Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jerry crashed while running the following code. #5052

Open
marckwei opened this issue Mar 15, 2023 · 1 comment
Open

jerry crashed while running the following code. #5052

marckwei opened this issue Mar 15, 2023 · 1 comment

Comments

@marckwei
Copy link

marckwei commented Mar 15, 2023
edited
Loading

JerryScript revision

1a2c047

Build platform

Name the build platform. E.g., copy the output of
Ubuntu Lunar Lobster (development branch) (Linux 5.15.0-67-generic x86_64)

Build steps
python3 tools/build.py --builddir=asan --compile-flag=-fno-omit-frame-pointer --compile-flag=-fsanitize=address  --compile-flag=-fno-optimize-sibling-calls --compile-flag=-g --strip=OFF
Test case
function f0(a1, a2, ...a3) {
class C4 extends a1 {
}
var v5 = new C4(C4);
return C4;
}
f0(f0);
Execution steps
./build/bin/jerry  test.js
Output

segmentfault

Backtrace

==51694==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe6695efc0 (pc 0x5556250c8272 bp 0x7ffe6695f070 sp 0x7ffe6695efb0 T0)
#0 0x5556250c8272 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1704
#1 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631
#2 0x5556250c8958 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727
#3 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631
...
...
#491 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631
#492 0x5556250c8958 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727
#493 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631
#494 0x5556250c8958 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727
#495 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631
#496 0x5556250c8958 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727

SUMMARY: AddressSanitizer: stack-overflow /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1704 in ecma_op_function_construct
==51694==ABORTING
@carnil
Copy link

carnil commented Apr 26, 2023

CVE-2023-30410 appears to have been assigned for this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@carnil @marckwei