Assertion 'context_p->next_scanner_info_p->source_p == context_p->source_p && context_p->next_scanner_info_p->type == SCANNER_TYPE_SWITCH' failed in parser_parse_switch_statement_start

[renatahodovan]

JerryScript revision

25b81c1

Build platform

Linux-4.15.0-62-generic-x86_64-with-Ubuntu-18.04-bionic

Build steps

./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
--compile-flag=-fno-common --compile-flag=-g \
--strip=off --system-allocator=on --logging=on \
--linker-flag=-fuse-ld=gold --error-messages=on --profile=es2015-subset

Test case

for (; []; [//]) 
    function f14(v33, v34) {
      switch (!0x13) {}
    }

Output

ICE: Assertion 'context_p->next_scanner_info_p->source_p == context_p->source_p && context_p->next_scanner_info_p->type == SCANNER_TYPE_SWITCH' failed at jerryscript/jerry-core/parser/js/js-parser-statm.c(parser_parse_switch_statement_start):1216.
Error: ERR_FAILED_INTERNAL_ASSERTION

Backtrace

bt
#0  0xf7fd3939 in __kernel_vsyscall ()
#1  0xf77bf182 in raise () from /lib/i386-linux-gnu/libc.so.6
#2  0xf77a92b6 in abort () from /lib/i386-linux-gnu/libc.so.6
#3  0x5666f7eb in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION)
    at jerryscript/jerry-port/default/default-fatal.c:71
#4  0x565d7aa0 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:58
#5  0x565d7ae1 in jerry_assert_fail (
    assertion=0x566b1bc0 "context_p->next_scanner_info_p->source_p == context_p->source_p && context_p->next_scanner_info_p->type == SCANNER_TYPE_SWITCH", file=0x566b1160 "jerryscript/jerry-core/parser/js/js-parser-statm.c", 
    function=0x566b2940 <__func__.5430> "parser_parse_switch_statement_start", line=1216)
    at jerryscript/jerry-core/jrt/jrt-fatals.c:82
#6  0x5666040e in parser_parse_switch_statement_start (context_p=0xffffc750)
    at jerryscript/jerry-core/parser/js/js-parser-statm.c:1215
#7  0x566659d6 in parser_parse_statements (context_p=0xffffc750)
    at jerryscript/jerry-core/parser/js/js-parser-statm.c:2366
#8  0x565e99f5 in parser_parse_function (context_p=0xffffc750, status_flags=14)
    at jerryscript/jerry-core/parser/js/js-parser.c:2790
#9  0x56646c33 in lexer_construct_function_object (context_p=0xffffc750, extra_status_flags=14)
    at jerryscript/jerry-core/parser/js/js-lexer.c:1978
#10 0x5664e138 in parser_parse_function_expression (context_p=0xffffc750, status_flags=14)
    at jerryscript/jerry-core/parser/js/js-parser-expr.c:1010
#11 0x5664fafb in parser_parse_unary_expression (context_p=0xffffc750, grouping_level_p=0xffffbeb0)
    at jerryscript/jerry-core/parser/js/js-parser-expr.c:1302
#12 0x56654243 in parser_parse_expression (context_p=0xffffc750, options=4)
    at jerryscript/jerry-core/parser/js/js-parser-expr.c:2178
#13 0x5664bb5e in parser_parse_array_literal (context_p=0xffffc750)
    at jerryscript/jerry-core/parser/js/js-parser-expr.c:249
#14 0x5664fb21 in parser_parse_unary_expression (context_p=0xffffc750, grouping_level_p=0xffffc080)
    at jerryscript/jerry-core/parser/js/js-parser-expr.c:1313
#15 0x56654243 in parser_parse_expression (context_p=0xffffc750, options=1)
    at jerryscript/jerry-core/parser/js/js-parser-expr.c:2178
#16 0x5665f3e2 in parser_parse_for_statement_start (context_p=0xffffc750)
    at jerryscript/jerry-core/parser/js/js-parser-statm.c:1077
#17 0x56665bd8 in parser_parse_statements (context_p=0xffffc750)
    at jerryscript/jerry-core/parser/js/js-parser-statm.c:2396
#18 0x565e79a8 in parser_parse_source (arg_list_p=0x0, arg_list_size=0, 
    source_p=0x566e9b40 <buffer> "for (; []; [//]) \n    function f14(v33, v34) {\n      switch (!0x13) {}\n    }", source_size=76, 
    parse_opts=0, error_location_p=0xffffc960) at jerryscript/jerry-core/parser/js/js-parser.c:2534
#19 0x565ea765 in parser_parse_script (arg_list_p=0x0, arg_list_size=0, 
    source_p=0x566e9b40 <buffer> "for (; []; [//]) \n    function f14(v33, v34) {\n      switch (!0x13) {}\n    }", source_size=76, 
    parse_opts=0, bytecode_data_p=0xffffca20) at jerryscript/jerry-core/parser/js/js-parser.c:3001
#20 0x5657005e in jerry_parse (resource_name_p=0xffffd142 "test.js", resource_name_length=7, 
    source_p=0x566e9b40 <buffer> "for (; []; [//]) \n    function f14(v33, v34) {\n      switch (!0x13) {}\n    }", source_size=76, 
    parse_opts=0) at jerryscript/jerry-core/api/jerry.c:426
#21 0x5656d05e in main (argc=3, argv=0xffffcf14) at jerryscript/jerry-main/main-unix.c:734

^{Found by Fuzzinator with grammarinator.}