We found with our fuzzer on Linux 64bit an invalid read error on a null pointer in jsiConsolePrintString src/jsinteractive.c:224. It seems that it results from a failed sanity check on array buffer.
Address sanitizer output:
ASAN:DEADLYSIGNAL
=================================================================
==29932==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55653e7383a5 bp 0x7ffd782de7f0 sp 0x7ffd782de7e0 T0)
==29932==The signal is caused by a READ memory access.
==29932==Hint: address points to the zero page.
#0 0x55653e7383a4 in jsiConsolePrintString src/jsinteractive.c:224
#1 0x55653e7217fc in vcbprintf src/jsutils.c:739
#2 0x55653e7384d0 in jsiConsolePrintf src/jsinteractive.c:248
#3 0x55653e715f87 in _jsvTrace src/jsvar.c:3317
#4 0x55653e7161ee in _jsvTrace src/jsvar.c:3344
#5 0x55653e71629e in _jsvTrace src/jsvar.c:3354
#6 0x55653e7161ee in _jsvTrace src/jsvar.c:3344
#7 0x55653e71629e in _jsvTrace src/jsvar.c:3354
#8 0x55653e71640a in jsvTrace src/jsvar.c:3369
#9 0x55653e71fdb6 in jsAssertFail src/jsutils.c:362
#10 0x55653e71b8e5 in jsvArrayBufferIteratorDataToInt src/jsvariterator.c:352
#11 0x55653e71c0c0 in jsvArrayBufferIteratorGetIntegerValue src/jsvariterator.c:397
#12 0x55653e75df42 in lcdSetPixels_ArrayBuffer libs/graphics/lcd_arraybuffer.c:81
#13 0x55653e75e3b8 in lcdFillRect_ArrayBuffer libs/graphics/lcd_arraybuffer.c:108
#14 0x55653e759f7a in graphicsFillRectDevice libs/graphics/graphics.c:202
#15 0x55653e75a09e in graphicsFillRect libs/graphics/graphics.c:220
#16 0x55653e8117ed in jswrap_graphics_fillRect libs/graphics/jswrap_graphics.c:312
#17 0x55653e72436f in jsnCallFunction src/jsnative.c:231
#18 0x55653e727a3d in jspeFunctionCall src/jsparse.c:624
#19 0x55653e72a27e in jspeFactorFunctionCall src/jsparse.c:1224
#20 0x55653e72e2e3 in jspePostfixExpression src/jsparse.c:1765
#21 0x55653e72e63a in jspeUnaryExpression src/jsparse.c:1791
#22 0x55653e72e91e in __jspeBinaryExpression src/jsparse.c:1856
#23 0x55653e72eceb in jspeBinaryExpression src/jsparse.c:1919
#24 0x55653e72ef39 in jspeConditionalExpression src/jsparse.c:1955
#25 0x55653e72f675 in jspeAssignmentExpression src/jsparse.c:2020
#26 0x55653e72f696 in jspeExpression src/jsparse.c:2026
#27 0x55653e733ac3 in jspeStatement src/jsparse.c:2675
#28 0x55653e72fc15 in jspeBlockOrStatement src/jsparse.c:2079
#29 0x55653e72fd1f in jspParse src/jsparse.c:2091
#30 0x55653e734f8f in jspEvaluateVar src/jsparse.c:2901
#31 0x55653e7352ea in jspEvaluate src/jsparse.c:2933
#32 0x55653e7dc7e5 in main targets/linux/main.c:330
#33 0x7f2f421a5b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#34 0x55653e6f7f69 in _start (/home/hongxu/tests/Espruino-asan/espruino+0x35f69)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV src/jsinteractive.c:224 in jsiConsolePrintString
==29932==ABORTING
We found with our fuzzer on Linux 64bit an invalid read error on a null pointer in jsiConsolePrintString src/jsinteractive.c:224. It seems that it results from a failed sanity check on array buffer.
Address sanitizer output:
crash input files:
test.txt
test2.txt
The text was updated successfully, but these errors were encountered: