Assertion 'call_arguments <= CBC_MAXIMUM_BYTE_VALUE' failed in parser_emit_cbc_call

[renatahodovan]

JerryScript revision

5020015 (v3.0.0)

Build platform

Ubuntu 24.04.1 LTS (Linux 6.8.0-49-generic x86_64)

Build steps

./tools/build.py --clean --debug --compile-flag=-fsanitize=address --logging=on

Test case

arr.splice(...1,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...1,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0,...0)

Output

ICE: Assertion 'call_arguments <= CBC_MAXIMUM_BYTE_VALUE' failed at jerryscript/src/jerry-core/parser/js/js-parser-util.c(parser_emit_cbc_call):369.
Error: JERRY_FATAL_FAILED_ASSERTION
==1845177== ERROR: libFuzzer: deadly signal
    #0 0x55fff7c68545 in __sanitizer_print_stack_trace (jerryscript/basic/libfuzzer+0x1e9545) (BuildId: 932bc76ab7f7477eee554362851f38adbd14aaa0)
    #1 0x55fff7bbc48c in fuzzer::PrintStackTrace() (jerryscript/basic/libfuzzer+0x13d48c) (BuildId: 932bc76ab7f7477eee554362851f38adbd14aaa0)
    #2 0x55fff7ba15f7 in fuzzer::Fuzzer::CrashCallback() (jerryscript/basic/libfuzzer+0x1225f7) (BuildId: 932bc76ab7f7477eee554362851f38adbd14aaa0)
    #3 0x7fb35924532f  (/lib/x86_64-linux-gnu/libc.so.6+0x4532f) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
    #4 0x7fb35929eb2b in pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x9eb2b) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
    #5 0x7fb35924527d in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4527d) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
    #6 0x7fb3592288fe in abort (/lib/x86_64-linux-gnu/libc.so.6+0x288fe) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
    #7 0x55fff7e20a00 in jerry_port_fatal jerryscript/src/jerry-port/common/jerry-port-process.c:41:5
    #8 0x55fff7d856cd in jerry_fatal jerryscript/src/jerry-core/jrt/jrt-fatals.c:63:3
    #9 0x55fff7d8578e in jerry_assert_fail jerryscript/src/jerry-core/jrt/jrt-fatals.c:83:3
    #10 0x55fff7dc999a in parser_emit_cbc_call jerryscript/src/jerry-core/parser/js/js-parser-util.c:369:3
    #11 0x55fff7da2120 in parser_parse_call_expression jerryscript/src/jerry-core/parser/js/js-parser-expr.c
    #12 0x55fff7dad48b in parser_parse_postfix_expresion jerryscript/src/jerry-core/parser/js/js-parser-expr.c:3106:9
    #13 0x55fff7da5e90 in parser_parse_expression jerryscript/src/jerry-core/parser/js/js-parser-expr.c:4506:7
    #14 0x55fff7db2840 in parser_parse_block_expression jerryscript/src/jerry-core/parser/js/js-parser-expr.c:4447:3
    #15 0x55fff7dbe111 in parser_parse_statements jerryscript/src/jerry-core/parser/js/js-parser-statm.c
    #16 0x55fff7dcb2ab in parser_parse_source jerryscript/src/jerry-core/parser/js/js-parser.c:2280:5
    #17 0x55fff7dd3499 in parser_parse_script jerryscript/src/jerry-core/parser/js/js-parser.c:3332:38
    #18 0x55fff7cb31d0 in jerry_parse_common jerryscript/src/jerry-core/api/jerryscript.c:413:21
    #19 0x55fff7cb3604 in jerry_parse jerryscript/src/jerry-core/api/jerryscript.c:481:10
    #20 0x55fff7c9e475 in LLVMFuzzerTestOneInput jerryscript/src/jerry-main/main-libfuzzer.c:30:33
    #21 0x55fff7ba2bca in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (jerryscript/basic/libfuzzer+0x123bca) (BuildId: 932bc76ab7f7477eee554362851f38adbd14aaa0)
    #22 0x55fff7b8a863 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (jerryscript/basic/libfuzzer+0x10b863) (BuildId: 932bc76ab7f7477eee554362851f38adbd14aaa0)
    #23 0x55fff7b90a21 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (jerryscript/basic/libfuzzer+0x111a21) (BuildId: 932bc76ab7f7477eee554362851f38adbd14aaa0)
    #24 0x55fff7bbcff6 in main (jerryscript/basic/libfuzzer+0x13dff6) (BuildId: 932bc76ab7f7477eee554362851f38adbd14aaa0)
    #25 0x7fb35922a1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
    #26 0x7fb35922a28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
    #27 0x55fff7b84ff4 in _start (jerryscript/basic/libfuzzer+0x105ff4) (BuildId: 932bc76ab7f7477eee554362851f38adbd14aaa0)