Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

segmentation fault in jerryscript #5051

Open
zhunki opened this issue Mar 14, 2023 · 2 comments
Open

segmentation fault in jerryscript #5051

zhunki opened this issue Mar 14, 2023 · 2 comments

Comments

@zhunki
Copy link

zhunki commented Mar 14, 2023

the following js cause a segmentation fault in jerryscript.

function test(){
	function f(){
		var f = test();
	   	h = f(); 
	}
	return f;
}
let a = test();
c = a();
@marckwei
Copy link

marckwei commented Apr 6, 2023

JerryScript revision

1a2c047

Build platform

Name the build platform. E.g., copy the output of
Ubuntu Lunar Lobster (development branch) (Linux 5.15.0-67-generic x86_64)

Build steps
python3 tools/build.py --builddir=asan --compile-flag=-fno-omit-frame-pointer --compile-flag=-fsanitize=address  --compile-flag=-fno-optimize-sibling-calls --compile-flag=-g --strip=OFF
Test case
function test(){
	function f(){
		var f = test();
	   	h = f(); 
	}
	return f;
}
let a = test();
c = a();
Execution steps
./build/bin/jerry  test.js
Output

segmentfault

Backtrace
==51718==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd01b29ff8 (pc 0x5596f1c550b6 bp 0x7ffd01b2a3e0 sp 0x7ffd01b29fe0 T0)
    #0 0x5596f1c550b6 in vm_loop /home/zxw/jerryscript/jerry-core/vm/vm.c:970
    #1 0x5596f1c676fd in vm_execute /home/zxw/jerryscript/jerry-core/vm/vm.c:5211
    #2 0x5596f1c55050 in vm_run /home/zxw/jerryscript/jerry-core/vm/vm.c:5312
    #3 0x5596f1c1aafc in ecma_op_function_call_simple /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1176
...
...
...
    #368 0x5596f1c55050 in vm_run /home/zxw/jerryscript/jerry-core/vm/vm.c:5312
    #369 0x5596f1c1aafc in ecma_op_function_call_simple /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1176
    #370 0x5596f1c1d62d in ecma_op_function_call /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1406

SUMMARY: AddressSanitizer: stack-overflow /home/zxw/jerryscript/jerry-core/vm/vm.c:970 in vm_loop
==51718==ABORTING

@carnil
Copy link

carnil commented Apr 26, 2023

CVE-2023-30414 was assigned for this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants