Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Assertion 'ecma_is_lexical_environment (object_p)' failed at ecma-helpers.c (ecma_get_lex_env_type). #4900

Closed
hope-fly opened this issue Dec 13, 2021 · 1 comment · Fixed by #5167
Closed

Assertion 'ecma_is_lexical_environment (object_p)' failed at ecma-helpers.c (ecma_get_lex_env_type). #4900

hope-fly opened this issue Dec 13, 2021 · 1 comment · Fixed by #5167
Assignees
@rerobika
Labels
bug Undesired behaviour

Comments

@hope-fly
Copy link

hope-fly commented Dec 13, 2021
edited
Loading

JerryScript revision

Commit: 42523bd6

Version: v3.0.0

Build platform

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps
python ./tools/build.py --clean --debug --compile-flag=-m32 --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --system-allocator=on --linker-flag=-fuse-ld=gold --profile=es2015-subset --stack-limit=20

ASAN closed

Test case
var i = 0;
var a = [];
var JSEtest = [];

JSEtest.__defineGetter__(0, function NaN() {
  if (i++ > 2) {
    return;
  }

  JSEtest.shift();
  gc();
  a.push(0);
  a.concat(JSEtest);
});

JSEtest[0];

Execution steps & Output
$ ./jerryscript/build/bin/jerry poc.js

ICE: Assertion 'ecma_is_lexical_environment (object_p)' failed at /home/f1yh0p/jerryscript/jerry-core/ecma/base/ecma-helpers.c(ecma_get_lex_env_type):291.
Error: ERR_FAILED_INTERNAL_ASSERTION

Credits: Found by OWL337 team.
@rerobika rerobika added the bug Undesired behaviour label Jan 3, 2022
@rerobika
Copy link
Member

rerobika commented Jan 3, 2022

Note about the issue: Due to the recursive first property access in Array.prototype.shift the after the property is deleted by the operation, the previous call frames function object/lexical environment become invalid memory reference.

@rerobika rerobika self-assigned this Jan 4, 2022
rerobika pushed a commit to rerobika/jerryscript that referenced this issue Jan 4, 2022
Accessors should be kept alive during their invocation
6010f0b 
This patch fixes jerryscript-project#4900.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
@rerobika rerobika mentioned this issue Jan 4, 2022
Closed
rerobika pushed a commit to rerobika/jerryscript that referenced this issue Jan 4, 2022
Accessors should be kept alive during their invocation
5d3535b 
This patch fixes jerryscript-project#4900.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
@rerobika rerobika mentioned this issue Jan 4, 2022
Closed
gergocs pushed a commit to gergocs/jerryscript that referenced this issue Nov 15, 2024
@gergocs
Accessors should be kept alive during their invocation
d742200 
This patch fixes jerryscript-project#4900.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
gergocs added a commit to gergocs/jerryscript that referenced this issue Nov 15, 2024
@gergocs
Accessors should be kept alive during their invocation
8730ebf 
This patch fixes jerryscript-project#4900.

Co-authored-by: Robert Fancsik robert.fancsik@h-lab.eu
JerryScript-DCO-1.0-Signed-off-by: Gergo Csizi gergocs@inf.u-szeged.hu
gergocs added a commit to gergocs/jerryscript that referenced this issue Nov 15, 2024
@gergocs
Accessors should be kept alive during their invocation
9fa00ca 
This patch fixes jerryscript-project#4900.

The implementation is based on PR jerryscript-project#4943, only resolved the conflicts.

Co-authored-by: Robert Fancsik robert.fancsik@h-lab.eu
JerryScript-DCO-1.0-Signed-off-by: Gergo Csizi gergocs@inf.u-szeged.hu
@gergocs gergocs mentioned this issue Nov 15, 2024
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@rerobika rerobika

Labels
bug Undesired behaviour
Projects
None yet
Milestone
No milestone
2 participants
@rerobika @hope-fly