Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stack-overflow in ecma_lcache_lookup (ecma-lcache.c) #4890

Closed
hope-fly opened this issue Dec 9, 2021 · 0 comments · Fixed by #4899
Closed

Stack-overflow in ecma_lcache_lookup (ecma-lcache.c) #4890

hope-fly opened this issue Dec 9, 2021 · 0 comments · Fixed by #4899
Assignees
Labels
stack-overflow Stack overflow caused by potential recursive call

Comments

@hope-fly
Copy link

hope-fly commented Dec 9, 2021

JerryScript revision

Commit: 51da1551

Version: v3.0.0

Build platform

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps
./tools/build.py --clean --debug --compile-flag=-fsanitize=address --compile-flag=-m32 --lto=off --logging=on --line-info=on --error-message=on --system-allocator=on --profile=es2015-subset --stack-limit=20
Test case
let array = new Array(1);
array.splice(1, 0, array);
array.flat(Infinity);

Execution steps & Output
$ ./jerryscript/build/bin/jerry poc.js

ASAN:DEADLYSIGNAL
=================================================================
==26613==ERROR: AddressSanitizer: stack-overflow on address 0xff535ffc (pc 0x5661347c bp 0xff536090 sp 0xff536000 T0)
    #0 0x5661347b in ecma_lcache_lookup /root/jerryscript/jerry-core/ecma/base/ecma-lcache.c:144
    #1 0x569cde1f  (/root/jerryscript/build/bin/jerry+0x477e1f)

SUMMARY: AddressSanitizer: stack-overflow /root/jerryscript/jerry-core/ecma/base/ecma-lcache.c:144 in ecma_lcache_lookup
==26613==ABORTING

Credits: Found by OWL337 team.

@rerobika rerobika self-assigned this Dec 9, 2021
@rerobika rerobika added the stack-overflow Stack overflow caused by potential recursive call label Dec 9, 2021
rerobika pushed a commit to rerobika/jerryscript that referenced this issue Dec 9, 2021
This patch fixes jerryscript-project#4890

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
ossy-szeged pushed a commit that referenced this issue Dec 15, 2021
This patch fixes #4890

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
stack-overflow Stack overflow caused by potential recursive call
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants