ChakraCore
ChakraCore copied to clipboard
chakra-core
Assertion Error in `EncoderMD::GetMod`
PoC:
function main() {
const v0 = {};
async function v1(v2,v3,v4,v5,v6) {
const v7 = `
Object;
`;
for (let v9 in v0) {
const v10 = v9++;
const v12 = 1337 - v7;
const v13 = await v10;
}
const v14 = v1();
}
const v15 = v1();
}
main();
Backtrace:
* thread #6, stop reason = EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0)
frame #0: 0x0000000102654240 libChakraCore.dylib`EncoderMD::GetMod(this=0x000070000904b158, symOpnd=0x00000009092952b0, pDispSize=0x0000700009049a48, rmReg=0x0000700009049a21) at EncoderMD.cpp:263:9
260 }
261 else
262 {
-> 263 Assert(offset != 0);
264 }
265 return GetMod((size_t)offset + (size_t)symOpnd->m_offset, rmReg == RegRBP, pDispSize);
266
Target 0: (ch) stopped.
(lldb) bt
* thread #6, stop reason = EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0)
* frame #0: 0x0000000102654240 libChakraCore.dylib`EncoderMD::GetMod(this=0x000070000904b158, symOpnd=0x00000009092952b0, pDispSize=0x0000700009049a48, rmReg=0x0000700009049a21) at EncoderMD.cpp:263:9
frame #1: 0x0000000102654500 libChakraCore.dylib`EncoderMD::EmitModRM(this=0x000070000904b158, instr=0x0000000909295350, opnd=0x00000009092952b0, reg1='\b') at EncoderMD.cpp:345:21
frame #2: 0x0000000102656b5f libChakraCore.dylib`EncoderMD::Encode(this=0x000070000904b158, instr=0x0000000909295350, pc=", beginCodeAddress="H�@�\x01") at EncoderMD.cpp:898:37
frame #3: 0x000000010222a448 libChakraCore.dylib`Encoder::Encode(this=0x000070000904b150) at Encoder.cpp:223:33
frame #4: 0x000000010226d092 libChakraCore.dylib`Func::TryCodegen(this=0x000070000904c150) at Func.cpp:561:17
frame #5: 0x000000010226bfef libChakraCore.dylib`Func::Codegen(alloc=0x000070000904c6e0, workItem=0x0000000909241030, threadContextInfo=0x000000010180e858, scriptContextInfo=0x000000090800ee58, outputData=0x000070000904cb20, epInfo=0x000000090912d1b0, runtimeInfo=0x0000000000000000, polymorphicInlineCacheInfo=0x00000009091d2a40, codeGenAllocators=0x0000000908809658, codeGenProfiler=0x0000000000000000, isBackgroundJIT=true) at Func.cpp:325:18
frame #6: 0x00000001025bd931 libChakraCore.dylib`NativeCodeGenerator::CodeGen(this=0x0000000100605328, pageAllocator=0x00000009077040f8, workItemData=0x00000009093045c0, jitWriteData=0x000070000904cb20, foreground=false, epInfo=0x000000090912d1b0) at NativeCodeGenerator.cpp:890:9
frame #7: 0x00000001025c00b8 libChakraCore.dylib`NativeCodeGenerator::CodeGen(this=0x0000000100605328, pageAllocator=0x00000009077040f8, workItem=0x0000000909304598, foreground=false) at NativeCodeGenerator.cpp:1007:5
frame #8: 0x00000001025c37f4 libChakraCore.dylib`NativeCodeGenerator::Process(this=0x0000000100605328, job=0x00000009093045a0, threadData=0x00000009077040d8) at NativeCodeGenerator.cpp:1907:13
frame #9: 0x0000000102678541 libChakraCore.dylib`JsUtil::BackgroundJobProcessor::Process(this=0x0000000100605498, job=0x00000009093045a0, threadData=0x00000009077040d8) at Jobs.cpp:1037:36
frame #10: 0x0000000102678b26 libChakraCore.dylib`JsUtil::BackgroundJobProcessor::Run(this=0x0000000100605498, threadData=0x00000009077040d8) at Jobs.cpp:1135:44
frame #11: 0x0000000102676062 libChakraCore.dylib`JsUtil::BackgroundJobProcessor::StaticThreadProc(lpParam=0x00000009077040d8) at Jobs.cpp:1319:20
frame #12: 0x000000010209da83 libChakraCore.dylib`CorUnix::CPalThread::ThreadEntry(pvParam=0x0000000908808200) at pal_thread.cpp:1605:16
frame #13: 0x00007fff20330950 libsystem_pthread.dylib`_pthread_start + 224
frame #14: 0x00007fff2032c47b libsystem_pthread.dylib`thread_start + 15
How to reproduce it:
- ./build.sh -d -j
- ch poc.js
