ChakraCore icon indicating copy to clipboard operation
ChakraCore copied to clipboard
verified publisher icon chakra-core

Assertion failure in CallInfo.cpp

Open zhunki opened this issue 3 years ago • 2 comments

the following poc cause a assertion failure in "debug" build on ubuntu.

const v3 = new Int32Array(65537);
const v4 = "replace".localeCompare(...v3);

zhunki avatar Dec 24 '21 11:12 zhunki 

$ cat 6772.js 
const v3 = new Int32Array(65537);
const v4 = "replace".localeCompare(...v3);
$ ch 6772.js 
ASSERTION 315203: (../lib/Runtime/Base/CallInfo.cpp, line 17) ArgList too large
 Failure: (count < Constants::UShortMaxValue - 1)
Illegal instruction (core dumped)

The argument list is indeed really large, thanks to spread operator, but the method only takes up to three arguments.

ppenzin avatar Jan 31 '22 16:01 ppenzin

I have a fix though need to add a test case and tidy up - will open PR in a couple of days.

NOTE: this currently calls abort in a release build but there is no reason to, per spec it should run - a simple logical fix allows the function to trim the arg list then execute.

rhuanjl avatar Jan 31 '22 22:01 rhuanjl