Skip to content

segment fault4 #6647

New issue
New issue
Open
Open
segment fault4#6647
@bird8693

Description

@bird8693
bird8693
opened on Mar 17, 2021

enviroment

ubunut 16

poc

let x = 1;
fdRk = x.toFixed(x);
var PPJi = JSON;
fdRk = !9007199254740991;
this.x;
this.x = 4660;
fdRk = fdRk / x;
for (let i = 0; i < 495; i++) {
    String.prototype.localeCompare.call(x, new Date(0, 0, 0, 0, 0, 0, undefined));
    var EixA = +4;
    var djhd = Proxy;
    var NxQT = JSON;
    this.__defineSetter__('x', () => {
    });
    var EixA = +4;
    x = x / x;
    fdRk = new Uint32Array([
        1200,
        fdRk
    ]);
    x = new RegExp(null);
    var fdRk = JSON.stringify(1518500249);
    fdRk = 2147483649 % -2147483648;
    let a = new Uint8Array(100);
}
n.xyz = 2187875060;
this.x;

output

command line output

Segmentation fault (core dumped)

gef output

   0x555556d22540 <SCCLiveness::ProcessStackSymUse(StackSym*,+0> mov    r13d, eax
   0x555556d22543 <SCCLiveness::ProcessStackSymUse(StackSym*,+0> mov    rax, QWORD PTR [rbx]
   0x555556d22546 <SCCLiveness::ProcessStackSymUse(StackSym*,+0> mov    r15, QWORD PTR [rbx+0x10]
 → 0x555556d2254a <SCCLiveness::ProcessStackSymUse(StackSym*,+0> add    DWORD PTR [r12+0x74], r13d
   0x555556d2254f <SCCLiveness::ProcessStackSymUse(StackSym*,+0> test   r15, r15
   0x555556d22552 <SCCLiveness::ProcessStackSymUse(StackSym*,+0> je     0x555556d22771 <SCCLiveness::ProcessStackSymUse(StackSym*,  IR::Instr*,  int)+913>
   0x555556d22558 <SCCLiveness::ProcessStackSymUse(StackSym*,+0> mov    QWORD PTR [rbp-0x30], rax
   0x555556d2255c <SCCLiveness::ProcessStackSymUse(StackSym*,+0> mov    QWORD PTR [rbp-0x48], rbx
   0x555556d22560 <SCCLiveness::ProcessStackSymUse(StackSym*,+0> mov    rax, QWORD PTR fs:0x0
─────────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "ch", stopped 0x7ffff73d1360 in pthread_cond_wait@@GLIBC_2.3.2 (), reason: SIGSEGV
[#1] Id 2, Name: "ch", stopped 0x7ffff73d1709 in pthread_cond_timedwait@@GLIBC_2.3.2 (), reason: SIGSEGV
[#2] Id 3, Name: "ch", stopped 0x7ffff73d1709 in pthread_cond_timedwait@@GLIBC_2.3.2 (), reason: SIGSEGV
[#3] Id 4, Name: "ch", stopped 0x555556d2254a in SCCLiveness::ProcessStackSymUse (), reason: SIGSEGV
───────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x555556d2254a → SCCLiveness::ProcessStackSymUse(this=0x7ff7f37b3a48, stackSym=<optimized out>, instr=0x7ff700000008, usageSize=<optimized out>)
[#1] 0x555556d20981 → SCCLiveness::ProcessRegUse(this=0x7ff7f37b3a48, regUse=0x7ff7f2ec4158, instr=0x7ff7f2ec4208)
[#2] 0x555556d20981 → SCCLiveness::ProcessSrc(this=0x7ff7f37b3a48, src=0x7ff7f2ec4170, instr=0x7ff7f2ec4208)
[#3] 0x555556d1e176 → SCCLiveness::Build(this=<optimized out>)
[#4] 0x555556c19030 → LinearScan::RegAlloc(this=0x7ff7f37b3d98)
[#5] 0x5555569a461b → Func::TryCodegen(this=0x7ff7f37b46b0)
[!] Command 'context' failed to execute properly, reason: access outside bounds of object referenced via synthetic pointer

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions