$ ./jerryscript/build/bin/jerry poc.js

==2433547==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf50006ac at pc 0x566ef7ff bp 0xffa35298 sp 0xffa35288 READ of size 2 at 0xf50006ac thread T0 #0 0x566ef7fe in parser_parse_function_statement /jerryscript/jerry-core/parser/js/js-parser-statm.c:696 #1 0x566f3001 in parser_parse_statements /jerryscript/jerry-core/parser/js/js-parser-statm.c:2809 #2 0x56677b25 in parser_parse_source /jerryscript/jerry-core/parser/js/js-parser.c:2280 #3 0x5660a3cf in jerry_parse_common /jerryscript/jerry-core/api/jerryscript.c:412 #4 0x5660a631 in jerry_parse /jerryscript/jerry-core/api/jerryscript.c:480 #5 0x566ff644 in jerryx_source_parse_script /jerryscript/jerry-ext/util/sources.c:52 #6 0x566ff701 in jerryx_source_exec_script /jerryscript/jerry-ext/util/sources.c:63 #7 0x56602d04 in main /jerryscript/jerry-main/main-desktop.c:156 #8 0xf75faed4 in __libc_start_main (/lib32/libc.so.6+0x1aed4) #9 0x56605fb4 in _start (/jerryscript/build/bin/jerry+0x12fb4)

0xf50006ac is located 4 bytes to the left of 8-byte region [0xf50006b0,0xf50006b8) allocated by thread T0 here: #0 0xf79e3817 in __interceptor_malloc …/…/…/…/…/src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x56605ae4 in jmem_heap_alloc /jerryscript/jerry-core/jmem/jmem-heap.c:254 #2 0x5666ad8d in jmem_heap_gc_and_alloc_block /jerryscript/jerry-core/jmem/jmem-heap.c:291 #3 0x566eb5ab in parser_malloc /jerryscript/jerry-core/parser/js/js-parser-mem.c:43 #4 0x5667fc95 in scanner_create_variables /jerryscript/jerry-core/parser/js/js-scanner-util.c:2341 #5 0x56677ae1 in parser_parse_source /jerryscript/jerry-core/parser/js/js-parser.c:2277 #6 0x5660a3cf in jerry_parse_common /jerryscript/jerry-core/api/jerryscript.c:412 #7 0x5660a631 in jerry_parse /jerryscript/jerry-core/api/jerryscript.c:480 #8 0x566ff644 in jerryx_source_parse_script /jerryscript/jerry-ext/util/sources.c:52 #9 0x566ff701 in jerryx_source_exec_script /jerryscript/jerry-ext/util/sources.c:63 #10 0x56602d04 in main /jerryscript/jerry-main/main-desktop.c:156 #11 0xf75faed4 in __libc_start_main (/lib32/libc.so.6+0x1aed4)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/aifuzz/targets/jerryscript_afl_asan2/jerry-core/parser/js/js-parser-statm.c:696 in parser_parse_function_statement Shadow bytes around the buggy address: 0x3ea00080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x3ea00090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x3ea000a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x3ea000b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x3ea000c0: fa fa 05 fa fa fa 00 00 fa fa 00 07 fa fa 05 fa =>0x3ea000d0: fa fa fd fd fa[fa]00 fa fa fa 00 04 fa fa fd fd 0x3ea000e0: fa fa fd fd fa fa fd fd fa fa 00 06 fa fa 00 03 0x3ea000f0: fa fa 00 07 fa fa 00 00 fa fa fa fa fa fa fa fa 0x3ea00100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x3ea00110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x3ea00120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2433547==ABORTING

ICE: Assertion 'context_p->scope_stack_top >= 2' failed at /jerryscript/jerry-core/parser/js/js-parser-statm.c(parser_parse_function_statement):691.
Error: JERRY_FATAL_FAILED_ASSERTION