assertion failed: thr->heap->lj.type == DUK_LJ_TYPE_UNKNOWN in duk_hobject_realloc_props

[renatahodovan]

Duktape version:

Checked revision: b062b50a
Build command: make dukd-low

OS:

Ubuntu 18.04, x86_64

Test case:

function basicTest( ) { 
    function test( x ) { 
        t = new basicTest( 'i' ); 
    } 
    var values = [];
    var i; 
    test( values [ 0 ] ); 
} 

basicTest(); 

Backtrace:

Program received signal SIGABRT, Aborted.
0xf7fd5059 in __kernel_vsyscall ()
#0  0xf7fd5059 in __kernel_vsyscall ()
#1  0xf7de9832 in raise () from /lib/i386-linux-gnu/libc.so.6
#2  0xf7deacc1 in abort () from /lib/i386-linux-gnu/libc.so.6
#3  0x565c8336 in duk_default_fatal_handler.lto_priv.138 (udata=0x0, msg=0x56606a7c "assertion failed: thr->heap->lj.type == DUK_LJ_TYPE_UNKNOWN (duk_error_throw.c:42)") at duk_error_macros.c:145
#4  0x56599744 in duk_err_create_and_throw.lto_priv.481 (thr=0xf7c98418, code=1) at duk_error_throw.c:42
#5  0x565c823e in duk_err_handle_error.lto_priv.216 (thr=0xf7c98418, code=1) at duk_error_macros.c:28
#6  0x565c825c in duk__err_shared (thr=0xf7c98418, code=1) at duk_error_macros.c:83
#7  0x565c8279 in duk_err_error.lto_priv.157 (thr=0xf7c98418) at duk_error_macros.c:86
#8  0x56584f6e in duk_hobject_realloc_props.lto_priv.444 (thr=0xf7c98418, obj=0xf7c8c494, new_e_size=4, new_a_size=0, new_h_size=0, abandon_array=0) at duk_hobject_props.c:951
#9  0x56585028 in duk__grow_props_for_new_entry_item (thr=0xf7c98418, obj=0xf7c8c494) at duk_hobject_props.c:1035
#10 0x56585875 in duk__hobject_alloc_entry_checked (thr=0xf7c98418, obj=0xf7c8c494, key=0xf7c801d0) at duk_hobject_props.c:1345
#11 0x56589e97 in duk_hobject_define_property_internal.lto_priv.209 (thr=0xf7c98418, obj=0xf7c8c494, key=0xf7c801d0, flags=3) at duk_hobject_props.c:4711
#12 0x56567bbf in duk_js_close_environment_record.lto_priv.298 (thr=0xf7c98418, env=0xf7c8c494) at duk_js_var.c:692
#13 0x56570c41 in duk__activation_unwind_nofree_norz (thr=0xf7c98418) at duk_hthread_stacks.c:280
#14 0x56570cfb in duk_hthread_activation_unwind_norz.lto_priv.260 (thr=0xf7c98418) at duk_hthread_stacks.c:317
#15 0x5655fe24 in duk__handle_longjmp (thr=0xf7c98418, entry_act=0xf7c8f064) at duk_js_executor.c:1383
#16 0x56561359 in duk__handle_executor_error (heap=0xf7c9e610, entry_act=0xf7c8f064, entry_call_recursion_depth=2, entry_jmpbuf_ptr=0xffffcf20) at duk_js_executor.c:2839
#17 0x565616ad in duk_js_execute_bytecode.lto_priv.283 (exec_thr=0xf7c98418) at duk_js_executor.c:2934
#18 0x56574143 in duk__handle_call_raw (thr=0xf7c98418, idx_func=3, call_flags=0) at duk_js_call.c:2203
#19 0x565748e3 in duk_handle_call_unprotected.lto_priv.254 (thr=0xf7c98418, idx_func=3, call_flags=0) at duk_js_call.c:2385
#20 0x565ca3fd in duk_call_method (thr=0xf7c98418, nargs=0) at duk_api_call.c:152
#21 0x5655a458 in wrapped_compile_execute (ctx=0xf7c98418, udata=0x0) at examples/cmdline/duk_cmdline.c:301
#22 0x56574bab in duk__handle_safe_call_inner (thr=0xf7c98418, func=0x5655a1db <wrapped_compile_execute>, udata=0x0, entry_valstack_bottom_byteoff=0, entry_callstack_top=0, entry_curr_thread=0x0, 
    entry_thread_state=1 '\001', idx_retbase=0, num_stack_rets=1) at duk_js_call.c:2438
#23 0x565756a4 in duk_handle_safe_call.lto_priv.479 (thr=0xf7c98418, func=0x5655a1db <wrapped_compile_execute>, udata=0x0, num_stack_args=4, num_stack_rets=1) at duk_js_call.c:2683
#24 0x565cb3af in duk_safe_call (thr=0xf7c98418, func=0x5655a1db <wrapped_compile_execute>, udata=0x0, nargs=4, nrets=1) at duk_api_call.c:320
#25 0x5655a657 in handle_fh (ctx=0xf7c98418, f=0x566bd160, filename=0xffffd471 "test.js", bytecode_filename=0x0) at examples/cmdline/duk_cmdline.c:632
#26 0x5655a831 in handle_file (ctx=0xf7c98418, filename=0xffffd471 "test.js", bytecode_filename=0x0) at examples/cmdline/duk_cmdline.c:691
#27 0x5655b3df in main (argc=2, argv=0xffffd2d4) at examples/cmdline/duk_cmdline.c:1465

^{Found by Fuzzinator with grammarinator.}

[svaarala]

Thanks @renatahodovan, I'll check this out.

[svaarala]

This is quite likely a duplicate of #476 (which is still open).