Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stack over flow error on a contrived invalid input #1434

Closed
hongxuchen opened this issue May 21, 2018 · 2 comments
Closed

Stack over flow error on a contrived invalid input #1434

hongxuchen opened this issue May 21, 2018 · 2 comments

Comments

@hongxuchen
Copy link

We found another stack overflow error on 16f3d99 that is different from #1427. The input file is rather contrived (due to fuzzing) but it can be triggered without address sanitizer.

sample input file:
input.txt

gdb backtrace:

Thread 1 "espruino" received signal SIGSEGV, Segmentation fault.
0x0000555555576f41 in jspeFactor () at src/jsparse.c:1719
1719	    JSP_ASSERT_MATCH(LEX_R_VOID);
#0  0x0000555555576f41 in jspeFactor () at src/jsparse.c:1719
#1  0x00005555555750e4 in jspeFactorFunctionCall () at src/jsparse.c:1200
#2  0x00005555555771cb in jspePostfixExpression () at src/jsparse.c:1765
#3  0x0000555555577382 in jspeUnaryExpression () at src/jsparse.c:1791
#4  0x0000555555576f50 in jspeFactor () at src/jsparse.c:1720
#5  0x00005555555750e4 in jspeFactorFunctionCall () at src/jsparse.c:1200
#6  0x00005555555771cb in jspePostfixExpression () at src/jsparse.c:1765
#7  0x0000555555577382 in jspeUnaryExpression () at src/jsparse.c:1791
#8  0x0000555555576f50 in jspeFactor () at src/jsparse.c:1720
#9  0x00005555555750e4 in jspeFactorFunctionCall () at src/jsparse.c:1200
#10 0x00005555555771cb in jspePostfixExpression () at src/jsparse.c:1765
#11 0x0000555555577382 in jspeUnaryExpression () at src/jsparse.c:1791
#12 0x0000555555576f50 in jspeFactor () at src/jsparse.c:1720
#13 0x00005555555750e4 in jspeFactorFunctionCall () at src/jsparse.c:1200
#14 0x00005555555771cb in jspePostfixExpression () at src/jsparse.c:1765
#15 0x0000555555577382 in jspeUnaryExpression () at src/jsparse.c:1791
#16 0x0000555555576f50 in jspeFactor () at src/jsparse.c:1720
...
#95144 0x0000555555576f50 in jspeFactor () at src/jsparse.c:1720
#95145 0x00005555555750e4 in jspeFactorFunctionCall () at src/jsparse.c:1200
#95146 0x00005555555771cb in jspePostfixExpression () at src/jsparse.c:1765
#95147 0x0000555555577382 in jspeUnaryExpression () at src/jsparse.c:1791
#95148 0x00005555555778da in jspeBinaryExpression () at src/jsparse.c:1919
#95149 0x0000555555577aa1 in jspeConditionalExpression () at src/jsparse.c:1955
#95150 0x0000555555577e6d in jspeAssignmentExpression () at src/jsparse.c:2020
#95151 0x0000555555577e8b in jspeExpression () at src/jsparse.c:2026
#95152 0x000055555557a317 in jspeStatement () at src/jsparse.c:2673
#95153 0x00005555555780d6 in jspeBlockOrStatement () at src/jsparse.c:2079
#95154 0x000055555557814c in jspParse () at src/jsparse.c:2091
#95155 0x000055555557ad3d in jspEvaluateVar (str=0x7ffff7fd4170, scope=0x0, lineNumberOffset=0x0) at src/jsparse.c:2899
#95156 0x000055555557af01 in jspEvaluate (str=0x555555812490 "E>-ArrayBuff", 'e' <repeats 63 times>, "n", 'e' <repeats 124 times>..., stringIsStatic=0x0) at src/jsparse.c:2931
#95157 0x00005555555c58da in main (argc=0x2, argv=0x7fffffffb6e8) at targets/linux/main.c:330

gdb backtrace file (full):
gdb.txt

@hongxuchen hongxuchen changed the title Stack overflow error Stack over flow error on a contrived invalid input May 21, 2018
@gfwilliams
Copy link
Member

Thanks - that's one bonus of having #1428 - you're much more likely to be able to hit issues with the fuzzing :)

@hongxuchen
Copy link
Author

Yes, exactly.

@espruino espruino deleted a comment from catch22out Aug 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants