You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ ./jerryscript/build/bin/jerry poc1.js
=================================================================
==3572149==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf5500959 at pc 0x0839f1a4 bp 0xffbc0428 sp 0xffbc0420
READ of size 1 at 0xf5500959 thread T0
#0 0x839f1a3 in lexer_compare_identifier_to_chars jerryscript/jerry-core/parser/js/js-lexer.c:3297:9
#1 0x839f4c1 in lexer_compare_identifiers jerryscript/jerry-core/parser/js/js-lexer.c
#2 0x83b5a37 in parser_check_duplicated_private_field jerryscript/jerry-core/parser/js/js-parser-expr.c:416:9
#3 0x83a2c8c in parser_parse_class_body jerryscript/jerry-core/parser/js/js-parser-expr.c:701:9
#4 0x83a2c8c in parser_parse_class jerryscript/jerry-core/parser/js/js-parser-expr.c:1110:27
#5 0x83c9958 in parser_parse_statements jerryscript/jerry-core/parser/js/js-parser-statm.c:2787:9
#6 0x8284a25 in parser_parse_source jerryscript/jerry-core/parser/js/js-parser.c:2280:5
#7 0x8282c6f in parser_parse_script jerryscript/jerry-core/parser/js/js-parser.c:3326:38
#8 0x8129a7c in jerry_parse_common jerryscript/jerry-core/api/jerryscript.c:412:21
#9 0x8129697 in jerry_parse jerryscript/jerry-core/api/jerryscript.c:480:10
#10 0x83ea951 in jerryx_source_parse_script jerryscript/jerry-ext/util/sources.c:52:26
#11 0x83eac11 in jerryx_source_exec_script jerryscript/jerry-ext/util/sources.c:63:26
#12 0x812162c in main jerryscript/jerry-main/main-desktop.c:156:20
#13 0xf7bf3ed4 in __libc_start_main (/lib32/libc.so.6+0x1aed4)
#14 0x8078645 in _start (jerryscript/build/bin/jerry+0x8078645)
0xf5500959 is located 0 bytes to the right of 25-byte region [0xf5500940,0xf5500959)
allocated by thread T0 here:
#0 0x80efe65 in malloc (jerryscript/build/bin/jerry+0x80efe65)
#1 0x83ec157 in jerry_port_source_read jerryscript/jerry-port/common/jerry-port-fs.c:72:45
#2 0x83ea7ce in jerryx_source_parse_script jerryscript/jerry-ext/util/sources.c:33:28
#3 0x83eac11 in jerryx_source_exec_script jerryscript/jerry-ext/util/sources.c:63:26
#4 0x812162c in main jerryscript/jerry-main/main-desktop.c:156:20
#5 0xf7bf3ed4 in __libc_start_main (/lib32/libc.so.6+0x1aed4)
SUMMARY: AddressSanitizer: heap-buffer-overflow jerryscript/jerry-core/parser/js/js-lexer.c:3297:9 in lexer_compare_identifier_to_chars
Shadow bytes around the buggy address:
0x3eaa00d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3eaa00e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3eaa00f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3eaa0100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3eaa0110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x3eaa0120: fa fa 00 00 04 fa fa fa 00 00 00[01]fa fa 00 00
0x3eaa0130: 00 fa fa fa 00 00 00 00 fa fa 00 00 04 fa fa fa
0x3eaa0140: 00 00 00 00 fa fa 00 00 03 fa fa fa 00 00 00 fa
0x3eaa0150: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00
0x3eaa0160: 00 fa fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa
0x3eaa0170: 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==3572149==ABORTING
Test case+
// poc2.jsclassC{#staticasync*''
Execution steps & Output+
$ ./jerryscript/build/bin/jerry poc2.js
=================================================================
==3572558==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf540095a at pc 0x0839f1a4 bp 0xffe49808 sp 0xffe49800
READ of size 1 at 0xf540095a thread T0
#0 0x839f1a3 in lexer_compare_identifier_to_chars jerryscript/jerry-core/parser/js/js-lexer.c:3297:9
#1 0x839f4c1 in lexer_compare_identifiers jerryscript/jerry-core/parser/js/js-lexer.c
#2 0x83b5a37 in parser_check_duplicated_private_field jerryscript/jerry-core/parser/js/js-parser-expr.c:416:9
#3 0x83a2edb in parser_parse_class_body jerryscript/jerry-core/parser/js/js-parser-expr.c:728:9
#4 0x83a2edb in parser_parse_class jerryscript/jerry-core/parser/js/js-parser-expr.c:1110:27
#5 0x83c9958 in parser_parse_statements jerryscript/jerry-core/parser/js/js-parser-statm.c:2787:9
#6 0x8284a25 in parser_parse_source jerryscript/jerry-core/parser/js/js-parser.c:2280:5
#7 0x8282c6f in parser_parse_script jerryscript/jerry-core/parser/js/js-parser.c:3326:38
#8 0x8129a7c in jerry_parse_common jerryscript/jerry-core/api/jerryscript.c:412:21
#9 0x8129697 in jerry_parse jerryscript/jerry-core/api/jerryscript.c:480:10
#10 0x83ea951 in jerryx_source_parse_script jerryscript/jerry-ext/util/sources.c:52:26
#11 0x83eac11 in jerryx_source_exec_script jerryscript/jerry-ext/util/sources.c:63:26
#12 0x812162c in main jerryscript/jerry-main/main-desktop.c:156:20
#13 0xf7bc3ed4 in __libc_start_main (/lib32/libc.so.6+0x1aed4)
#14 0x8078645 in _start (jerryscript/build/bin/jerry+0x8078645)
0xf540095a is located 0 bytes to the right of 26-byte region [0xf5400940,0xf540095a)
allocated by thread T0 here:
#0 0x80efe65 in malloc (jerryscript/build/bin/jerry+0x80efe65)
#1 0x83ec157 in jerry_port_source_read jerryscript/jerry-port/common/jerry-port-fs.c:72:45
#2 0x83ea7ce in jerryx_source_parse_script jerryscript/jerry-ext/util/sources.c:33:28
#3 0x83eac11 in jerryx_source_exec_script jerryscript/jerry-ext/util/sources.c:63:26
#4 0x812162c in main jerryscript/jerry-main/main-desktop.c:156:20
#5 0xf7bc3ed4 in __libc_start_main (/lib32/libc.so.6+0x1aed4)
SUMMARY: AddressSanitizer: heap-buffer-overflow jerryscript/jerry-core/parser/js/js-lexer.c:3297:9 in lexer_compare_identifier_to_chars
Shadow bytes around the buggy address:
0x3ea800d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3ea800e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3ea800f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3ea80100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3ea80110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x3ea80120: fa fa 00 00 04 fa fa fa 00 00 00[02]fa fa 00 00
0x3ea80130: 00 fa fa fa 00 00 00 00 fa fa 00 00 04 fa fa fa
0x3ea80140: 00 00 00 00 fa fa 00 00 03 fa fa fa 00 00 00 fa
0x3ea80150: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00
0x3ea80160: 00 fa fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa
0x3ea80170: 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==3572558==ABORTING
JerryScript revision
Commit: 1a2c047
Version: v3.0.0
Build platform
Ubuntu 20.04.5 LTS (Linux 5.4.0-144-generic x86_64)
Build steps
Test case
Execution steps & Output
Test case+
Execution steps & Output+
Credits:
@Ye0nny, @EJueon of the seclab-yonsei.
The text was updated successfully, but these errors were encountered: