Headline
CVE-2021-46344: Assertion 'flags & PARSER_PATTERN_HAS_REST_ELEMENT' failed at jerryscript/jerry-core/parser/js/js-parser-expr.c(parser_parse_object_initializer):4119. · Issue #4928 · jerryscript-project/jerryscript
There is an Assertion ‘flags & PARSER_PATTERN_HAS_REST_ELEMENT’ failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0.
JerryScript revision
Commit: a6ab5e9
Version: v3.0.0
Build platform
Ubuntu 18.04.5 LTS (Linux 4.19.128-microsoft-standard x86_64)
Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)
Build steps
python ./tools/build.py --clean --debug --compile-flag=-fsanitize=address --compile-flag=-m32 --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --system-allocator=on --stack-limit=20
Test casepoc.js
var iterCount = 0;
async function JSEtest() {
for await (var { a, b, ...rest }"of [{x: 1, y: 2, a: 5, b: 3}]) {
assert.sameValue(rest.a, undefined);
assert.sameValue(rest.b, undefined);
verifyProperty(rest, "x", {
enumerable: true,
writable: true,
configurable: true,
value: 1
});
verifyProperty(rest, "y", {
enumerable: true,
writable: true,
configurable: true,
value: 2
});
iterCount += 1;
}
JSEtest()
.then(() => assert.sameValue(iterCount, 1, 'iteration occurred as expected'), $DONE)
.then($DONE, $DONE);
Execution steps & Output
$ ./jerryscript/build/bin/jerry poc.js
ICE: Assertion ‘flags & PARSER_PATTERN_HAS_REST_ELEMENT’ failed at jerryscript/jerry-core/parser/js/js-parser-expr.c(parser_parse_object_initializer):4119. Error: ERR_FAILED_INTERNAL_ASSERTION [1] 32968 abort jerry poc.js
Credits: Found by OWL337 team.