You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
varx=[assert(arrObj.hasOwnProperty("1"),'arrObj.hasOwnProperty("1") !== true')];vararr=x.concat();if(arr[0]!==0){$ERROR('#1: var x = [0,1]; var arr = x.concat(); arr[0] === 0. Actual: '+(arr[0]));}
Execution steps & Output
$ ./jsish/jsish poc.js
=================================================================
========ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6250000000f8 at pc 0x5606c5363cbc bp 0x7ffd726922f0 sp 0x7ffd726922e0
READ of size 8 at 0x6250000000f8 thread T0
#0 0x5606c5363cbb in jsiEvalCodeSub src/jsiEval.c:1289#1 0x5606c536515e in jsi_evalcode src/jsiEval.c:2204#2 0x5606c5369274 in jsi_evalStrFile src/jsiEval.c:2665#3 0x5606c505866a in Jsi_Main src/jsiInterp.c:936#4 0x5606c585d03a in jsi_main src/main.c:47#5 0x7efcba589bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)#6 0x5606c4fec969 in _start (/usr/local/bin/jsish+0xe8969)
0x6250000000f8 is located 8 bytes to the left of 8192-byte region [0x625000000100,0x625000002100)
allocated by thread T0 here:
#0 0x7efcbb1f8f30 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdef30)#1 0x5606c505d972 in Jsi_Realloc src/jsiUtils.c:47
SUMMARY: AddressSanitizer: heap-buffer-overflow src/jsiEval.c:1289 in jsiEvalCodeSub
Shadow bytes around the buggy address:
0x0c4a7fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff8000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a7fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
0x0c4a7fff8020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff8030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff8040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff8050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fff8060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
========ABORTING
Credits: Found by OWL337 team.
The text was updated successfully, but these errors were encountered:
Jsish revision
Commit: 9fa798e
Version: v3.5.0
Build platform
Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)
Build steps
Test case
Execution steps & Output
$ ./jsish/jsish poc.js ================================================================= ========ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6250000000f8 at pc 0x5606c5363cbc bp 0x7ffd726922f0 sp 0x7ffd726922e0 READ of size 8 at 0x6250000000f8 thread T0 #0 0x5606c5363cbb in jsiEvalCodeSub src/jsiEval.c:1289 #1 0x5606c536515e in jsi_evalcode src/jsiEval.c:2204 #2 0x5606c5369274 in jsi_evalStrFile src/jsiEval.c:2665 #3 0x5606c505866a in Jsi_Main src/jsiInterp.c:936 #4 0x5606c585d03a in jsi_main src/main.c:47 #5 0x7efcba589bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6) #6 0x5606c4fec969 in _start (/usr/local/bin/jsish+0xe8969) 0x6250000000f8 is located 8 bytes to the left of 8192-byte region [0x625000000100,0x625000002100) allocated by thread T0 here: #0 0x7efcbb1f8f30 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdef30) #1 0x5606c505d972 in Jsi_Realloc src/jsiUtils.c:47 SUMMARY: AddressSanitizer: heap-buffer-overflow src/jsiEval.c:1289 in jsiEvalCodeSub Shadow bytes around the buggy address: 0x0c4a7fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4a7fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4a7fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4a7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4a7fff8000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c4a7fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa] 0x0c4a7fff8020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4a7fff8030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4a7fff8040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4a7fff8050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4a7fff8060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ========ABORTINGCredits: Found by OWL337 team.
The text was updated successfully, but these errors were encountered: