Assertion 'buffer != NULL' failed in iotjs_bufferwrap_from_jbuiltin

Question

Assertion 'buffer != NULL' failed in iotjs_bufferwrap_from_jbuiltin

renatahodovan opened this issue 6 years ago · comments

IoT.js version:

Checked revision: dbd52a7
Build command: tools/build.py --buildtype debug

OS:

Ubuntu 17.10

Test case:

var buf = new Buffer("a")
buf._builtin.copy({ _builtin: {} } , 1, 1, 1);

iotjs/src/modules/iotjs_module_buffer.c:66: Assertion 'buffer != NULL' failed.

(gdb) bt
#0  iotjs_bufferwrap_from_jbuiltin (jbuiltin=15403) at iotjs/src/modules/iotjs_module_buffer.c:66
#1  0x0000555555575498 in iotjs_bufferwrap_from_jbuffer (jbuffer=15115) at iotjs/src/modules/iotjs_module_buffer.c:75
#2  0x00005555555764bb in Copy (jfunc=4867, jthis=15507, jargv=0x7fffffffcfc0, jargc=4) at iotjs/src/modules/iotjs_module_buffer.c:266
#3  0x00005555555a1783 in ecma_op_function_call (func_obj_p=0x555555843fa0 <jerry_global_heap+4864>, this_arg_value=15507, arguments_list_p=0x7fffffffcfc0, arguments_list_len=4)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:467
#4  0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffd010) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#5  0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffd010, arg_p=0x7fffffffd428, arg_list_len=3) at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#6  0x00005555555b7794 in vm_run (bytecode_header_p=0x555555846c00 <jerry_global_heap+16224>, this_binding_value=14155, lex_env_p=0x555555842cc8 <jerry_global_heap+40>, is_eval_code=false, 
    arg_list_p=0x7fffffffd428, arg_list_len=3) at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#7  0x00005555555a170b in ecma_op_function_call (func_obj_p=0x555555846a50 <jerry_global_heap+15792>, this_arg_value=14155, arguments_list_p=0x7fffffffd428, arguments_list_len=3)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:406
#8  0x00005555555c46ac in ecma_builtin_function_prototype_object_call (this_arg=15795, arguments_list_p=0x7fffffffd424, arguments_number=4)
    at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-function-prototype.c:206
#9  0x00005555555c409b in ecma_builtin_function_prototype_dispatch_routine (builtin_routine_id=36, this_arg_value=15795, arguments_list=0x7fffffffd424, arguments_number=4)
    at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-function-prototype.inc.h:42
#10 0x000055555559de39 in ecma_builtin_dispatch_routine (builtin_object_id=ECMA_BUILTIN_ID_FUNCTION_PROTOTYPE, builtin_routine_id=36, this_arg_value=15795, arguments_list=0x7fffffffd424, 
    arguments_number=4) at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtins.inc.h:108
#11 0x000055555559e210 in ecma_builtin_dispatch_call (obj_p=0x555555842ce0 <jerry_global_heap+64>, this_arg_value=15795, arguments_list_p=0x7fffffffd424, arguments_list_len=4)
    at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtins.c:844
#12 0x00005555555a1547 in ecma_op_function_call (func_obj_p=0x555555842ce0 <jerry_global_heap+64>, this_arg_value=15795, arguments_list_p=0x7fffffffd424, arguments_list_len=4)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:343
#13 0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffd470) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#14 0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffd470, arg_p=0x7fffffffd6f8, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#15 0x00005555555b7794 in vm_run (bytecode_header_p=0x555555845068 <jerry_global_heap+9160>, this_binding_value=14131, lex_env_p=0x5555558450d8 <jerry_global_heap+9272>, is_eval_code=false, 
    arg_list_p=0x7fffffffd6f8, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#16 0x00005555555a170b in ecma_op_function_call (func_obj_p=0x555555846568 <jerry_global_heap+14536>, this_arg_value=14131, arguments_list_p=0x7fffffffd6f8, arguments_list_len=0)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:406
#17 0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffd750) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#18 0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffd750, arg_p=0x7fffffffd9c0, arg_list_len=2) at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#19 0x00005555555b7794 in vm_run (bytecode_header_p=0x555555844fc0 <jerry_global_heap+8992>, this_binding_value=9347, lex_env_p=0x5555558450d8 <jerry_global_heap+9272>, is_eval_code=false, 
    arg_list_p=0x7fffffffd9c0, arg_list_len=2) at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#20 0x00005555555a170b in ecma_op_function_call (func_obj_p=0x555555846538 <jerry_global_heap+14488>, this_arg_value=9347, arguments_list_p=0x7fffffffd9c0, arguments_list_len=2)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:406
#21 0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffda00) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#22 0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffda00, arg_p=0x7fffffffdc94, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#23 0x00005555555b7794 in vm_run (bytecode_header_p=0x555555845098 <jerry_global_heap+9208>, this_binding_value=9347, lex_env_p=0x5555558450d8 <jerry_global_heap+9272>, is_eval_code=false, 
    arg_list_p=0x7fffffffdc94, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#24 0x00005555555a170b in ecma_op_function_call (func_obj_p=0x555555846578 <jerry_global_heap+14552>, this_arg_value=9347, arguments_list_p=0x7fffffffdc94, arguments_list_len=0)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:406
#25 0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffdce0) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#26 0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffdce0, arg_p=0x7fffffffdf44, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#27 0x00005555555b7794 in vm_run (bytecode_header_p=0x555555843070 <jerry_global_heap+976>, this_binding_value=27, lex_env_p=0x5555558434c8 <jerry_global_heap+2088>, is_eval_code=false, 
    arg_list_p=0x7fffffffdf44, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#28 0x00005555555a170b in ecma_op_function_call (func_obj_p=0x5555558434b8 <jerry_global_heap+2072>, this_arg_value=72, arguments_list_p=0x7fffffffdf44, arguments_list_len=0)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:406
#29 0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffdf80) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#30 0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffdf80, arg_p=0x0, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#31 0x00005555555b7794 in vm_run (bytecode_header_p=0x555555843058 <jerry_global_heap+952>, this_binding_value=27, lex_env_p=0x555555842cc8 <jerry_global_heap+40>, is_eval_code=true, arg_list_p=0x0, 
    arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#32 0x00005555555b212f in vm_run_eval (bytecode_data_p=0x555555843058 <jerry_global_heap+952>, is_direct=false) at iotjs/deps/jerry/jerry-core/vm/vm.c:277
#33 0x0000555555582e3f in jerry_snapshot_result_at (snapshot_p=0x5555556061e0 <iotjs_js_modules_s>, snapshot_size=32592, func_index=12, copy_bytecode=false, as_function=false)
    at iotjs/deps/jerry/jerry-core/api/jerry-snapshot.c:723
#34 0x0000555555582ec2 in jerry_exec_snapshot_at (snapshot_p=0x5555556061e0 <iotjs_js_modules_s>, snapshot_size=32592, func_index=12, copy_bytecode=false)
    at iotjs/deps/jerry/jerry-core/api/jerry-snapshot.c:762
#35 0x000055555556f466 in iotjs_run (env=0x555555841440 <current_env>) at iotjs/src/iotjs.c:104
#36 0x000055555556f538 in iotjs_start (env=0x555555841440 <current_env>) at iotjs/src/iotjs.c:138
#37 0x000055555556f8f5 in iotjs_entry (argc=2, argv=0x7fffffffe2f8) at iotjs/src/iotjs.c:218
#38 0x000055555556f0da in main (argc=2, argv=0x7fffffffe2f8) at iotjs/iotjs_linux.c:19

With a small change we got another assertion fail:

var buf = new Buffer("a");
buf._builtin.copy({}, 1, 1, 1);

Backtrace:

iotjs/src/modules/iotjs_module_buffer.c:63: Assertion 'jerry_value_is_object(jbuiltin)' failed.

(gdb) bt
#0  iotjs_bufferwrap_from_jbuiltin (jbuiltin=72) at iotjs/src/modules/iotjs_module_buffer.c:63
#1  0x0000555555575498 in iotjs_bufferwrap_from_jbuffer (jbuffer=15115) at iotjs/src/modules/iotjs_module_buffer.c:75
#2  0x00005555555764bb in Copy (jfunc=4867, jthis=15507, jargv=0x7fffffffcfc0, jargc=4) at iotjs/src/modules/iotjs_module_buffer.c:266
#3  0x00005555555a1783 in ecma_op_function_call (func_obj_p=0x555555843fa0 <jerry_global_heap+4864>, this_arg_value=15507, arguments_list_p=0x7fffffffcfc0, arguments_list_len=4)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:467
#4  0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffd010) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#5  0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffd010, arg_p=0x7fffffffd428, arg_list_len=3) at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#6  0x00005555555b7794 in vm_run (bytecode_header_p=0x555555846bf8 <jerry_global_heap+16216>, this_binding_value=14155, lex_env_p=0x555555842cc8 <jerry_global_heap+40>, is_eval_code=false, 
    arg_list_p=0x7fffffffd428, arg_list_len=3) at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#7  0x00005555555a170b in ecma_op_function_call (func_obj_p=0x555555846a48 <jerry_global_heap+15784>, this_arg_value=14155, arguments_list_p=0x7fffffffd428, arguments_list_len=3)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:406
#8  0x00005555555c46ac in ecma_builtin_function_prototype_object_call (this_arg=15787, arguments_list_p=0x7fffffffd424, arguments_number=4)
    at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-function-prototype.c:206
#9  0x00005555555c409b in ecma_builtin_function_prototype_dispatch_routine (builtin_routine_id=36, this_arg_value=15787, arguments_list=0x7fffffffd424, arguments_number=4)
    at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-function-prototype.inc.h:42
#10 0x000055555559de39 in ecma_builtin_dispatch_routine (builtin_object_id=ECMA_BUILTIN_ID_FUNCTION_PROTOTYPE, builtin_routine_id=36, this_arg_value=15787, arguments_list=0x7fffffffd424, 
    arguments_number=4) at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtins.inc.h:108
#11 0x000055555559e210 in ecma_builtin_dispatch_call (obj_p=0x555555842ce0 <jerry_global_heap+64>, this_arg_value=15787, arguments_list_p=0x7fffffffd424, arguments_list_len=4)
    at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtins.c:844
#12 0x00005555555a1547 in ecma_op_function_call (func_obj_p=0x555555842ce0 <jerry_global_heap+64>, this_arg_value=15787, arguments_list_p=0x7fffffffd424, arguments_list_len=4)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:343
#13 0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffd470) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#14 0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffd470, arg_p=0x7fffffffd6f8, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#15 0x00005555555b7794 in vm_run (bytecode_header_p=0x555555845068 <jerry_global_heap+9160>, this_binding_value=14131, lex_env_p=0x5555558450d8 <jerry_global_heap+9272>, is_eval_code=false, 
    arg_list_p=0x7fffffffd6f8, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#16 0x00005555555a170b in ecma_op_function_call (func_obj_p=0x555555846568 <jerry_global_heap+14536>, this_arg_value=14131, arguments_list_p=0x7fffffffd6f8, arguments_list_len=0)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:406
#17 0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffd750) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#18 0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffd750, arg_p=0x7fffffffd9c0, arg_list_len=2) at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#19 0x00005555555b7794 in vm_run (bytecode_header_p=0x555555844fc0 <jerry_global_heap+8992>, this_binding_value=9347, lex_env_p=0x5555558450d8 <jerry_global_heap+9272>, is_eval_code=false, 
    arg_list_p=0x7fffffffd9c0, arg_list_len=2) at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#20 0x00005555555a170b in ecma_op_function_call (func_obj_p=0x555555846538 <jerry_global_heap+14488>, this_arg_value=9347, arguments_list_p=0x7fffffffd9c0, arguments_list_len=2)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:406
#21 0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffda00) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#22 0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffda00, arg_p=0x7fffffffdc94, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#23 0x00005555555b7794 in vm_run (bytecode_header_p=0x555555845098 <jerry_global_heap+9208>, this_binding_value=9347, lex_env_p=0x5555558450d8 <jerry_global_heap+9272>, is_eval_code=false, 
    arg_list_p=0x7fffffffdc94, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#24 0x00005555555a170b in ecma_op_function_call (func_obj_p=0x555555846578 <jerry_global_heap+14552>, this_arg_value=9347, arguments_list_p=0x7fffffffdc94, arguments_list_len=0)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:406
#25 0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffdce0) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#26 0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffdce0, arg_p=0x7fffffffdf44, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#27 0x00005555555b7794 in vm_run (bytecode_header_p=0x555555843070 <jerry_global_heap+976>, this_binding_value=27, lex_env_p=0x5555558434c8 <jerry_global_heap+2088>, is_eval_code=false, 
    arg_list_p=0x7fffffffdf44, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#28 0x00005555555a170b in ecma_op_function_call (func_obj_p=0x5555558434b8 <jerry_global_heap+2072>, this_arg_value=72, arguments_list_p=0x7fffffffdf44, arguments_list_len=0)
    at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:406
#29 0x00005555555b23f8 in opfunc_call (frame_ctx_p=0x7fffffffdf80) at iotjs/deps/jerry/jerry-core/vm/vm.c:425
#30 0x00005555555b750c in vm_execute (frame_ctx_p=0x7fffffffdf80, arg_p=0x0, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2793
#31 0x00005555555b7794 in vm_run (bytecode_header_p=0x555555843058 <jerry_global_heap+952>, this_binding_value=27, lex_env_p=0x555555842cc8 <jerry_global_heap+40>, is_eval_code=true, arg_list_p=0x0, 
    arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:2873
#32 0x00005555555b212f in vm_run_eval (bytecode_data_p=0x555555843058 <jerry_global_heap+952>, is_direct=false) at iotjs/deps/jerry/jerry-core/vm/vm.c:277
#33 0x0000555555582e3f in jerry_snapshot_result_at (snapshot_p=0x5555556061e0 <iotjs_js_modules_s>, snapshot_size=32592, func_index=12, copy_bytecode=false, as_function=false)
    at iotjs/deps/jerry/jerry-core/api/jerry-snapshot.c:723
#34 0x0000555555582ec2 in jerry_exec_snapshot_at (snapshot_p=0x5555556061e0 <iotjs_js_modules_s>, snapshot_size=32592, func_index=12, copy_bytecode=false)
    at iotjs/deps/jerry/jerry-core/api/jerry-snapshot.c:762
#35 0x000055555556f466 in iotjs_run (env=0x555555841440 <current_env>) at iotjs/src/iotjs.c:104
#36 0x000055555556f538 in iotjs_start (env=0x555555841440 <current_env>) at iotjs/src/iotjs.c:138
#37 0x000055555556f8f5 in iotjs_entry (argc=2, argv=0x7fffffffe2f8) at iotjs/src/iotjs.c:218
#38 0x000055555556f0da in main (argc=2, argv=0x7fffffffe2f8) at iotjs/iotjs_linux.c:19

^{Found by Fuzzinator with grammarinator}

Daniel Balla · Answer 1 · Mon Feb 19 2018 23:32:21 GMT+0800 (China Standard Time)

This issue is fixed with #1487, therefore can be closed.