New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unfreed float causing memory leak in ecma-regexp-object #4781
Comments
ossy-szeged
added a commit
to ossy-szeged/jerryscript
that referenced
this issue
Oct 1, 2021
Fixes jerryscript-project#4781. This is a followup fix after jerryscript-project#4166. JerryScript-DCO-1.0-Signed-off-by: Csaba Osztrogonác csaba.osztrogonac@h-lab.eu
ossy-szeged
added a commit
to ossy-szeged/jerryscript
that referenced
this issue
Oct 1, 2021
Fixes jerryscript-project#4781. This is a followup fix after jerryscript-project#4166. JerryScript-DCO-1.0-Signed-off-by: Csaba Osztrogonác csaba.osztrogonac@h-lab.eu
ossy-szeged
added a commit
to ossy-szeged/jerryscript
that referenced
this issue
Oct 1, 2021
Fixes jerryscript-project#4781. This is a followup fix after jerryscript-project#4166. JerryScript-DCO-1.0-Signed-off-by: Csaba Osztrogonác csaba.osztrogonac@h-lab.eu
zherczeg
pushed a commit
that referenced
this issue
Oct 1, 2021
|
Hi there, we want to apply for a CVE number, could you please help us? |
|
@Symatrix6 We are not a CNA. Please, consult https://cve.mitre.org/cve/request_id.html |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
JerryScript revision
14ff5bf
Build platform
Ubuntu 20.04.3 LTS (Linux 5.11.0-34-generic x86_64)
Build steps
Test case
Output
ICE: Assertion 'JERRY_CONTEXT (jmem_heap_allocated_size) == 0' failed at /jerryscript/jerry-core/jmem/jmem-heap.c(jmem_heap_finalize):107. Error: ERR_FAILED_INTERNAL_ASSERTION Aborted (core dumped)Backtrace
Expected behavior
According to our analysis, the root cause of this assertion failed is at /jerryscript/jerry-core/ecma/ecma-regexp-object.c:3497. While getting next_set_status, function ecma-op-object-put() called function ecma_make_length_value(index), which alloc a 8-bit chunk memory use as a float number if index is larger than 0x7ffffff. This chunk is not freed, causing assertion failed. To repair, ecma_make_length_value(index) should be replaced by last_index created by ecma-regexp-object.c:3496.
The text was updated successfully, but these errors were encountered: