Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assertion 'compressed_pointer != JMEM_CP_NULL' failed #5091

Open
voidptr127 opened this issue Jun 12, 2023 · 0 comments
Open

Assertion 'compressed_pointer != JMEM_CP_NULL' failed #5091

voidptr127 opened this issue Jun 12, 2023 · 0 comments
Labels
fuzzing Related to fuzz testing of the engine

Comments

@voidptr127
Copy link

JerryScript revision
05dbbd134c3b9e2482998f267857dd3722001cd7
Build platform
Linux-6.2.15-200.fc37.x86_64-x86_64-with-glibc2.34
clang version 14.0.6 (Red Hat 14.0.6-4.el9_1)
Build steps
CC=/usr/bin/clang python3 tools/build.py --clean \
    --debug \
    --strip=off \
    --compile-flag=-fsanitize=address \
    --lto=off \
    --compile-flag=-g \
    --error-messages=on \
    --promise-callback=on \
    --logging=on \
    --line-info=on \
    --stack-limit=128
Test case
void new Uint8Array(new String());
void new Uint8Array(new Promise(Number.__proto__),new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(Reflect,Reflect),Reflect),Proxy),Reflect),Proxy),Reflect));
void (new Function(`0324--help${new Proxy(Number.MAX_VALUE=new Date(new Proxy(Number.__proto__=new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(Reflect,new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(Reflect,Reflect),Reflect),Reflect),Reflect),Proxy)),Reflect),Proxy),Reflect),Reflect),Number.MAX_VALUE=new Date(new Proxy(Number.__proto__=new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(Reflect,new Proxy(new Proxy(new Proxy(new Proxy(new Proxy(Reflect,Reflect),Proxy),Proxy),Reflect),Reflect)),Reflect),new Proxy(Reflect,Reflect)),Proxy),Reflect),Reflect),Reflect),new Proxy(Reflect,Reflect)),Proxy))),Reflect),Reflect)),Reflect)}`,new Proxy())%new Reflect());
Execution and Output

Depending on how JerryScript is used a different error message is printed.

Case 1: Filename or via stdin

./build/bin/jerry poc.js

# or

cat poc.js | ./build/bin/jerry

Output:

ICE: Assertion 'compressed_pointer != JMEM_CP_NULL' failed at /home/rocky/jerryscript/jerry-core/jmem/jmem-allocator.c(jmem_decompress_pointer):216.
Error: JERRY_FATAL_FAILED_ASSERTION
Aborted (core dumped)

This is similar to the closed issue #3779

Case 2: Filename is an absolute path

./build/bin/jerry /home/rocky/poc.js

Output:

Unhandled exception: TypeError: Argument 'this' is not a Date object
 0: /home/rocky/poc.js:3:1
ICE: Assertion 'JERRY_CONTEXT (jmem_heap_allocated_size) == 0' failed at /home/rocky/jerryscript/jerry-core/jmem/jmem-heap.c(jmem_heap_finalize):108.
Error: JERRY_FATAL_FAILED_ASSERTION
Aborted (core dumped)

This is similar to the open issue #5062
@ossy-szeged ossy-szeged added the fuzzing Related to fuzz testing of the engine label Nov 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fuzzing Related to fuzz testing of the engine
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ossy-szeged @voidptr127