Assertion scope_stack_p > context_p->scope_stack_p in scanner_literal_is_created #3735
Description
JerryScript revision
Build platform
Linux-4.15.0-88-generic-x86_64-with-Ubuntu-18.04-bionic
Build steps
./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
--compile-flag=-fno-common --compile-flag=-g \
--strip=off --system-allocator=on --logging=on \
--linker-flag=-fuse-ld=gold --error-messages=on --profile=es2015-subset
Test case
function $({ $ $() {} Output
ICE: Assertion 'scope_stack_p > context_p->scope_stack_p' failed at jerryscript/jerry-core/parser/js/js-scanner-util.c(scanner_literal_is_created):2450.
Error: ERR_FAILED_INTERNAL_ASSERTION
ASAN:DEADLYSIGNAL
=================================================================
==12366==ERROR: AddressSanitizer: ABRT on unknown address 0x0000304e (pc 0xf7faf079 bp 0xffb2b97c sp 0xffb2b960 T0)
#0 0xf7faf078 (linux-gate.so.1+0x1078)
#1 0xf7faf078 (linux-gate.so.1+0x1078)
#2 0xf77d6831 in raise (/lib/i386-linux-gnu/libc.so.6+0x2d831)
#3 0xf77d7cc0 in abort (/lib/i386-linux-gnu/libc.so.6+0x2ecc0)
#4 0x565e8246 in jerry_port_fatal jerryscript/jerry-port/default/default-fatal.c:30
#5 0x5669e542 in jerry_fatal jerryscript/jerry-core/jrt/jrt-fatals.c:63
#6 0x5669e583 in jerry_assert_fail jerryscript/jerry-core/jrt/jrt-fatals.c:87
#7 0x566654ae in scanner_literal_is_created jerryscript/jerry-core/parser/js/js-scanner-util.c:2450
#8 0x56601e79 in parser_append_binary_single_assignment_token jerryscript/jerry-core/parser/js/js-parser-expr.c:2321
#9 0x56604445 in parser_pattern_form_assignment jerryscript/jerry-core/parser/js/js-parser-expr.c:2732
#10 0x56605a2d in parser_parse_object_initializer jerryscript/jerry-core/parser/js/js-parser-expr.c:3025
#11 0x56605b9e in parser_parse_initializer jerryscript/jerry-core/parser/js/js-parser-expr.c:3050
#12 0x566ab276 in parser_parse_function_arguments jerryscript/jerry-core/parser/js/js-parser.c:1807
#13 0x566afea9 in parser_parse_function jerryscript/jerry-core/parser/js/js-parser.c:2446
#14 0x5660f606 in parser_parse_function_statement jerryscript/jerry-core/parser/js/js-parser-statm.c:812
#15 0x56619f15 in parser_parse_statements jerryscript/jerry-core/parser/js/js-parser-statm.c:2831
#16 0x566ad743 in parser_parse_source jerryscript/jerry-core/parser/js/js-parser.c:2184
#17 0x566b0d47 in parser_parse_script jerryscript/jerry-core/parser/js/js-parser.c:2695
#18 0x56701fd9 in jerry_parse jerryscript/jerry-core/api/jerry.c:448
#19 0x566febe9 in main jerryscript/jerry-main/main-unix.c:750
#20 0xf77c1e80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80)
#21 0x565db210 (jerryscript/build_gcc_asan_es2015/bin/jerry+0x1a210)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (linux-gate.so.1+0x1078)
==12366==ABORTING
Found by Fuzzinator with grammarinator.