Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEGV src/mjs_ffi.c:456 in ffi_cb_impl_wpwwwww #239

Open
z1r00 opened this issue Mar 6, 2023 · 0 comments
Open

SEGV src/mjs_ffi.c:456 in ffi_cb_impl_wpwwwww #239

z1r00 opened this issue Mar 6, 2023 · 0 comments

Comments

@z1r00
Copy link

z1r00 commented Mar 6, 2023

SEGV src/mjs_ffi.c:456 in ffi_cb_impl_wpwwwww

project address

https://github.com/cesanta/mjs

info

OS:Ubuntu20.04 TLS

Build: $(DOCKER_CLANG) -fsanitize=address $(CFLAGS) $(TOP_MJS_SOURCES) $(TOP_COMMON_SOURCES) -o $(PROG)

Poc

https://github.com/z1r00/fuzz_vuln/blob/main/mjs/SEGV/mjs_ffi/poc4.zip

ASAN Info

./mjs poc4.js

AddressSanitizer:DEADLYSIGNAL
=================================================================
==255247==ERROR: AddressSanitizer: SEGV on unknown address 0x0000004dfe3e (pc 0x0000004dfeb6 bp 0x7fffffffe070 sp 0x7fffffffdbd0 T0)
==255247==The signal is caused by a WRITE memory access.
    #0 0x4dfeb6 in ffi_cb_impl_wpwwwww /home/ubuntu/asan_fuzz_mjs/mjs/src/mjs_ffi.c:456
    #1 0x4d81f1 in mjs_exec_internal /home/ubuntu/asan_fuzz_mjs/mjs/src/mjs_exec.c:1073:5
    #2 0x4d88e3 in mjs_exec_file /home/ubuntu/asan_fuzz_mjs/mjs/src/mjs_exec.c:1096:11
    #3 0x4e8435 in main /home/ubuntu/asan_fuzz_mjs/mjs/src/mjs_main.c:47:11
    #4 0x7ffff7c4f082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x41c42d in _start (/home/ubuntu/asan_fuzz_mjs/mjs/build/mjs+0x41c42d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/ubuntu/asan_fuzz_mjs/mjs/src/mjs_ffi.c:456 in ffi_cb_impl_wpwwwww
==255247==ABORTING
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant