assertion failed: thr->valstack_end - thr->valstack == pre_end - pre_valstack in duk__resize_valstack

Duktape version:

Checked revision: b062b50a
Build command: make dukd-low

OS:

Ubuntu 18.04, x86_64

Test case:

function test ( ) { 
    var func = function foo ( a , b , c ) { print ( a , b , c ) ; } ; 
    func = function foo ( id_0, id_1 , id_2 , id_3 , id_4 , id_5 , id_6 , id_7 , id_8 , id_9 , id_10 , id_11 , id_12 , id_13 , id_14 , id_15 , id_16 , id_17 , id_18 , id_19 , id_20 , id_21 , id_22 , id_23 , id_24 , id_25 , id_26 , id_27 , id_28 , id_29 , id_30 , id_31 , id_32 , id_33 , id_34 , id_35 , id_36 , id_37 , id_38 , id_39 , id_40 , id_41 , id_42 , id_43 , id_44 , id_45 , id_46 , id_47 , id_48 , id_49 , id_50 , id_51 , id_52 , id_53 , id_54 , id_55 , id_56 , id_57 , id_58 , id_59 , id_60 , id_61 , id_62 , id_63 , id_64 , id_65 , id_66 , id_67 , id_68 , id_69 , id_70 , id_71 , id_72 , id_73 , id_74 , id_75 , id_76 , id_77 , id_78 , id_79 , id_80 , id_81 , id_82 , id_83 , id_84 , id_85 , id_86 , id_87 , id_88 , id_89 , id_90 , id_91 , id_92 , id_93 , id_94 , id_95 , id_96 , id_97 , id_98 , id_99 , id_100 , id_101 , id_102 , id_103 , id_104 , id_105 , id_106 , id_107 , id_108 , id_109 , id_110 , id_111 , id_112 , id_113 , id_114 , id_115 , id_116 , id_117 , id_118 , id_119 , id_120 , id_121 , id_122 , id_123 , id_124 , id_125 , id_126 , id_127 , id_128 , id_129 , id_130 , id_131 , id_132 , id_133 , id_134 , id_135 , id_136 , id_137 , id_138 , id_139 , id_140 , id_141 , id_142 , id_143 , id_144 , id_145 , id_146 , id_147 , id_148 , id_149 , id_150 , id_151 , id_152 , id_153 , id_154 , id_155 , id_156 , id_157 , id_158 , id_159 , id_160 , id_161 , id_162 , id_163 , id_164 , id_165 , id_166 , id_167 , id_168 , id_169 , id_170 , id_171 , id_172 , id_173 , id_174 , id_175 , id_176 , id_177 , id_178 , id_179 , id_180 , id_181 , id_182 , id_183 , id_184 , id_185 , id_186 , id_187 , id_188 , id_189 , id_190 , id_191 , id_192 , id_193 , id_194 , id_195 , id_196 , id_197 , id_198 , id_199 , id_200 , id_201 , id_202 , id_203 , id_204 , id_205 , id_206 , id_207 , id_208 , id_209 , id_210 , id_211 , id_212 , id_213 , id_214 , id_215 , id_216 , id_217 , id_218 , id_219 , id_220 , id_221 , id_222 , id_223 , id_224 , id_225 , id_226 , id_227 , id_228 , id_229 , id_230 , id_231 , id_232 , id_233 , id_234 , id_235, id_236 , id_237 , id_238 , id_239 ) { 
        print ( 'arg239:' , id_104 ) ; 
    }; 
    func.apply ( null , [ 0 ] );
    func = function ( a , b , c , d ) { print ( typeof id_19 ) ; } ; 
    func = function ( a , b , c , d , e ) { function inner ( ) { print ( 'inner' ) } ; } ; 
    test ( ) ; 
    func = function ( a , b , c ) { print ( eval ( '"aiee"' ) ) ; } ; 
} 
try { test ( ) ; } catch ( NaN ) { }

Backtrace:

Program received signal SIGABRT, Aborted.
0xf7fd5059 in __kernel_vsyscall ()
#0  0xf7fd5059 in __kernel_vsyscall ()
#1  0xf7de0832 in raise () from /lib/i386-linux-gnu/libc.so.6
#2  0xf7de1cc1 in abort () from /lib/i386-linux-gnu/libc.so.6
#3  0x565c8336 in duk_default_fatal_handler.lto_priv.138 (udata=0x0, msg=0x5666e7c4 "assertion failed: thr->valstack_end - thr->valstack == pre_end - pre_valstack (duk_api_stack.c:769)")
    at duk_error_macros.c:145
#4  0x565c2c0f in duk__resize_valstack (thr=0xf7fad418, new_size=1025) at duk_api_stack.c:769
#5  0x565c2e02 in duk__valstack_grow (thr=0xf7fad418, min_bytes=8200, throw_on_error=1) at duk_api_stack.c:854
#6  0x565c2ebf in duk_valstack_grow_check_throw.lto_priv.284 (thr=0xf7fad418, min_bytes=8200) at duk_api_stack.c:885
#7  0x56573d41 in duk__handle_call_raw (thr=0xf7fad418, idx_func=240, call_flags=8) at duk_js_call.c:2130
#8  0x565748e3 in duk_handle_call_unprotected.lto_priv.254 (thr=0xf7fad418, idx_func=240, call_flags=8) at duk_js_call.c:2385
#9  0x5656129b in duk__executor_handle_call (thr=0xf7fad418, idx=240, nargs=2, call_flags=8) at duk_js_executor.c:2655
#10 0x56563f02 in duk__js_execute_bytecode_inner (entry_thread=0xf7fad418, entry_act=0xf7fa4094) at duk_js_executor.c:4729
#11 0x56561670 in duk_js_execute_bytecode.lto_priv.283 (exec_thr=0xf7fad418) at duk_js_executor.c:2917
#12 0x56574143 in duk__handle_call_raw (thr=0xf7fad418, idx_func=3, call_flags=0) at duk_js_call.c:2203
#13 0x565748e3 in duk_handle_call_unprotected.lto_priv.254 (thr=0xf7fad418, idx_func=3, call_flags=0) at duk_js_call.c:2385
#14 0x565ca3fd in duk_call_method (thr=0xf7fad418, nargs=0) at duk_api_call.c:152
#15 0x5655a458 in wrapped_compile_execute (ctx=0xf7fad418, udata=0x0) at examples/cmdline/duk_cmdline.c:301
#16 0x56574bab in duk__handle_safe_call_inner (thr=0xf7fad418, func=0x5655a1db <wrapped_compile_execute>, udata=0x0, entry_valstack_bottom_byteoff=0, entry_callstack_top=0, entry_curr_thread=0x0, 
    entry_thread_state=1 '\001', idx_retbase=0, num_stack_rets=1) at duk_js_call.c:2438
#17 0x565756a4 in duk_handle_safe_call.lto_priv.479 (thr=0xf7fad418, func=0x5655a1db <wrapped_compile_execute>, udata=0x0, num_stack_args=4, num_stack_rets=1) at duk_js_call.c:2683
#18 0x565cb3af in duk_safe_call (thr=0xf7fad418, func=0x5655a1db <wrapped_compile_execute>, udata=0x0, nargs=4, nrets=1) at duk_api_call.c:320
#19 0x5655a657 in handle_fh (ctx=0xf7fad418, f=0x566bd160, filename=0xffffd396 "test.js", bytecode_filename=0x0) at examples/cmdline/duk_cmdline.c:632
#20 0x5655a831 in handle_file (ctx=0xf7fad418, filename=0xffffd396 "test.js", bytecode_filename=0x0) at examples/cmdline/duk_cmdline.c:691
#21 0x5655b3df in main (argc=2, argv=0xffffd1e4) at examples/cmdline/duk_cmdline.c:1465

^{Found by Fuzzinator with grammarinator.}