Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stack-overflow in vm_loop.lto_priv.304 of vm.c #4901

Closed
hope-fly opened this issue Dec 13, 2021 · 0 comments · Fixed by #4945
Closed

Stack-overflow in vm_loop.lto_priv.304 of vm.c #4901

hope-fly opened this issue Dec 13, 2021 · 0 comments · Fixed by #4945
Assignees
Labels
stack-overflow Stack overflow caused by potential recursive call

Comments

@hope-fly
Copy link

hope-fly commented Dec 13, 2021

JerryScript revision

Commit: 42523bd6

Version: v3.0.0

Build platform

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps
python  ./tools/build.py --clean --debug --compile-flag=-fsanitize=address --compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer --compile-flag=-fno-common --compile-flag=-g --strip=off --system-allocator=on --logging=on --linker-flag=-fuse-ld=gold --error-messages=on --line-info=on --stack-limit=10
Test case
function JSEtest() {
  new JSEtest();
}

try {
  JSEtest();
} catch (e) {
  print(e);
}

Execution steps & Output
$ ./jerryscript/build/bin/jerry poc.js

ASAN:DEADLYSIGNAL
=================================================================
==78723==ERROR: AddressSanitizer: stack-overflow on address 0xff0d8f90 (pc 0x566a456c bp 0xff0d95d8 sp 0xff0d8f90 T0)
    #0 0x566a456b in vm_loop.lto_priv.304 /root/jerryscript/jerry-core/vm/vm.c:975
    #1 0x56929645 in vm_execute /root/jerryscript/jerry-core/vm/vm.c:5260
    #2 0x5692e592 in vm_run /root/jerryscript/jerry-core/vm/vm.c:5363
    #3 0x5674524e in ecma_op_function_call_simple.lto_priv.397 /root/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1203
    #4 0x567e8c9c in ecma_op_function_construct_simple /root/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1533
    #5 0x567e8c9c in ecma_op_function_construct /root/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1769
    #6 0x5692995a in opfunc_construct.isra.2 /root/jerryscript/jerry-core/vm/vm.c:844
    #7 0x5692995a in vm_execute /root/jerryscript/jerry-core/vm/vm.c:5287
    #......
    
    #......
    #368 0x5692e592 in vm_run /root/jerryscript/jerry-core/vm/vm.c:5363
    #369 0x5674524e in ecma_op_function_call_simple.lto_priv.397 /root/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1203
    #370 0x567e8c9c in ecma_op_function_construct_simple /root/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1533
    #371 0x567e8c9c in ecma_op_function_construct /root/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1769
    #372 0x5692995a in opfunc_construct.isra.2 /root/jerryscript/jerry-core/vm/vm.c:844
    #373 0x5692995a in vm_execute /root/jerryscript/jerry-core/vm/vm.c:5287

SUMMARY: AddressSanitizer: stack-overflow /root/jerryscript/jerry-core/vm/vm.c:975 in vm_loop.lto_priv.304
==78723==ABORTING

Credits: Found by OWL337 team.

mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Dec 22, 2021
This patch fixes jerryscript-project#4901

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Dec 22, 2021
This patch fixes jerryscript-project#4901

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
@rerobika rerobika added the stack-overflow Stack overflow caused by potential recursive call label Jan 4, 2022
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 4, 2022
… objects

This patch fixes jerryscript-project#4901

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 4, 2022
… objects

This patch fixes jerryscript-project#4901

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
dbatyai pushed a commit that referenced this issue Jan 10, 2022
… objects (#4945)

This patch fixes #4901

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
stack-overflow Stack overflow caused by potential recursive call
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants