Closed
Description
We found with our fuzzer a stackoverflow when the input file contains many parentheses.
ASAN:DEADLYSIGNAL
=================================================================
==28915==ERROR: AddressSanitizer: stack-overflow on address 0x7fffad975fb0 (pc 0x55fb67713a27 bp 0x7fffad976050 sp 0x7fffad975f30 T0)
#0 0x55fb67713a26 in jspeFactor src/jsparse.c:1569
#1 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#2 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#3 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#4 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#5 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#6 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#7 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#8 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#9 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#10 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#11 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#12 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#13 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#14 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#15 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#16 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#17 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#18 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#19 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#20 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#21 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#22 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#23 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#24 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#25 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#26 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#27 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#28 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#29 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#30 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#31 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#32 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#33 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#34 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#35 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#36 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#37 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#38 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#39 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#40 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#41 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#42 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#43 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#44 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#45 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#46 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#47 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#48 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#49 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#50 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#51 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#52 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#53 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#54 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#55 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#56 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#57 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#58 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#59 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#60 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#61 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#62 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#63 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#64 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#65 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#66 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#67 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#68 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#69 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#70 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#71 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#72 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#73 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#74 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#75 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#76 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#77 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#78 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#79 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#80 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#81 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#82 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#83 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#84 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#85 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#86 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#87 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#88 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#89 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#90 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#91 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#92 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#93 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#94 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#95 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#96 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#97 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#98 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#99 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#100 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#101 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#102 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#103 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#104 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#105 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#106 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#107 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#108 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#109 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#110 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#111 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#112 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#113 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#114 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#115 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#116 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#117 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#118 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#119 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#120 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#121 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#122 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#123 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#124 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#125 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#126 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#127 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#128 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#129 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#130 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#131 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#132 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#133 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#134 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#135 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#136 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#137 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#138 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#139 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#140 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#141 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#142 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#143 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#144 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#145 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#146 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#147 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#148 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#149 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#150 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#151 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#152 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#153 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#154 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#155 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#156 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#157 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#158 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#159 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#160 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#161 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#162 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#163 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#164 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#165 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#166 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#167 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#168 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#169 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#170 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#171 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#172 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#173 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#174 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#175 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#176 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#177 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#178 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#179 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#180 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#181 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#182 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#183 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#184 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#185 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#186 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#187 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#188 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#189 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#190 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#191 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#192 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#193 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#194 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#195 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#196 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#197 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#198 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#199 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#200 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#201 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#202 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#203 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#204 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#205 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#206 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#207 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#208 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#209 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#210 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#211 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#212 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#213 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#214 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#215 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#216 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#217 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#218 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#219 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#220 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#221 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#222 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#223 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#224 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#225 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#226 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#227 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#228 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#229 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#230 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#231 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#232 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#233 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#234 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#235 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#236 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#237 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#238 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#239 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#240 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#241 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#242 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
#243 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
#244 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
#245 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
#246 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
#247 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
#248 0x55fb6771407e in jspeFactor src/jsparse.c:1606
#249 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
#250 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
SUMMARY: AddressSanitizer: stack-overflow src/jsparse.c:1569 in jspeFactor
==28915==ABORTING
sample input file:
so_0.txt
Metadata
Metadata
Assignees
Labels
No labels