Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stack Exhaustion (ecma_proxy_object_get, ecma_proxy_object_set) #3785

Closed
nszetei opened this issue May 23, 2020 · 3 comments · Fixed by #3796
Closed

Stack Exhaustion (ecma_proxy_object_get, ecma_proxy_object_set) #3785

nszetei opened this issue May 23, 2020 · 3 comments · Fixed by #3796
Assignees
@dbatyai
Labels
bug Undesired behaviour

Comments

@nszetei
Copy link

nszetei commented May 23, 2020

JerryScript revision

6cd309b

Build platform

Ubuntu 20.04 LTS (Linux 5.4.0-31-generic x86_64)

Build steps
python tools/build.py --profile=es2015-subset --lto=off --compile-flag=-g \
--error-messages=on --debug --compile-flag=-g --strip=off --logging=on \
 --compile-flag=-fsanitize=address
Test cases
var v2 = {};
var v4 = new Proxy(Uint8Array,v2);
v4.__proto__ = v4;
v4[1] = 2;

var v1 = {};
var v3 = new Proxy(parseFloat,v1);
v3.__proto__ = v3;
var v6 = "aa".constructor;
var v7 = parseFloat & v6;
@akosthekiss
Copy link
Member

Could you please try whether you get SO even if you set a limit for the stack? (Note: You can use --stack-limit option when building the engine to limit the maximum amount of stack that the engine can use.)

@nszetei
Copy link
Author

nszetei commented May 23, 2020

Could you please try whether you get SO even if you set a limit for the stack? (Note: You can use --stack-limit option when building the engine to limit the maximum amount of stack that the engine can use.)

Yes. Unlike #3783 here I got SO in both cases (e.g. with --stack-limit=10).

@nszetei
Copy link
Author

nszetei commented May 23, 2020

Just to have it grouped together, a PoC for ecma_proxy_object_has:

function main() {
var v1 = [13.37,13.37,13.37,13.37];
var v4 = {isExtensible:Infinity};
var v6 = new Proxy(WeakMap,v4);
v6.__proto__ = v1;
v1.__proto__ = v6;
with (v1) {
    valueOf = 0;
}
}
main();

@dbatyai dbatyai self-assigned this May 25, 2020
@dbatyai dbatyai added the bug Undesired behaviour label May 25, 2020
dbatyai added a commit to dbatyai/jerryscript that referenced this issue May 25, 2020
@dbatyai
Add stack limit check to proxy operations
012b81c 
Fixes jerryscript-project#3785.

JerryScript-DCO-1.0-Signed-off-by: Dániel Bátyai dbatyai@inf.u-szeged.hu
@dbatyai dbatyai mentioned this issue May 25, 2020
Merged
dbatyai added a commit to dbatyai/jerryscript that referenced this issue May 25, 2020
@dbatyai
Add stack limit check to proxy operations
e2e4818 
Fixes jerryscript-project#3785.

JerryScript-DCO-1.0-Signed-off-by: Dániel Bátyai dbatyai@inf.u-szeged.hu
dbatyai added a commit to dbatyai/jerryscript that referenced this issue May 25, 2020
@dbatyai
Add stack limit check to proxy operations
a096da7 
Fixes jerryscript-project#3785.

JerryScript-DCO-1.0-Signed-off-by: Dániel Bátyai dbatyai@inf.u-szeged.hu
zherczeg pushed a commit that referenced this issue May 26, 2020
@dbatyai
Add stack limit check to proxy operations (#3796)
15629e8 
Fixes #3785.

JerryScript-DCO-1.0-Signed-off-by: Dániel Bátyai dbatyai@inf.u-szeged.hu
@ossy-szeged ossy-szeged mentioned this issue Jan 25, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dbatyai dbatyai

Labels
bug Undesired behaviour
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add stack limit check to proxy operations dbatyai/jerryscript
3 participants
@akosthekiss @dbatyai @nszetei