Assertion 'string_p != NULL' failed in ecma_deref_ecma_string

[renatahodovan]

Jerry version:

Checked revision: 3de72af
Build: debug.linux

OS:

Ubuntu 16.04.2 LTS

Test case:

with (print) new function (a, a) {
    var init;
    init()
}

Backtrace:

The test fails on different assertion checks depeding on the way it was built. Furthermore, with removing the second argument of the function, it triggers a third failure.

Build command:

./tools/build.py --clean --debug --compile-flag=-m32 --system-allocator=on --jerry-libc=off

ICE: Assertion 'string_p != NULL' failed at jerryscript/jerry-core/ecma/base/ecma-helpers-string.c(ecma_deref_ecma_string):738.
Error: ERR_FAILED_INTERNAL_ASSERTION
bt
#0  0xf7ffdbe9 in __kernel_vsyscall ()
#1  0x080f2327 in raise ()
#2  0x080b9e67 in abort ()
#3  0x08057768 in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/targets/default/jerry-port-default-fatal.c:53
#4  0x080707a1 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:61
#5  0x080707d4 in jerry_assert_fail (assertion=0x813fdcd "string_p != NULL", file=0x813f9e8 "jerryscript/jerry-core/ecma/base/ecma-helpers-string.c", function=0x81287c4 <__func__.3952.lto_priv.630> "ecma_deref_ecma_string", line=738) at jerryscript/jerry-core/jrt/jrt-fatals.c:85
#6  0x080a3ff0 in ecma_deref_ecma_string (string_p=0x0) at jerryscript/jerry-core/ecma/base/ecma-helpers-string.c:738
#7  0x080b022b in ecma_free_value (value=2) at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c:878
#8  0x08062877 in opfunc_call.lto_priv.245 (frame_ctx_p=0xffffbf14) at jerryscript/jerry-core/vm/vm.c:402
#9  0x0805ae17 in vm_execute (frame_ctx_p=0xffffbf14, arg_p=0xffffc10c, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:2651
#10 0x0805afd2 in vm_run (bytecode_header_p=0x837e970, this_binding_value=137881643, lex_env_p=0x837e798, is_eval_code=false, arg_list_p=0xffffc10c, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:2730
#11 0x0807c53c in ecma_op_function_call (func_obj_p=0x837e7b0, this_arg_value=137881643, arguments_list_p=0xffffc10c, arguments_list_len=0) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:524
#12 0x0807c919 in ecma_op_function_construct_simple_or_external (func_obj_p=0x837e7b0, arguments_list_p=0xffffc10c, arguments_list_len=0) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:657
#13 0x0807cabc in ecma_op_function_construct (func_obj_p=0x837e7b0, arguments_list_p=0xffffc10c, arguments_list_len=0) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:718
#14 0x0806293f in opfunc_construct.lto_priv.244 (frame_ctx_p=0xffffc124) at jerryscript/jerry-core/vm/vm.c:443
#15 0x0805ae53 in vm_execute (frame_ctx_p=0xffffc124, arg_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:2656
#16 0x0805afd2 in vm_run (bytecode_header_p=0x837e8a8, this_binding_value=137881147, lex_env_p=0x837e6e8, is_eval_code=false, arg_list_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:2730
#17 0x080624a1 in vm_run_global (bytecode_p=0x837e8a8) at jerryscript/jerry-core/vm/vm.c:211
#18 0x080b23bc in jerry_run (func_val=137881811) at jerryscript/jerry-core/jerry.c:385
#19 0x080b1d44 in main (argc=3, argv=0xffffc574) at jerryscript/jerry-main/main-unix.c:726

Build command:

./tools/build.py --clean --debug

ICE: Assertion 'compressed_pointer != JMEM_CP_NULL' failed at jerryscript/jerry-core/jmem/jmem-allocator.c(jmem_decompress_pointer):96.
Error: ERR_FAILED_INTERNAL_ASSERTION

Program received signal SIGABRT, Aborted.
0x000000000046e067 in syscall_2 () at jerryscript/jerry-libc/target/posix/jerry-asm.S:59
59    SYSCALL_2
(gdb) bt
#0  0x000000000046e067 in syscall_2 () at jerryscript/jerry-libc/target/posix/jerry-asm.S:59
#1  0x0000000000402760 in raise (sig=6) at jerryscript/jerry-libc/target/posix/jerry-libc-target.c:91
#2  0x0000000000402732 in abort () at jerryscript/jerry-libc/target/posix/jerry-libc-target.c:77
#3  0x00000000004113e9 in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION)
    at jerryscript/targets/default/jerry-port-default-fatal.c:53
#4  0x000000000042c185 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:61
#5  0x000000000042c1d7 in jerry_assert_fail (assertion=0x475b88 "compressed_pointer != JMEM_CP_NULL", 
    file=0x475aa8 "jerryscript/jerry-core/jmem/jmem-allocator.c", 
    function=0x485050 <__func__.2999.lto_priv.272> "jmem_decompress_pointer", line=96)
    at jerryscript/jerry-core/jrt/jrt-fatals.c:85
#6  0x000000000042bfd3 in jmem_decompress_pointer (compressed_pointer=0) at jerryscript/jerry-core/jmem/jmem-allocator.c:96
#7  0x00000000004631fc in ecma_get_pointer_from_ecma_value () at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c:109
#8  ecma_get_string_from_value () at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c:594
#9  ecma_free_value (value=2) at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c:877
#10 0x000000000041dc73 in opfunc_call.lto_priv.138 (frame_ctx_p=0x7fffffffc9f0) at jerryscript/jerry-core/vm/vm.c:402
#11 0x0000000000415681 in vm_execute (frame_ctx_p=0x7fffffffc9f0, arg_p=0x7fffffffccfc, arg_list_len=0)
    at jerryscript/jerry-core/vm/vm.c:2651
#12 0x00000000004158f5 in vm_run (bytecode_header_p=0x692470 <jerry_global_heap+632>, this_binding_value=211, lex_env_p=0x6922a0 <jerry_global_heap+168>, 
    is_eval_code=false, arg_list_p=0x7fffffffccfc, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:2730
#13 0x00000000004378a5 in ecma_op_function_call (func_obj_p=0x6922a8 <jerry_global_heap+176>, this_arg_value=211, arguments_list_p=0x7fffffffccfc, 
    arguments_list_len=0) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:524
#14 0x0000000000437cc0 in ecma_op_function_construct_simple_or_external (func_obj_p=0x6922a8 <jerry_global_heap+176>, arguments_list_p=0x7fffffffccfc, 
    arguments_list_len=0) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:657
#15 0x0000000000437e51 in ecma_op_function_construct (func_obj_p=0x6922a8 <jerry_global_heap+176>, arguments_list_p=0x7fffffffccfc, arguments_list_len=0)
    at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:718
#16 0x000000000041dd47 in opfunc_construct.lto_priv.137 (frame_ctx_p=0x7fffffffcd30) at jerryscript/jerry-core/vm/vm.c:443
#17 0x00000000004156bd in vm_execute (frame_ctx_p=0x7fffffffcd30, arg_p=0x0, arg_list_len=0)
    at jerryscript/jerry-core/vm/vm.c:2656
#18 0x00000000004158f5 in vm_run (bytecode_header_p=0x6923b8 <jerry_global_heap+448>, this_binding_value=27, lex_env_p=0x692220 <jerry_global_heap+40>, 
    is_eval_code=false, arg_list_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:2730
#19 0x000000000041d89d in vm_run_global (bytecode_p=0x6923b8 <jerry_global_heap+448>) at jerryscript/jerry-core/vm/vm.c:211
#20 0x000000000046bc19 in jerry_run (func_val=139) at jerryscript/jerry-core/jerry.c:385
#21 0x000000000046b50e in main (argc=3, argv=0x7fffffffd388) at jerryscript/jerry-main/main-unix.c:726

Using the first build command but with a single function parameter:

with (print) new function (a) {
    var init;
    init()
}

ICE: Assertion 'chunk_p != NULL' failed at jerryscript/jerry-core/jmem/jmem-poolman.c(jmem_pools_free):162.
Error: ERR_FAILED_INTERNAL_ASSERTION

Program received signal SIGABRT, Aborted.
0xf7ffdbe9 in __kernel_vsyscall ()
(gdb) bt
#0  0xf7ffdbe9 in __kernel_vsyscall ()
#1  0x080ecae7 in raise ()
#2  0x080b4627 in abort ()
#3  0x0805741f in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION)
    at jerryscript/targets/default/jerry-port-default-fatal.c:53
#4  0x0806f6e3 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:61
#5  0x0806f716 in jerry_assert_fail (assertion=0x8130d79 "chunk_p != NULL", 
    file=0x8130cb8 "jerryscript/jerry-core/jmem/jmem-poolman.c", 
    function=0x81265a8 <__func__.3729.lto_priv.321> "jmem_pools_free", line=162)
    at jerryscript/jerry-core/jrt/jrt-fatals.c:85
#6  0x0806f405 in jmem_pools_free (chunk_p=0x0, size=8) at jerryscript/jerry-core/jmem/jmem-poolman.c:162
#7  0x080a88db in ecma_dealloc_number (number_p=0x0) at jerryscript/jerry-core/ecma/base/ecma-alloc.c:84
#8  0x080aad48 in ecma_free_value (value=1) at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c:871
#9  0x08062419 in opfunc_call.lto_priv.193 (frame_ctx_p=0xffffbf44) at jerryscript/jerry-core/vm/vm.c:402
#10 0x0805aa16 in vm_execute (frame_ctx_p=0xffffbf44, arg_p=0xffffc13c, arg_list_len=0)
    at jerryscript/jerry-core/vm/vm.c:2651
#11 0x0805abd1 in vm_run (bytecode_header_p=0x8375968, this_binding_value=137844763, lex_env_p=0x8375908, is_eval_code=false, arg_list_p=0xffffc13c, 
    arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:2730
#12 0x0807b235 in ecma_op_function_call (func_obj_p=0x8375790, this_arg_value=137844763, arguments_list_p=0xffffc13c, arguments_list_len=0)
    at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:524
#13 0x0807b612 in ecma_op_function_construct_simple_or_external.lto_priv.358 (func_obj_p=0x8375790, arguments_list_p=0xffffc13c, arguments_list_len=0)
    at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:657
#14 0x080745dc in ecma_op_function_construct (func_obj_p=0x8375790, arguments_list_p=0xffffc13c, arguments_list_len=0)
    at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:718
#15 0x080624e1 in opfunc_construct.lto_priv.192 (frame_ctx_p=0xffffc154) at jerryscript/jerry-core/vm/vm.c:443
#16 0x0805aa52 in vm_execute (frame_ctx_p=0xffffc154, arg_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:2656
#17 0x0805abd1 in vm_run (bytecode_header_p=0x83758a0, this_binding_value=137844283, lex_env_p=0x8375658, is_eval_code=false, arg_list_p=0x0, arg_list_len=0)
    at jerryscript/jerry-core/vm/vm.c:2730
#18 0x08062043 in vm_run_global (bytecode_p=0x83758a0) at jerryscript/jerry-core/vm/vm.c:211
#19 0x080ab4b3 in jerry_run (func_val=137844939) at jerryscript/jerry-core/jerry.c:385
#20 0x080aeeca in main (argc=3, argv=0xffffc5a4) at jerryscript/jerry-main/main-unix.c:726

^{Found by Fuzzinator}