Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stack-overflow in ecma-objects (ecma_op_object_find_own) #4848

Closed
hope-fly opened this issue Dec 7, 2021 · 1 comment · Fixed by #4877
Closed

Stack-overflow in ecma-objects (ecma_op_object_find_own) #4848

hope-fly opened this issue Dec 7, 2021 · 1 comment · Fixed by #4877
Labels
bug Undesired behaviour stack-overflow Stack overflow caused by potential recursive call

Comments

@hope-fly
Copy link

hope-fly commented Dec 7, 2021

JerryScript revision

4592143

Build platform

Ubuntu 18.04.5 LTS (Linux 4.19.128-microsoft-standard x86_64)
Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps
./tools/build.py --clean --debug --compile-flag=-fsanitize=address --compile-flag=-m32 --lto=off --logging=on --line-info=on --error-message=on --system-allocator=on --profile=es2015-subset --stack-limit=20
Test case
var once = false;
var m = 1;

function JSEtest(){
  if(!once){
    m = new Array(1, 2, 3);
    this[2] = m;
  }
  once = true;
  return this[2] = m;
}

JSON.parse("[1, 2, [4, 5]]", JSEtest);
Execution steps & Output
$ ./jerryscript/build/bin/jerry poc1.js

ASAN:DEADLYSIGNAL
=================================================================
==5376==ERROR: AddressSanitizer: stack-overflow on address 0xff3e5ff0 (pc 0x56722cec bp 0x00000000 sp 0xff3e5ff0 T0)
    #0 0x56722ceb in ecma_op_object_find_own /root/jerryscript/jerry-core/ecma/operations/ecma-objects.c:490
    #1 0x56a4ae1f  (/root/jerryscript/build/bin/jerry+0x46fe1f)

SUMMARY: AddressSanitizer: stack-overflow /root/jerryscript/jerry-core/ecma/operations/ecma-objects.c:490 in ecma_op_object_find_own
==5376==ABORTING

Credits: Found by OWL337 team.

rerobika pushed a commit to rerobika/jerryscript that referenced this issue Dec 7, 2021
This patch fixes jerryscript-project#4848.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
@rerobika rerobika added bug Undesired behaviour stack-overflow Stack overflow caused by potential recursive call labels Dec 8, 2021
@rerobika
Copy link
Member

rerobika commented Dec 8, 2021

Thanks for the report, that's a real stack-overflow issue.

rerobika pushed a commit to rerobika/jerryscript that referenced this issue Dec 9, 2021
This patch fixes jerryscript-project#4848.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
rerobika pushed a commit to rerobika/jerryscript that referenced this issue Dec 9, 2021
This patch fixes jerryscript-project#4848.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
rerobika pushed a commit to rerobika/jerryscript that referenced this issue Dec 15, 2021
This patch fixes jerryscript-project#4848.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
ossy-szeged pushed a commit that referenced this issue Dec 15, 2021
This patch fixes #4848.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Undesired behaviour stack-overflow Stack overflow caused by potential recursive call
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants