You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ ./jerryscript/build/bin/jerry poc.js
=================================================================
==3080358==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf510068c at pc 0x566887dc bp 0xfff81e68 sp 0xfff81e58
READ of size 2 at 0xf510068c thread T0
#0 0x566887db in scanner_literal_is_created ./jerryscript/jerry-core/parser/js/js-scanner-util.c:2922
#1 0x566f8265 in parser_parse_var_statement ./jerryscript/jerry-core/parser/js/js-parser-statm.c:523
#2 0x566fda21 in parser_parse_statements ./jerryscript/jerry-core/parser/js/js-parser-statm.c:3021
#3 0x5667eb25 in parser_parse_source ./jerryscript/jerry-core/parser/js/js-parser.c:2280
#4 0x566113cf in jerry_parse_common ./jerryscript/jerry-core/api/jerryscript.c:412
#5 0x56611631 in jerry_parse ./jerryscript/jerry-core/api/jerryscript.c:480
#6 0x56706644 in jerryx_source_parse_script ./jerryscript/jerry-ext/util/sources.c:52
#7 0x56706701 in jerryx_source_exec_script ./jerryscript/jerry-ext/util/sources.c:63
#8 0x56609d04 in main ./jerryscript/jerry-main/main-desktop.c:156
#9 0xf7627ed4 in __libc_start_main (/lib32/libc.so.6+0x1aed4)
#10 0x5660cfb4 in _start (./jerryscript/build/bin/jerry+0x12fb4)
0xf510068c is located 4 bytes to the left of 8-byte region [0xf5100690,0xf5100698)
allocated by thread T0 here:
#0 0xf7a10817 in __interceptor_malloc ../../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x5660cae4 in jmem_heap_alloc ./jerryscript/jerry-core/jmem/jmem-heap.c:254
#2 0x56671d8d in jmem_heap_gc_and_alloc_block ./jerryscript/jerry-core/jmem/jmem-heap.c:291
#3 0x566f25ab in parser_malloc ./jerryscript/jerry-core/parser/js/js-parser-mem.c:43
#4 0x56686c95 in scanner_create_variables ./jerryscript/jerry-core/parser/js/js-scanner-util.c:2341
#5 0x5667eae1 in parser_parse_source ./jerryscript/jerry-core/parser/js/js-parser.c:2277
#6 0x566113cf in jerry_parse_common ./jerryscript/jerry-core/api/jerryscript.c:412
#7 0x56611631 in jerry_parse ./jerryscript/jerry-core/api/jerryscript.c:480
#8 0x56706644 in jerryx_source_parse_script ./jerryscript/jerry-ext/util/sources.c:52
#9 0x56706701 in jerryx_source_exec_script ./jerryscript/jerry-ext/util/sources.c:63
#10 0x56609d04 in main ./jerryscript/jerry-main/main-desktop.c:156
#11 0xf7627ed4 in __libc_start_main (/lib32/libc.so.6+0x1aed4)
SUMMARY: AddressSanitizer: heap-buffer-overflow ./jerryscript/jerry-core/parser/js/js-scanner-util.c:2922 in scanner_literal_is_created
Shadow bytes around the buggy address:
0x3ea20080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3ea20090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3ea200a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3ea200b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3ea200c0: fa fa fa fa fa fa 05 fa fa fa 05 fa fa fa fd fd
=>0x3ea200d0: fa[fa]00 fa fa fa 00 04 fa fa fd fd fa fa fd fd
0x3ea200e0: fa fa fd fd fa fa 00 07 fa fa 00 06 fa fa 00 03
0x3ea200f0: fa fa 00 07 fa fa 00 00 fa fa fa fa fa fa fa fa
0x3ea20100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3ea20110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3ea20120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==3080358==ABORTING
JerryScript revision
Commit: 05dbbd1
Version: v3.0.0
Build platform
Ubuntu 20.04.5 LTS (Linux 5.4.0-144-generic x86_64)
Build steps
Test case
testcase
Execution steps & Output
with debugging mode(--debug)
Outputs
Credits: @Ye0nny, @EJueon of the seclab-yonsei.
The text was updated successfully, but these errors were encountered: