Null pointer dereference in url_encode #13
Comments
pcmacdon
pushed a commit
that referenced
this issue
May 11, 2020
|
Fixed in Release "3.0.11" |
This was referenced Oct 20, 2020
This was referenced Oct 31, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
DongzhuoZhao added on 2020-05-11 05:31:25:
git version:
4603977
save follow testcase as .js format :
new Array(- 256, 0, - 2.0).forEach(encodeURI);
run:
./jsimin poc.js
Result:
zdz@ubuntu:~/jsish$ ./jsimin /home/zdz/debugBug/jsi/bug/poc.js
Segmentation fault (core dumped)
Backtrace:
(gdb) bt
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
#1 0x00005555555b37d4 in Jsi_Strlen (str=0x0) at ./src/jsiChar.c:29
#2 0x00005555555cfdd2 in url_encode (str=0x0) at ./src/jsiCmds.c:1103
#3 0x00005555555d0062 in EncodeURICmd (interp=0x555555865260,
args=0x5555558c6b50, _this=0x5555558c6b90, ret=0x7fffffff5ba0,
funcPtr=0x55555588a510) at ./src/jsiCmds.c:1143
#4 0x000055555558f81a in jsi_FunctionInvoke (interp=0x555555865260,
tocall=0x5555558c67f0, args=0x5555558c6b50, ret=0x7fffffff5ba0,
_this=0x5555558c6a80) at ./src/jsiFunc.c:799
#5 0x000055555558f9b8 in Jsi_FunctionInvoke (interp=0x555555865260,
func=0x5555558c67f0, args=0x5555558c6b50, ret=0x7fffffff5ba0,
_this=0x5555558c6a80) at ./src/jsiFunc.c:823
Found by Dongzhuo Zhao working with ADLab of Venustech
The text was updated successfully, but these errors were encountered: