This patch fixes #3822 and fixes #3823 and fixes #3824 and fixes #3825. JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer #3822

Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer #3822

owl337 commented Jun 1, 2020

Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer #3822

Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer #3822

Comments

owl337 commented Jun 1, 2020

JerryScript revision

Build platform

Build steps

Test case

Output