Assertion '(uintptr_t) data_space_p % JMEM_ALIGNMENT == 0' failed at /jerryscript/jerry-core/jmem/jmem-heap.c

[JimWongM]

Hello, I found a crash in JerryScript.

JerryScript revision

5020015

Build platform

Ubuntu 22.04.3

Build steps

python3 tools/build.py --debug  --compile-flag=-fsanitize-coverage=trace-pc-guard --lto=off --compile-flag=-D_POSIX_C_SOURCE=200809 --compile-flag=-Wno-strict-prototypes --stack-limit=15 

Test case

var v0 = [-14000,-15,1,-65535];
BigInt.asUintN(128, -9223372036854775808n);
class C11 {}

Output

ICE: Assertion '(uintptr_t) data_space_p % JMEM_ALIGNMENT == 0' failed at /home/wjm/jerryscript/jerry-core/jmem/jmem-heap.c(jmem_heap_alloc):249.
Error: JERRY_FATAL_FAILED_ASSERTION
Aborted

Backtrace

(lldb) bt
* thread #1, name = 'jerry', stop reason = signal SIGABRT
  * frame #0: 0x00007ffff7c969fc libc.so.6`__GI___pthread_kill at pthread_kill.c:44:76
    frame #1: 0x00007ffff7c969b0 libc.so.6`__GI___pthread_kill [inlined] __pthread_kill_internal(signo=6, threadid=140737352689472) at pthread_kill.c:78:10
    frame #2: 0x00007ffff7c969b0 libc.so.6`__GI___pthread_kill(threadid=140737352689472, signo=6) at pthread_kill.c:89:10
    frame #3: 0x00007ffff7c42476 libc.so.6`__GI_raise(sig=6) at raise.c:26:13
    frame #4: 0x00007ffff7c287f3 libc.so.6`__GI_abort at abort.c:79:7
    frame #5: 0x00005555556cb400 jerry`jerry_port_fatal(code=JERRY_FATAL_FAILED_ASSERTION) at jerry-port-process.c:41:5
    frame #6: 0x0000555555619056 jerry`jerry_fatal(code=JERRY_FATAL_FAILED_ASSERTION) at jrt-fatals.c:63:3
    frame #7: 0x0000555555618ec1 jerry`jerry_assert_fail(assertion="(uintptr_t) data_space_p % JMEM_ALIGNMENT == 0", file="/home/wjm/jerryscript/jerry-core/jmem/jmem-heap.c", function="jmem_heap_alloc", line=249) at jrt-fatals.c:83:3
    frame #8: 0x0000555555618b1f jerry`jmem_heap_alloc(size=8) at jmem-heap.c:249:3
    frame #9: 0x000055555561753d jerry`jmem_heap_gc_and_alloc_block(size=8, max_pressure=JMEM_PRESSURE_FULL) at jmem-heap.c:298:24
    frame #10: 0x000055555561745e jerry`jmem_heap_alloc_block_internal(size=8) at jmem-heap.c:319:10
    frame #11: 0x0000555555618d3d jerry`jmem_pools_alloc(size=8) at jmem-poolman.c:85:23
    frame #12: 0x000055555565fa7a jerry`ecma_alloc_object at ecma-alloc.c:83:28
    frame #13: 0x00005555555b9bf7 jerry`ecma_create_object(prototype_object_p=0x0000555556079888, ext_object_size=0, type=ECMA_OBJECT_TYPE_GENERAL) at ecma-helpers.c:98:20
    frame #14: 0x000055555564920b jerry`opfunc_init_class(frame_ctx_p=0x00007fffffffdd10, stack_top_p=0x00007fffffffdd60) at opcodes.c:1731:28
    frame #15: 0x00005555556531ba jerry`vm_loop(frame_ctx_p=0x00007fffffffdd10) at vm.c:2084:20
    frame #16: 0x000055555564dd19 jerry`vm_execute(frame_ctx_p=0x00007fffffffdd10) at vm.c:5230:37
    frame #17: 0x000055555564d22b jerry`vm_run(shared_p=0x00007fffffffde18, this_binding_value=11, lex_env_p=0x0000555556079a18) at vm.c:5331:10
    frame #18: 0x000055555564d0e7 jerry`vm_run_global(bytecode_p=0x0000555556079bd0, function_object_p=0x0000555556079a08) at vm.c:286:25
    frame #19: 0x000055555558ebe1 jerry`jerry_run(script=643) at jerryscript.c:549:24
    frame #20: 0x00005555556ca604 jerry`jerryx_source_exec_script(path_p="poc2.js") at sources.c:68:14
    frame #21: 0x000055555558a402 jerry`main(argc=2, argv=0x00007fffffffe0a8) at main-desktop.c:162:20
    frame #22: 0x00007ffff7c29d90 libc.so.6`__libc_start_call_main(main=(jerry`main at main-desktop.c:113), argc=2, argv=0x00007fffffffe0a8) at libc_start_call_main.h:58:16
    frame #23: 0x00007ffff7c29e40 libc.so.6`__libc_start_main_impl(main=(jerry`main at main-desktop.c:113), argc=2, argv=0x00007fffffffe0a8, init=<unavailable>, fini=<unavailable>, rtld_fini=<unavailable>, stack_end=0x00007fffffffe098) at libc-start.c:392:3
    frame #24: 0x00005555555617f5 jerry`_start + 37