Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASSERTION (lhs->nop == knopStr) failed in Js::ParserWrapper::ParseVarOrConstStatement #5996

Closed
renatahodovan opened this issue Mar 8, 2019 · 0 comments
Closed

ASSERTION (lhs->nop == knopStr) failed in Js::ParserWrapper::ParseVarOrConstStatement #5996

renatahodovan opened this issue Mar 8, 2019 · 0 comments
Assignees
@MikeHolman
Labels
Bug Severity: 3

Comments

@renatahodovan
Copy link

ChakraCore version:
Checked revision: 39f9727ef

Build command: ./build.sh --debug
OS:
Linux-4.15.0-43-generic-x86_64-with-Ubuntu-18.04-bionic
Test case:
function $() {
    "use asm"
    ( );
    return
}
Backtrace:
ASSERTION 21735: (ChakraCore/lib/Runtime/Language/AsmJsUtils.cpp, line 40) this should be use asm
 Failure: (lhs->nop == knopStr)

Thread 1 "ch" received signal SIGILL, Illegal instruction.
0x00005555579e7998 in Js::ParserWrapper::ParseVarOrConstStatement (parser=@0x7fffffff9380: 0x7ffff1d82220, var=0x7fffffff8c40)
    at ChakraCore/lib/Runtime/Language/AsmJsUtils.cpp:40
40                  AssertMsg( lhs->nop == knopStr, "this should be use asm" );
(gdb) bt
#0  0x00005555579e7998 in Js::ParserWrapper::ParseVarOrConstStatement (parser=@0x7fffffff9380: 0x7ffff1d82220, var=0x7fffffff8c40)
    at ChakraCore/lib/Runtime/Language/AsmJsUtils.cpp:40
#1  0x0000555559f61063 in Js::AsmJSCompiler::CheckModuleGlobals (m=...)
    at ChakraCore/lib/Runtime/Language/AsmJs.cpp:599
#2  0x0000555559f64819 in Js::AsmJSCompiler::CheckModule (cx=0x7fffffff9480, parser=@0x7fffffff9380: 0x7ffff1d82220, stmtList=0x0)
    at ChakraCore/lib/Runtime/Language/AsmJs.cpp:1029
#3  0x0000555559f64d85 in Js::AsmJSCompiler::Compile (cx=0x7fffffff9480, parser=0x7ffff1d82220, stmtList=0x0)
    at ChakraCore/lib/Runtime/Language/AsmJs.cpp:1087
#4  0x0000555559eb94fe in ByteCodeGenerator::EmitScopeList (this=0x7fffffffa040, pnode=0x7ffff1d82220, breakOnBodyScopeNode=0x0)
    at ChakraCore/lib/Runtime/ByteCode/ByteCodeEmitter.cpp:3427
#5  0x0000555559eb9bee in ByteCodeGenerator::EmitScopeList (this=0x7fffffffa040, pnode=0x7ffff1d82170, breakOnBodyScopeNode=0x0)
    at ChakraCore/lib/Runtime/ByteCode/ByteCodeEmitter.cpp:3484
#6  0x0000555559eb9832 in ByteCodeGenerator::EmitScopeList (this=0x7fffffffa040, pnode=0x7ffff1d82030, breakOnBodyScopeNode=0x0)
    at ChakraCore/lib/Runtime/ByteCode/ByteCodeEmitter.cpp:3468
#7  0x0000555559eb923b in ByteCodeGenerator::EmitProgram (this=0x7fffffffa040, pnodeProg=0x7ffff1d82030)
    at ChakraCore/lib/Runtime/ByteCode/ByteCodeEmitter.cpp:2564
#8  0x000055555710b841 in ByteCodeGenerator::Generate (pnodeProg=0x7ffff1d82030, grfscr=4112, byteCodeGenerator=0x7fffffffa040, 
    ppRootFunc=0x7fffffffa4a0, sourceIndex=0, forceNoNative=false, parser=0x7fffffffa910, functionRef=0x0)
    at ChakraCore/lib/Runtime/ByteCode/ByteCodeGenerator.cpp:2027
#9  0x00005555571157e9 in GenerateByteCode (pnode=0x7ffff1d82030, grfscr=4112, scriptContext=0x622000000158, 
    ppRootFunc=0x7fffffffa4a0, sourceIndex=0, forceNoNative=false, parser=0x7fffffffa910, pse=0x7fffffffc360, parentScopeInfo=0x0, 
    functionRef=0x0) at ChakraCore/lib/Runtime/ByteCode/ByteCodeGenerator.cpp:2198
#10 0x0000555556e872fd in Js::ScriptContext::GenerateRootFunction (this=0x622000000158, parseTree=0x7ffff1d82030, sourceIndex=0, 
    parser=0x7fffffffa910, grfscr=4112, pse=0x7fffffffc360, 
    rootDisplayName=0x55555ab24060 <Js::Constants::GlobalCode> u"Global code")
    at ChakraCore/lib/Runtime/Base/ScriptContext.cpp:2624
#11 0x0000555556e8698e in Js::ScriptContext::LoadScriptInternal (this=0x622000000158, parser=0x7fffffffa910, 
    script=0x6040000006d0 "function $() {\n\t\"use asm\"   \n\t( );\n\treturn\n}", cb=44, pSrcInfo=0x7fffffffb660, 
    pse=0x7fffffffc360, ppSourceInfo=0x7fffffffb6b0, rootDisplayName=0x55555ab24060 <Js::Constants::GlobalCode> u"Global code", 
    loadScriptFlag=(LoadScriptFlag_Utf8Source | LoadScriptFlag_ExternalArrayBuffer), scriptSource=0x7ffff1da8000)
    at ChakraCore/lib/Runtime/Base/ScriptContext.cpp:2562
#12 0x0000555556e87bbd in Js::ScriptContext::LoadScript (this=0x622000000158, 
    script=0x6040000006d0 "function $() {\n\t\"use asm\"   \n\t( );\n\treturn\n}", cb=44, pSrcInfo=0x7fffffffb660, 
    pse=0x7fffffffc360, ppSourceInfo=0x7fffffffb6b0, rootDisplayName=0x55555ab24060 <Js::Constants::GlobalCode> u"Global code", 
    loadScriptFlag=(LoadScriptFlag_Utf8Source | LoadScriptFlag_ExternalArrayBuffer), scriptSource=0x7ffff1da8000)
    at ChakraCore/lib/Runtime/Base/ScriptContext.cpp:2600
#13 0x000055555672526a in RunScriptCore(void*, unsigned char const*, unsigned long, LoadScriptFlag, unsigned long, char16_t const*, bool, _JsParseScriptAttributes, bool, void**)::$_84::operator()(Js::ScriptContext*, TTD::TTDJsRTActionResultAutoRecorder&) const (
    this=0x7fffffffc000, scriptContext=0x622000000158, _actionEntryPopper=...)
    at ChakraCore/lib/Jsrt/Jsrt.cpp:3611
#14 0x0000555556723da1 in _JsErrorCode ContextAPINoScriptWrapper<RunScriptCore(void*, unsigned char const*, unsigned long, LoadScriptFlag, unsigned long, char16_t const*, bool, _JsParseScriptAttributes, bool, void**)::$_84>(RunScriptCore(void*, unsigned char const*, unsigned long, LoadScriptFlag, unsigned long, char16_t const*, bool, _JsParseScriptAttributes, bool, void**)::$_84, bool, bool)::{lambda(Js::ScriptContext*)#1}::operator()(Js::ScriptContext*) const (this=0x7fffffffbd40, scriptContext=0x622000000158)
    at ChakraCore/lib/Jsrt/JsrtInternal.h:316
#15 0x0000555556722de2 in ContextAPINoScriptWrapper_Core<_JsErrorCode ContextAPINoScriptWrapper<RunScriptCore(void*, unsigned char const*, unsigned long, LoadScriptFlag, unsigned long, char16_t const*, bool, _JsParseScriptAttributes, bool, void**)::$_84>(RunScriptCore(void*, unsigned char const*, unsigned long, LoadScriptFlag, unsigned long, char16_t const*, bool, _JsParseScriptAttributes, bool, void**)::$_84, bool, bool)::{lambda(Js::ScriptContext*)#1}>(_JsErrorCode ContextAPINoScriptWrapper<RunScriptCore(void*, unsigned char const*, unsigned long, LoadScriptFlag, unsigned long, char16_t const*, bool, _JsParseScriptAttributes, bool, void**)::$_84>(RunScriptCore(void*, unsigned char const*, unsigned long, LoadScriptFlag, unsigned long, char16_t const*, bool, _JsParseScriptAttributes, bool, void**)::$_84, bool, bool)::{lambda(Js::ScriptContext*)#1}, bool, bool) (fn=..., 
    allowInObjectBeforeCollectCallback=false, scriptExceptionAllowed=false)
    at ChakraCore/lib/Jsrt/JsrtInternal.h:277
#16 0x000055555669236a in ContextAPINoScriptWrapper<RunScriptCore(void*, unsigned char const*, unsigned long, LoadScriptFlag, unsigned long, char16_t const*, bool, _JsParseScriptAttributes, bool, void**)::$_84>(RunScriptCore(void*, unsigned char const*, unsigned long, LoadScriptFlag, unsigned long, char16_t const*, bool, _JsParseScriptAttributes, bool, void**)::$_84, bool, bool) (fn=..., 
    allowInObjectBeforeCollectCallback=false, scriptExceptionAllowed=false)
    at ChakraCore/lib/Jsrt/JsrtInternal.h:314
#17 0x0000555556691d6f in RunScriptCore (scriptSource=0x7ffff1da8000, 
    script=0x6040000006d0 "function $() {\n\t\"use asm\"   \n\t( );\n\treturn\n}", cb=44, 
    loadScriptFlag=(LoadScriptFlag_Utf8Source | LoadScriptFlag_ExternalArrayBuffer), sourceContext=0, 
    sourceUrl=0x7ffff1fad3c0 u"ChakraCore/test.js", parseOnly=false, 
    parseAttributes=JsParseScriptAttributeNone, isSourceModule=false, result=0x0)
    at ChakraCore/lib/Jsrt/Jsrt.cpp:3555
#18 0x000055555669c797 in CompileRun (scriptVal=0x7ffff1da8000, sourceContext=0, sourceUrl=0x7ffff1de4f90, 
    parseAttributes=JsParseScriptAttributeNone, result=0x0, parseOnly=false)
    at ChakraCore/lib/Jsrt/Jsrt.cpp:5019
#19 JsRun (scriptVal=0x7ffff1da8000, sourceContext=0, sourceUrl=0x7ffff1de4f90, parseAttributes=JsParseScriptAttributeNone, 
    result=0x0) at ChakraCore/lib/Jsrt/Jsrt.cpp:5041
#20 0x00005555564393b3 in ChakraRTInterface::JsRun (script=0x7ffff1da8000, sourceContext=0, sourceUrl=0x7ffff1de4f90, 
    parseAttributes=JsParseScriptAttributeNone, result=0x0) at ChakraCore/bin/ch/ChakraRtInterface.h:483
#21 0x000055555643179d in RunScript (fileName=0x6030000000d0 "test.js", 
    fileContents=0x6040000006d0 "function $() {\n\t\"use asm\"   \n\t( );\n\treturn\n}", fileLength=44, 
    fileContentsFinalizeCallback=0x555556452bf0 <WScriptJsrt::FinalizeFree(void*)>, bufferValue=0x0, 
    fullPath=0x7fffffffd0c0 "ChakraCore/test.js", parserStateCache=0x0)
    at ChakraCore/bin/ch/ch.cpp:491
#22 0x000055555643657d in ExecuteTest (fileName=0x6030000000d0 "test.js") at ChakraCore/bin/ch/ch.cpp:966
#23 0x000055555643678c in ExecuteTestWithMemoryCheck (fileName=0x6030000000d0 "test.js")
    at ChakraCore/bin/ch/ch.cpp:1016
#24 0x0000555556437e79 in main (argc=2, c_argv=0x7fffffffde38) at ChakraCore/bin/ch/ch.cpp:1323

Found by Fuzzinator with grammarinator.

@renatahodovan renatahodovan changed the title ASSERTION 21735 (lhs->nop == knopStr) failed in Js::ParserWrapper::ParseVarOrConstStatement ASSERTION (lhs->nop == knopStr) failed in Js::ParserWrapper::ParseVarOrConstStatement Mar 8, 2019
@MikeHolman MikeHolman self-assigned this Mar 8, 2019
@MikeHolman MikeHolman mentioned this issue Mar 8, 2019
Merged
chakrabot pushed a commit that referenced this issue Apr 8, 2019
@MikeHolman
[MERGE #6001 @MikeHolman] fix assert parsing invalid asm.js module
c965241 
Merge pull request #6001 from MikeHolman:asmparsebug

Malformed "use asm" statement could cause benign assert in asm.js parser. Reject the malformed asm.js instead of asserting.

Fixes #5996
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MikeHolman MikeHolman

Labels
Bug Severity: 3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@renatahodovan @MikeHolman