Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assertion `isExtensible() || newLength <= getArrayLength(state)' failed in Escargot::ArrayObject::setArrayLength #33

Closed
renatahodovan opened this issue Jan 2, 2019 · 1 comment
Closed

Assertion `isExtensible() || newLength <= getArrayLength(state)' failed in Escargot::ArrayObject::setArrayLength #33

renatahodovan opened this issue Jan 2, 2019 · 1 comment

Comments

@renatahodovan
Copy link
Member

Escargot version:
Checked revision: 8bcf72a
Build command: cmake -DESCARGOT_HOST=linux -DESCARGOT_ARCH=x64 -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=bin -GNinja && ninja
OS:
Ubuntu 18.04, x86_64
Test case:
var arrObj = [ ] ; 
Object.preventExtensions( arrObj , "length" , { writable : false } ) ; 
Object.defineProperty( arrObj , "length" , { value : 12 } ) ;
Backtrace:
escargot: src/runtime/ArrayObject.cpp:269: bool Escargot::ArrayObject::setArrayLength(Escargot::ExecutionState&, const uint64_t&): Assertion `isExtensible() || newLength <= getArrayLength(state)' failed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff688d801 in __GI_abort () at abort.c:79
#2  0x00007ffff687d39a in __assert_fail_base (fmt=0x7ffff6a047d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x555555823ec8 "isExtensible() || newLength <= getArrayLength(state)", 
    file=file@entry=0x555555823e8c "src/runtime/ArrayObject.cpp", line=line@entry=269, 
    function=function@entry=0x555555824340 <Escargot::ArrayObject::setArrayLength(Escargot::ExecutionState&, unsigned long const&)::__PRETTY_FUNCTION__> "bool Escargot::ArrayObject::setArrayLength(Escargot::ExecutionState&, const uint64_t&)") at assert.c:92
#3  0x00007ffff687d412 in __GI___assert_fail (assertion=0x555555823ec8 "isExtensible() || newLength <= getArrayLength(state)", 
    file=0x555555823e8c "src/runtime/ArrayObject.cpp", line=269, 
    function=0x555555824340 <Escargot::ArrayObject::setArrayLength(Escargot::ExecutionState&, unsigned long const&)::__PRETTY_FUNCTION__> "bool Escargot::ArrayObject::setArrayLength(Escargot::ExecutionState&, const uint64_t&)") at assert.c:101
#4  0x00005555556bc060 in Escargot::ArrayObject::setArrayLength (this=0x7ffff480fe30, state=..., newLength=@0x7fffffffca00: 12)
    at src/runtime/ArrayObject.cpp:269
#5  0x00005555557b28bf in Escargot::VMInstance::arrayLengthNativeSetter (state=..., self=0x7ffff480fe30, 
    privateDataFromObjectPrivateArea=..., setterInputData=...) at src/runtime/VMInstance.cpp:79
#6  0x00005555555edd19 in Escargot::Object::setOwnDataPropertyUtilForObjectInner (this=0x7ffff480fe30, state=..., idx=0, item=..., 
    newValue=...) at escargot/src/runtime/Object.h:857
#7  0x0000555555790ca1 in Escargot::Object::defineOwnProperty (this=0x7ffff480fe30, state=..., P=..., desc=...)
    at src/runtime/Object.cpp:642
#8  0x00005555556bb3ea in Escargot::ArrayObject::defineOwnProperty (this=0x7ffff480fe30, state=..., P=..., desc=...)
    at src/runtime/ArrayObject.cpp:103
#9  0x00005555556c4ca7 in Escargot::Object::defineOwnPropertyThrowsException (this=0x7ffff480fe30, state=..., P=..., desc=...)
    at escargot/src/runtime/Object.h:678
#10 0x0000555555746a69 in Escargot::builtinObjectDefineProperty (state=..., thisValue=..., argc=3, argv=0x7fffffffd5b8, 
    isNewExpression=false) at src/runtime/GlobalObjectBuiltinObject.cpp:159
#11 0x00005555556cba78 in Escargot::FunctionObject::processCall (this=0x7ffff4871e30, state=..., receiverSrc=..., 
    argc=@0x7fffffffd540: 3, argv=0x7fffffffd5b8, isNewExpression=false) at src/runtime/FunctionObject.cpp:326
#12 0x00005555555ee742 in Escargot::FunctionObject::call (state=..., callee=..., receiver=..., argc=@0x7fffffffd540: 3, 
    argv=0x7fffffffd5b8) at escargot/src/runtime/FunctionObject.h:100
#13 0x00005555555f15bf in Escargot::ByteCodeInterpreter::interpret (state=..., byteCodeBlock=0x7ffff487a730, 
    programCounter=93824998889696, registerFile=0x7fffffffd5a0, initAddressFiller=0x7fffffffd648)
    at src/interpreter/ByteCodeInterpreter.cpp:527
#14 0x0000555555611a21 in Escargot::Script::execute (this=0x7ffff47e4220, state=..., isEvalMode=false, needNewEnv=false, 
    isOnGlobal=true) at src/parser/Script.cpp:80
#15 0x0000555555611b73 in Escargot::Script::<lambda()>::operator()(void) const (__closure=0x7fffffffd950)
    at src/parser/Script.cpp:93
#16 0x0000555555612c16 in std::_Function_handler<Escargot::Value(), Escargot::Script::sandboxExecute(Escargot::ExecutionState&)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/7/bits/std_function.h:302
#17 0x00005555557a4106 in std::function<Escargot::Value ()>::operator()() const (this=0x7fffffffd950)
    at /usr/include/c++/7/bits/std_function.h:706
#18 0x00005555557a2c4b in Escargot::SandBox::run(std::function<Escargot::Value ()> const&) (this=0x7fffffffd8c0, scriptRunner=...)
    at src/runtime/SandBox.cpp:36
#19 0x0000555555611c50 in Escargot::Script::sandboxExecute (this=0x7ffff47e4220, state=...) at src/parser/Script.cpp:94
#20 0x00005555557c102b in eval (context=0x7ffff486bed0, str=0x7ffff47e9750, fileName=0x7ffff47e96b0, shouldPrintScriptResult=false)
    at src/shell/Shell.cpp:46
#21 0x00005555557c197a in main (argc=2, argv=0x7fffffffdc78) at src/shell/Shell.cpp:129

Found by Fuzzinator with grammarinator.

DanielBallaSZTE pushed a commit to DanielBallaSZTE/escargot that referenced this issue Jan 2, 2019
Fix not checking if an Array is not extensible in the native setter f…
b0f0275 
…unction

Fixes Samsung#33

Signed-off-by: Daniel Balla [email protected]
DanielBallaSZTE pushed a commit to DanielBallaSZTE/escargot that referenced this issue Jan 2, 2019
Fix not checking if an Array is not extensible in the native setter f…
16c8269 
…unction

Fixes Samsung#33

Signed-off-by: Daniel Balla [email protected]
@DanielBallaSZTE DanielBallaSZTE mentioned this issue Jan 2, 2019
Merged
DanielBallaSZTE pushed a commit to DanielBallaSZTE/escargot that referenced this issue Jan 2, 2019
Fix not checking if an Array is not extensible in the native setter f…
aa85a78 
…unction

Fixes Samsung#33

Signed-off-by: Daniel Balla [email protected]
DanielBallaSZTE pushed a commit to DanielBallaSZTE/escargot that referenced this issue Jan 2, 2019
Remove unnecessary assertion in the ArrayObject's setArrayLength func…
8be5c70 
…tion

There's no need to put an assertion there because:
 - The ArrayObject's length can be changed even when it's not extensible, it just fills the Array with empty values.
 - Modifying the length of an ArrayObject should not throw an error, the only time it should when an element is pushed to a non-extensible ArrayObject.

Fixes Samsung#33

Signed-off-by: Daniel Balla [email protected]
@akosthekiss
Copy link
Contributor

For the records: executing the test case both in Safari and in Chrome, extended with an extra arrObj.toString() statement, gives ",,,,,,,,,,,".

@yichoi yichoi closed this as completed in #34 Jan 4, 2019
yichoi pushed a commit that referenced this issue Jan 4, 2019
@yichoi
Remove unnecessary assertion in the ArrayObject's setArrayLength func…
51f10cb 
…tion (#34)

There's no need to put an assertion there because:
 - The ArrayObject's length can be changed even when it's not extensible, it just fills the Array with empty values.
 - Modifying the length of an ArrayObject should not throw an error, the only time it should when an element is pushed to a non-extensible ArrayObject.

Fixes #33

Signed-off-by: Daniel Balla [email protected]
@akosthekiss akosthekiss mentioned this issue Jan 4, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@renatahodovan @akosthekiss