Closed
Description
Brief summary
Hello, I was testing my fuzzer and found an echaustion bug in mujs. A stack exhaustion in function compile will be triggered when parsing a crafted js file, when running ./mujs $POC, as shown in the attachment
Compiling the program
I compile mujs's latest commit db110ea in ubuntu 22 (docker image) with clang version 12.0.1.
With command CC=clang make build=sanitize
In my test environment this bug cannot be reproduced if compiled via gcc so it's recommended to compile with clang-12
ASan output
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2685261==ERROR: AddressSanitizer: stack-overflow on address 0x7fff23e67f98 (pc 0x0000005424b3 bp 0x7fff23e683b0 sp 0x7fff23e67fa0 T0)
#0 0x5424b3 in compile /benchmark/mujs/./regexp.c:674:11
#1 0x5424f9 in compile /benchmark/mujs/./regexp.c:675:3
#2 0x5424f9 in compile /benchmark/mujs/./regexp.c:675:3
#3 0x5424f9 in compile /benchmark/mujs/./regexp.c:675:3
#4 0x5424f9 in compile /benchmark/mujs/./regexp.c:675:3
#5 0x5424f9 in compile /benchmark/mujs/./regexp.c:675:3
#6 0x5424f9 in compile /benchmark/mujs/./regexp.c:675:3
#7 0x5424f9 in compile /benchmark/mujs/./regexp.c:675:3
...
#248 0x5424f9 in compile /benchmark/mujs/./regexp.c:675:3
SUMMARY: AddressSanitizer: stack-overflow /benchmark/mujs/./regexp.c:674:11 in compile
==2685261==ABORTING
POC
Credit
Han Zheng
NCNIPC of China
Hexhive
Metadata
Assignees
Labels
No labels