Skip to content

Stack-overflow in ecma-objects (ecma_op_object_find_own) #4848

New issue
New issue
Closed
#4877
Closed
Stack-overflow in ecma-objects (ecma_op_object_find_own)#4848
#4877
Labels
bugUndesired behaviourstack-overflowStack overflow caused by potential recursive call
@hope-fly

Description

@hope-fly
hope-fly
opened on Dec 7, 2021
JerryScript revision

4592143

Build platform

Ubuntu 18.04.5 LTS (Linux 4.19.128-microsoft-standard x86_64)
Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps
./tools/build.py --clean --debug --compile-flag=-fsanitize=address --compile-flag=-m32 --lto=off --logging=on --line-info=on --error-message=on --system-allocator=on --profile=es2015-subset --stack-limit=20
Test case
var once = false;
var m = 1;

function JSEtest(){
  if(!once){
    m = new Array(1, 2, 3);
    this[2] = m;
  }
  once = true;
  return this[2] = m;
}

JSON.parse("[1, 2, [4, 5]]", JSEtest);
Execution steps & Output
$ ./jerryscript/build/bin/jerry poc1.js

ASAN:DEADLYSIGNAL
=================================================================
==5376==ERROR: AddressSanitizer: stack-overflow on address 0xff3e5ff0 (pc 0x56722cec bp 0x00000000 sp 0xff3e5ff0 T0)
    #0 0x56722ceb in ecma_op_object_find_own /root/jerryscript/jerry-core/ecma/operations/ecma-objects.c:490
    #1 0x56a4ae1f  (/root/jerryscript/build/bin/jerry+0x46fe1f)

SUMMARY: AddressSanitizer: stack-overflow /root/jerryscript/jerry-core/ecma/operations/ecma-objects.c:490 in ecma_op_object_find_own
==5376==ABORTING

Credits: Found by OWL337 team.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugUndesired behaviourstack-overflowStack overflow caused by potential recursive call

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions