python3 tools/build.py --debug --lto=off --compile-flag=-fsanitize=address --compile-flag=-D_POSIX_C_SOURCE=200809 --compile-flag=-Wno-strict-prototypes

(-4294967297n).constructor.asUintN(9.764008707177638,-4294967296n);

build/bin/jerry crash.js

===================================================================2228073==ERROR: AddressSanitizer: global-buffer-overflow on address 0x560bbb3452c0 at pc 0x560bbb185956 bp 0x7ffd1949a710 sp 0x7ffd1949a700READ of size 4 at 0x560bbb3452c0 thread T0    #0 0x560bbb185955 in ecma_builtin_bigint_object_as_int_n /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-bigint.c:225    #1 0x560bbb1863d2 in ecma_builtin_bigint_dispatch_routine /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-bigint.c:393    #2 0x560bbb0aa7de in ecma_builtin_dispatch_routine /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1460    #3 0x560bbb0aaa12 in ecma_builtin_dispatch_call /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1489    #4 0x560bbb0d07b3 in ecma_op_function_call_native_built_in /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1223    #5 0x560bbb0d15ab in ecma_op_function_call /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1468    #6 0x560bbb0d1445 in ecma_op_function_validated_call /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1428    #7 0x560bbb15664a in opfunc_call /data/newpart/JS_Engines/jerryscript/jerry-core/vm/vm.c:758    #8 0x560bbb174602 in vm_execute /data/newpart/JS_Engines/jerryscript/jerry-core/vm/vm.c:5236    #9 0x560bbb174c3b in vm_run /data/newpart/JS_Engines/jerryscript/jerry-core/vm/vm.c:5331    #10 0x560bbb154920 in vm_run_global /data/newpart/JS_Engines/jerryscript/jerry-core/vm/vm.c:286    #11 0x560bbb05a0e0 in jerry_run /data/newpart/JS_Engines/jerryscript/jerry-core/api/jerryscript.c:549    #12 0x560bbb201f99 in jerryx_source_exec_script /data/newpart/JS_Engines/jerryscript/jerry-ext/util/sources.c:68    #13 0x560bbb055627 in main /data/newpart/JS_Engines/jerryscript/jerry-main/main-desktop.c:156    #14 0x7fa17b5efd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58    #15 0x7fa17b5efe3f in __libc_start_main_impl ../csu/libc-start.c:392    #16 0x560bbb054b24 in _start (/data/newpart/JS_Engines/jerryscript/build/bin/jerry+0x59b24)0x560bbb3452c0 is located 0 bytes to the right of global variable 'jerry_global_heap' defined in '/data/newpart/JS_Engines/jerryscript/jerry-core/jcontext/jcontext.c:142:13' (0x560bbb2c52c0) of size 524288SUMMARY: AddressSanitizer: global-buffer-overflow /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-bigint.c:225 in ecma_builtin_bigint_object_as_int_nShadow bytes around the buggy address:  0x0ac1f7660a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0ac1f7660a10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0ac1f7660a20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0ac1f7660a30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0ac1f7660a40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00=>0x0ac1f7660a50: 00 00 00 00 00 00 00 00[f9]f9 f9 f9 00 00 00 00  0x0ac1f7660a60: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9  0x0ac1f7660a70: f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9 f9 f9 f9 f9  0x0ac1f7660a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0ac1f7660a90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  0x0ac1f7660aa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00Shadow byte legend (one shadow byte represents 8 application bytes):  Addressable:           00  Partially addressable: 01 02 03 04 05 06 07   Heap left redzone:       fa  Freed heap region:       fd  Stack left redzone:      f1  Stack mid redzone:       f2  Stack right redzone:     f3  Stack after return:      f5  Stack use after scope:   f8  Global redzone:          f9  Global init order:       f6  Poisoned by user:        f7  Container overflow:      fc  Array cookie:            ac  Intra object redzone:    bb  ASan internal:           fe  Left alloca redzone:     ca  Right alloca redzone:    cb  Shadow gap:              cc==2228073==ABORTING

    #0 0x5555556de955 in ecma_builtin_bigint_object_as_int_n /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-bigint.c:225    #1 0x5555556df3d2 in ecma_builtin_bigint_dispatch_routine /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-bigint.c:393    #2 0x5555556037de in ecma_builtin_dispatch_routine /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1460    #3 0x555555603a12 in ecma_builtin_dispatch_call /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1489    #4 0x5555556297b3 in ecma_op_function_call_native_built_in /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1223    #5 0x55555562a5ab in ecma_op_function_call /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1468    #6 0x55555562a445 in ecma_op_function_validated_call /data/newpart/JS_Engines/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1428    #7 0x5555556af64a in opfunc_call /data/newpart/JS_Engines/jerryscript/jerry-core/vm/vm.c:758    #8 0x5555556cd602 in vm_execute /data/newpart/JS_Engines/jerryscript/jerry-core/vm/vm.c:5236    #9 0x5555556cdc3b in vm_run /data/newpart/JS_Engines/jerryscript/jerry-core/vm/vm.c:5331    #10 0x5555556ad920 in vm_run_global /data/newpart/JS_Engines/jerryscript/jerry-core/vm/vm.c:286    #11 0x5555555b30e0 in jerry_run /data/newpart/JS_Engines/jerryscript/jerry-core/api/jerryscript.c:549    #12 0x55555575af99 in jerryx_source_exec_script /data/newpart/JS_Engines/jerryscript/jerry-ext/util/sources.c:68    #13 0x5555555ae627 in main /data/newpart/JS_Engines/jerryscript/jerry-main/main-desktop.c:156    #14 0x7ffff72d9d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58    #15 0x7ffff72d9e3f in __libc_start_main_impl ../csu/libc-start.c:392    #16 0x5555555adb24 in _start (/data/newpart/JS_Engines/jerryscript/build/bin/jerry+0x59b24)