Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AddressSanitizer: allocator is out of memory trying to allocate #5071

Open
Ye0nny opened this issue Apr 19, 2023 · 0 comments
Open

AddressSanitizer: allocator is out of memory trying to allocate #5071

Ye0nny opened this issue Apr 19, 2023 · 0 comments

Comments

@Ye0nny
Copy link

Ye0nny commented Apr 19, 2023

JerryScript revision

Commit: 05dbbd1
Version: v3.0.0

Build platform

Ubuntu 20.04.5 LTS (Linux 5.4.0-144-generic x86_64)

Build steps
python ./tools/build.py --clean --debug --compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer --compile-flag=-fno-common --compile-flag=-fsanitize=address --compile-flag=-g --strip=off --lto=off --error-messages=on --system-allocator=on --logging=on --line-info=on --stack-limit=20
Test case
testcase

var r = new Int32Array ( 8 ) . sort ( ) ; r = new SharedArrayBuffer ( 2147483648 ) . slice ( 8 ) ; r = new Int32Array ( 128 ) . subarray ( 64 ) . sort ( d ) ; a = new Int32Array . set ( r ) ; var a ; r = r . toString ( r ) ; r . constructor = a ; set ( r ) ; assert ( a === r . toString ( 32 ) ) ; 

// poc1.js
var r = new SharedArrayBuffer ( 2147483648 ) . slice () ;
Execution steps & Output
$ ./jerryscript/build/bin/jerry poc1.js
=================================================================
==2169015==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0x80000000 bytes
    #0 0x80efe65 in malloc (./jerryscript/build/bin/jerry+0x80efe65)
    #1 0x825f11c in jmem_heap_alloc ./jerryscript/jerry-core/jmem/jmem-heap.c:254:10
    #2 0x825f11c in jmem_heap_gc_and_alloc_block ./jerryscript/jerry-core/jmem/jmem-heap.c:291:24
    #3 0x81d5463 in ecma_arraybuffer_allocate_buffer ./jerryscript/jerry-core/ecma/operations/ecma-arraybuffer-object.c:169:28
    #4 0x81d7ae3 in ecma_arraybuffer_allocate_buffer_throw ./jerryscript/jerry-core/ecma/operations/ecma-arraybuffer-object.c:195:10
    #5 0x81d7ae3 in ecma_builtin_arraybuffer_slice ./jerryscript/jerry-core/ecma/operations/ecma-arraybuffer-object.c:500:7
    #6 0x8362abc in ecma_builtin_shared_arraybuffer_prototype_object_slice ./jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-shared-arraybuffer-prototype.c:104:10
    #7 0x8362abc in ecma_builtin_shared_arraybuffer_prototype_dispatch_routine ./jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-shared-arraybuffer-prototype.inc.h:39:1
    #8 0x81b94a4 in ecma_builtin_dispatch_routine ./jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1460:10
    #9 0x81b94a4 in ecma_builtin_dispatch_call ./jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1489:12
    #10 0x81fb6b7 in ecma_op_function_call_native_built_in ./jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1217:5
    #11 0x81fa81c in ecma_op_function_call ./jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1411:16
    #12 0x81fa5ce in ecma_op_function_validated_call ./jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1371:10
    #13 0x82d7630 in opfunc_call ./jerryscript/jerry-core/vm/vm.c:758:5
    #14 0x82d7630 in vm_execute ./jerryscript/jerry-core/vm/vm.c:5217:9
    #15 0x82d4f61 in vm_run ./jerryscript/jerry-core/vm/vm.c:5312:10
    #16 0x82d4c38 in vm_run_global ./jerryscript/jerry-core/vm/vm.c:286:25
    #17 0x812a4e4 in jerry_run ./jerryscript/jerry-core/api/jerryscript.c:548:24
    #18 0x83eac3e in jerryx_source_exec_script ./jerryscript/jerry-ext/util/sources.c:68:14
    #19 0x812162c in main ./jerryscript/jerry-main/main-desktop.c:156:20
    #20 0xf7be5ed4 in __libc_start_main (/lib32/libc.so.6+0x1aed4)

==2169015==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: out-of-memory (./jerryscript/build/bin/jerry+0x80efe65) in malloc
==2169015==ABORTING

Test case+
testcase

var a = " 32 " ; var e = 4 ; var a = new ArrayBuffer ( 2147483648 , t ) ; Infinity ; var a = new Uint32Array ( a , e ) ; a === e ; new Int32Array ( a , e ) ; a <= e ; a = new Uint8Array ( a ) ; a = new Uint8ClampedArray ( a , e , a ) !== e ; a < e ; a >= e ; a <= e ; 0 == e !== null ; a != e ; a !== e ; false == 0 ; false == undefined === 0 ; var t = a . t ; " " === false ; " " == 0 ; " " === 0 ; false == undefined ; 0 == null ; 

// poc2.js
var e = 4 ; var a = new ArrayBuffer ( 2147483648 ) ; var a = new Uint32Array ( a , e ) ; new Int32Array ( a , e ) ;
Execution steps & Output+
$ ./jerryscript/build/bin/jerry poc2.js
=================================================================
==2170063==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0x7ffffffc bytes
    #0 0x80efe65 in malloc (./jerryscript/build/bin/jerry+0x80efe65)
    #1 0x825f11c in jmem_heap_alloc ./jerryscript/jerry-core/jmem/jmem-heap.c:254:10
    #2 0x825f11c in jmem_heap_gc_and_alloc_block ./jerryscript/jerry-core/jmem/jmem-heap.c:291:24
    #3 0x81d5463 in ecma_arraybuffer_allocate_buffer ./jerryscript/jerry-core/ecma/operations/ecma-arraybuffer-object.c:169:28
    #4 0x82583e0 in ecma_typedarray_create_object_with_typedarray ./jerryscript/jerry-core/ecma/operations/ecma-typedarray-object.c:913:7
    #5 0x82583e0 in ecma_op_create_typedarray ./jerryscript/jerry-core/ecma/operations/ecma-typedarray-object.c:1679:12
    #6 0x81bad21 in ecma_typedarray_helper_dispatch_construct ./jerryscript/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-helpers.c:60:22
    #7 0x81ba8f4 in ecma_builtin_int32array_dispatch_construct ./jerryscript/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-int32array.c:68:10
    #8 0x81b99ce in ecma_builtin_dispatch_construct ./jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1518:10
    #9 0x81fc476 in ecma_op_function_construct_built_in ./jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1537:28
    #10 0x81fc476 in ecma_op_function_construct ./jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1717:14
    #11 0x82d7255 in opfunc_construct ./jerryscript/jerry-core/vm/vm.c:840:7
    #12 0x82d7255 in vm_execute ./jerryscript/jerry-core/vm/vm.c:5236:9
    #13 0x82d4f61 in vm_run ./jerryscript/jerry-core/vm/vm.c:5312:10
    #14 0x82d4c38 in vm_run_global ./jerryscript/jerry-core/vm/vm.c:286:25
    #15 0x812a4e4 in jerry_run ./jerryscript/jerry-core/api/jerryscript.c:548:24
    #16 0x83eac3e in jerryx_source_exec_script ./jerryscript/jerry-ext/util/sources.c:68:14
    #17 0x812162c in main ./jerryscript/jerry-main/main-desktop.c:156:20
    #18 0xf7c77ed4 in __libc_start_main (/lib32/libc.so.6+0x1aed4)

==2170063==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: out-of-memory (./jerryscript/build/bin/jerry+0x80efe65) in malloc
==2170063==ABORTING

Credits:
@Ye0nny, @EJueon of the seclab-yonsei.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant