ChakraCore icon indicating copy to clipboard operation
ChakraCore copied to clipboard
verified publisher icon chakra-core

ASSERTION Failure "Js reentrancy error" in ChakraCore/lib/Common/Exceptions/Throw.cpp, line 103

Open 1789120321 opened this issue 3 years ago • 1 comments 

commit : 41ad58a
Engine version : ch version 1.13.0.0-beta
Build platform : Ubuntu 18.04
Clang version : 6.0.0
Build steps : ./build.sh --sanitize=address --static -j -d

POC

cat efe25658e8db4c358a13283eec7f6e85.js
------------------------------------------------
function main() {
  function v0(v1, v2) {
    main();
    const v7 = new Int16Array(44915);

    for (let v10 = 0; v10 < 1337; v10++) {
      v7[v10] = 1337;
      v7[v10] = v2;
    }
  }

  const v12 = new Promise(v0);
}

Assert Log

./ch efe25658e8db4c358a13283eec7f6e85.js
-------------------------------------------------
ASSERTION 3893: (ChakraCore-master/lib/Common/Exceptions/Throw.cpp, line 103) Js reentrancy error!!
 Failure: (false)
Illegal instruction

Hi, Richard, could you please help check this issue?

@rhuanjl

1789120321 avatar Mar 12 '22 15:03 1789120321

I've built this without sanitizer turned on and the example ran to completion (predictably doesn't fail in release mode). Probably needs more investigation.

ppenzin avatar Mar 26 '22 00:03 ppenzin