Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEGV src/jsinteractive.c:100 in jsiGetDeviceFromClass #2122

Closed
hope-fly opened this issue Dec 21, 2021 · 1 comment
Closed

SEGV src/jsinteractive.c:100 in jsiGetDeviceFromClass #2122

hope-fly opened this issue Dec 21, 2021 · 1 comment

Comments

@hope-fly
Copy link

Espruino revision

Commit: 53108085
Version: 2v11.251

Build environment

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps
export CCFLAGS='-g -fsanitize=address -fno-omit-frame-pointer'
make clean && make
Test case
function JSEtest(v, i) {
    if (i === 1) {
        return v === 12;
    }
    return false;
}

var obj = {
    length: 2
};
var h = 11;

Object.defineProperty(obj, "1", {
    get: Serial1.setup,
    set: function (args) {
        h = args;
    },
    configurable: true
});

Object.defineProperty(obj, "0", {
    get: obj[1],
    configurable: true
});

assert(Array.prototype.some.call(obj, JSEtest));
Execution & Output
./Espruino/espruino poc.js

ASAN:DEADLYSIGNAL 
=================================================================
=========ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x564b36989594 bp 0x7ffddbd07060 sp 0x7ffddbd07060 T0)
=========The signal is caused by a READ memory access.
=====Hint: address points to the zero page.
#0 0x564b36989593 in jsiGetDeviceFromClass src/jsinteractive.c:100
#1 0x564b36e1e10c in jswrap_serial_setup src/jswrap_serial.c:283
#2 0x564b36948eee in jsnCallFunction src/jsnative.c:223
#3 0x564b3695a983 in jspeFunctionCall src/jsparse.c:609
#4 0x564b36981d1e in jspExecuteFunction src/jsparse.c:3044
#5 0x564b3687d2ce in jsvExecuteGetter src/jsvar.c:1965
#6 0x564b3687ec87 in jsvSkipNameWithParent src/jsvar.c:2199
#7 0x564b3687f34d in jsvSkipName src/jsvar.c:2212
#8 0x564b3687f34d in jsvSkipNameAndUnLock src/jsvar.c:2244
#9 0x564b3697cb58 in jspeFactorObject src/jsparse.c:1261
#10 0x564b36979ed2 in jspeFactor src/jsparse.c:1673
#11 0x564b3695c91f in jspeFactorFunctionCall src/jsparse.c:1160
#12 0x564b3695df38 in jspePostfixExpression src/jsparse.c:1786
#13 0x564b36959436 in jspeBinaryExpression src/jsparse.c:1955
#14 0x564b36959436 in jspeConditionalExpression src/jsparse.c:1991
#15 0x564b36959436 in jspeAssignmentExpression src/jsparse.c:2050
#16 0x564b36959436 in jspeFunctionCall src/jsparse.c:578
#17 0x564b3695cbd2 in jspeFactorFunctionCall src/jsparse.c:1184
#18 0x564b3695df38 in jspePostfixExpression src/jsparse.c:1786
#19 0x564b3696183e in jspeBinaryExpression src/jsparse.c:1955
#20 0x564b3696183e in jspeConditionalExpression src/jsparse.c:1991
#21 0x564b3696183e in jspeAssignmentExpression src/jsparse.c:2050
#22 0x564b3696183e in jspeExpression src/jsparse.c:2056
#23 0x564b3696f6d4 in jspeBlockOrStatement src/jsparse.c:2124
#24 0x564b36971a1e in jspParse src/jsparse.c:2136
#25 0x564b369803ea in jspEvaluateVar src/jsparse.c:2996
#26 0x564b369803ea in jspEvaluate src/jsparse.c:3026
#27 0x564b36790025 in main targets/linux/main.c:460
#28 0x7f5e1f196bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
#29 0x564b36793bc9 in _start (/root/Espruino/espruino+0x4ebc9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV src/jsinteractive.c:100 in jsiGetDeviceFromClass
@gfwilliams
Copy link
Member

Thanks - just fixed. This was due to some built-in functions being called with 'undefined' as this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gfwilliams @hope-fly