ChakraCore ASSERTION Failure: (!Js::TaggedInt::Is(right)) in ChakraCore/lib/Backend/GlobOpt.cpp

ASSERTION Failure: (!Js::TaggedInt::Is(right)) in ChakraCore/lib/Backend/GlobOpt.cpp

Open anbu1024 opened this issue 3 years ago • 0 comments

commit

41ad58a9eebf8d52a83424c8fccfaacdb14105ec

Build platform

Ubuntu 20.04

Build steps

./build.sh --debug

poc

function foo() {
    var x = new bar();
}

function bar() {
    foo();
    WebAssembly[0 === 1 ? keys : valueOf];
    return {};
}

WScript.Attach(bar);

assert log

ASSERTION 2405716: (/media/Store/Project/js-engines/ChakraCore/lib/Backend/GlobOpt.cpp, line 6709) !Js::TaggedInt::Is(right)
 Failure: (!Js::TaggedInt::Is(right))
Illegal instruction

Apr 20 '22 13:04 anbu1024

ChakraCore ChakraCore copied to clipboard

ASSERTION Failure: (!Js::TaggedInt::Is(right)) in ChakraCore/lib/Backend/GlobOpt.cpp

commit

Build platform

Build steps

poc

assert log

ChakraCore
ChakraCore copied to clipboard