SEGV in /njs/src/njs_flathsh.c:339:30 in njs_flathsh_find

[James-yaoshenglong]

Describe the bug

SEGV in /njs/src/njs_flathsh.c:339:30 in njs_flathsh_find

To reproduce

Steps to reproduce the behavior:

1. Build

CFLAGS="-fsanitize=address" CXXFLAGS="-fsanitize=address" ./configure

2. Run

njs poc.js

• JS script

for ( var item in 0 + '                             ' ) console . constructor ( async ( a ) => { for ( String [ i ] in a ) { for ( var i = 0 ; .2 ** i ** 6 ; a ++ ) { var a = this . constructor ( ! a . map ( async ( arg1 , ... i ) => { if ( this . a === 2 + 1_2_3 || ! a . map ( async ( arg1 , ... arg2 ) => { for ( var a = Error `
                           multi
  ${ ( this . a === ( ( await a || b ) / 2 ) / 2 ) / 2 && b | c && i || j && i || j || j == b && key in something }

  hello
  ${ 1 + 1 , x < y }
  line ` , y = { async async ( ) { } } , b = 1 ; ( foo - bar ) / baz ; i ++ ) { c ; d ; } } ) . done ) { if ( foo - bar ) { c ; d ; } else { e ; } } else if ( a ) b ; } ) . done << ~ a || ! console . constructor ( "
                             HI " ) . done ) } } } ) `                                  \ ` ;

Expected behavior

Address Sanitizer Output

AddressSanitizer:DEADLYSIGNAL
=================================================================
==2348110==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000103 (pc 0x55f420af6d9b bp 0x0fffd54ad0f4 sp 0x7ffeaa568610 T0)
==2348110==The signal is caused by a READ memory access.
==2348110==Hint: address points to the zero page.
    #0 0x55f420af6d9b in njs_flathsh_find /home/user/repo/njs/src/njs_flathsh.c:339:30
    #1 0x55f420a5601e in njs_object_property /home/user/repo/njs/src/njs_object_prop.c:103:15
    #2 0x55f420945753 in njs_value_to_primitive /home/user/repo/njs/src/njs_value.c:104:19
    #3 0x55f42097427b in njs_value_to_number /home/user/repo/njs/src/njs_value_conversion.h:18:15
    #4 0x55f42097427b in njs_value_to_numeric /home/user/repo/njs/src/njs_value_conversion.h:54:11
    #5 0x55f42097427b in njs_vmcode_interpreter /home/user/repo/njs/src/njs_vmcode.c:747:9
    #6 0x55f420a8718e in njs_function_lambda_call /home/user/repo/njs/src/njs_function.c:610:11
    #7 0x55f420aceef7 in njs_async_function_frame_invoke /home/user/repo/njs/src/njs_async.c:28:11
    #8 0x55f420a8616b in njs_function_frame_invoke /home/user/repo/njs/src/njs_function.c:679:16
    #9 0x55f42095e62f in njs_vmcode_interpreter /home/user/repo/njs/src/njs_vmcode.c:1451:15
    #10 0x55f4209535e6 in njs_vm_start /home/user/repo/njs/src/njs_vm.c:695:11
    #11 0x55f420936030 in njs_engine_njs_eval /home/user/repo/njs/external/njs_shell.c:1387:16
    #12 0x55f42093537b in njs_process_script /home/user/repo/njs/external/njs_shell.c:3346:11
    #13 0x55f420933e40 in njs_process_file /home/user/repo/njs/external/njs_shell.c:3318:11
    #14 0x55f420933e40 in njs_main /home/user/repo/njs/external/njs_shell.c:458:15
    #15 0x55f420933e40 in main /home/user/repo/njs/external/njs_shell.c:488:11
    #16 0x7f6a50acbd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #17 0x7f6a50acbe3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #18 0x55f420873194 in _start (/home/user/repo/njs/build/njs+0x78194) (BuildId: 833124444330c2bad9cee115457605f29071edad)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/user/repo/njs/src/njs_flathsh.c:339:30 in njs_flathsh_find

Your environment

• Version of njs or specific commit: Release 0.8.8

Additional context

Add any other context about the problem here.