Segmentation fault in iotjs_handlewrap_validate

Question

Segmentation fault in iotjs_handlewrap_validate

renatahodovan opened this issue 6 years ago · comments

IoT.js version:

Checked revision: dbd52a7
Build command: ./tools/build.py

OS:

Ubuntu 17.10

Test case:

var net = require('net');

try { new (net.connect(1328)) } catch (err) { }
try { setTimeout(Date.prototype.getUTCMonth, 1, 1, 1, 1) } catch (err) {}

Backtrace:

uncaughtException: TypeError: Date object expected

Thread 1 "iotjs" received signal SIGSEGV, Segmentation fault.
0x0000555555573aff in iotjs_handlewrap_validate (handlewrap=0x555555883830) at iotjs/src/iotjs_handlewrap.c:121
121   IOTJS_ASSERT((void*)_this == _this->handle->data);
(gdb) bt
#0  0x0000555555573aff in iotjs_handlewrap_validate (handlewrap=0x555555883830) at iotjs/src/iotjs_handlewrap.c:121
#1  0x000055555557356b in iotjs_handlewrap_get_uv_handle (handlewrap=0x555555883830) at iotjs/src/iotjs_handlewrap.c:66
#2  0x000055555557ebf2 in iotjs_tcpwrap_tcp_handle (tcpwrap=0x555555883830) at iotjs/src/modules/iotjs_module_tcp.c:67
#3  0x00005555555800ae in Connect (jfunc=24139, jthis=24363, jargv=0x7fffffffa050, jargc=3)
    at iotjs/src/modules/iotjs_module_tcp.c:322
#4  0x00005555555a1783 in ecma_op_function_call (func_obj_p=0x555555848ae8 <jerry_global_heap+24136>, this_arg_value=24363, 
    arguments_list_p=0x7fffffffa050, arguments_list_len=3)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:467
#5  0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffa0a0) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#6  0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffa0a0, arg_p=0x7fffffffa310, arg_list_len=3)
    at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#7  0x00005555555b7794 in vm_run (bytecode_header_p=0x555555846e10 <jerry_global_heap+16752>, this_binding_value=27, 
    lex_env_p=0x55555584a0a0 <jerry_global_heap+29696>, is_eval_code=false, arg_list_p=0x7fffffffa310, arg_list_len=3)
    at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#8  0x00005555555a170b in ecma_op_function_call (func_obj_p=0x5555558474b0 <jerry_global_heap+18448>, this_arg_value=72, 
    arguments_list_p=0x7fffffffa310, arguments_list_len=3)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:406
#9  0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffa360) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#10 0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffa360, arg_p=0x555555884110, arg_list_len=3)
    at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#11 0x00005555555b7794 in vm_run (bytecode_header_p=0x555555846b40 <jerry_global_heap+16032>, this_binding_value=27, 
    lex_env_p=0x555555849fd0 <jerry_global_heap+29488>, is_eval_code=false, arg_list_p=0x555555884110, arg_list_len=3)
    at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#12 0x00005555555a170b in ecma_op_function_call (func_obj_p=0x555555849410 <jerry_global_heap+26480>, this_arg_value=72, 
    arguments_list_p=0x555555884110, arguments_list_len=3)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:406
#13 0x0000555555586223 in jerry_invoke_function (is_invoke_as_constructor=false, func_obj_val=26483, this_val=72, args_p=0x555555884110, 
    args_count=3) at iotjs/deps/jerry/jerry-core/api/jerry.c:2099
#14 0x0000555555586297 in jerry_call_function (func_obj_val=26483, this_val=72, args_p=0x555555884110, args_count=3)
    at iotjs/deps/jerry/jerry-core/api/jerry.c:2125
#15 0x00005555555708d6 in iotjs_jhelper_call (jfunc=26483, jthis=72, jargs=0x7fffffffa660, throws=0x7fffffffa5c3)
    at iotjs/src/iotjs_binding.c:310
#16 0x0000555555571df2 in iotjs_make_callback_with_result (jfunction=26483, jthis=72, jargs=0x7fffffffa660)
    at iotjs/src/iotjs_binding_helper.c:119
#17 0x0000555555571dac in iotjs_make_callback (jfunction=26483, jthis=72, jargs=0x7fffffffa660)
    at iotjs/src/iotjs_binding_helper.c:108
#18 0x000055555557800f in AfterGetAddrInfo (req=0x555555883a40, status=0, res=0x7ffff0001be0)
    at iotjs/src/modules/iotjs_module_dns.c:158
#19 0x00005555555f65b7 in uv__getaddrinfo_done (w=0x555555883a68, status=0)
    at iotjs/deps/libtuv/src/unix/getaddrinfo.c:156
#20 0x00005555555fffa7 in uv__work_done (handle=0x5555558416f0 <default_loop_struct+176>)
    at iotjs/deps/libtuv/src/threadpool.c:261
#21 0x00005555555f171b in uv__async_event (loop=0x555555841640 <default_loop_struct>, w=0x5555558417e8 <default_loop_struct+424>, 
    nevents=1) at iotjs/deps/libtuv/src/unix/async.c:122
#22 0x00005555555f1894 in uv__async_io (loop=0x555555841640 <default_loop_struct>, w=0x5555558417f0 <default_loop_struct+432>, events=1)
    at iotjs/deps/libtuv/src/unix/async.c:162
#23 0x00005555555ff20a in uv__io_poll (loop=0x555555841640 <default_loop_struct>, timeout=-1)
    at iotjs/deps/libtuv/src/unix/linux-core.c:389
#24 0x00005555555f22c9 in uv_run (loop=0x555555841640 <default_loop_struct>, mode=UV_RUN_DEFAULT)
    at iotjs/deps/libtuv/src/unix/core.c:305
#25 0x000055555556f931 in iotjs_entry (argc=2, argv=0x7fffffffdec8) at iotjs/src/iotjs.c:222
#26 0x000055555556f0da in main (argc=2, argv=0x7fffffffdec8) at iotjs/iotjs_linux.c:19

^{Found by Fuzzinator}

Daniel Balla · Answer 1 · Thu May 10 2018 20:12:20 GMT+0800 (China Standard Time)

I think this is fixed by now.

László Langó · Answer 2 · Thu May 24 2018 17:51:27 GMT+0800 (China Standard Time)

Cannot reproduce. Feel free to reopen if still valid.