Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEGV src/jsiValue.c:418 in Jsi_ValueIsNumber #70

Closed
hope-fly opened this issue Dec 24, 2021 · 0 comments
Closed

SEGV src/jsiValue.c:418 in Jsi_ValueIsNumber #70

hope-fly opened this issue Dec 24, 2021 · 0 comments

Comments

@hope-fly
Copy link

hope-fly commented Dec 24, 2021

Jsish revision

Commit: 9fa798e

Version: v3.5.0

Build platform

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps
export CFLAGS='-fsanitize=address'
make
Test case
var JSEtest = new Array(10);
JSEtest[1] = 1;
JSEtest.reduceRight(String.fromCharCode);

Execution steps & Output
$ ./jsish/jsish poc.js
ASAN:DEADLYSIGNAL
=================================================================
==113736==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x55586e9b4734 bp 0x000000000001 sp 0x7ffdbb663540 T0)
==113736==The signal is caused by a READ memory access.
==113736==Hint: address points to the zero page.
    #0 0x55586e9b4733 in Jsi_ValueIsNumber src/jsiValue.c:418
    #1 0x55586ea50b7f in StringFromCharCodeCmd src/jsiString.c:286
    #2 0x55586ea2c818 in jsi_FuncCallSub src/jsiProto.c:244
    #3 0x55586e9a9fec in jsi_FunctionInvoke src/jsiFunc.c:777
    #4 0x55586e9a9fec in Jsi_FunctionInvoke src/jsiFunc.c:789
    #5 0x55586ea6e851 in jsi_ArrayReduceSubCmd src/jsiArray.c:641
    #6 0x55586ea6e851 in jsi_ArrayReduceRightCmd src/jsiArray.c:672
    #7 0x55586ea2c818 in jsi_FuncCallSub src/jsiProto.c:244
    #8 0x55586ecf671a in jsiFunctionSubCall src/jsiEval.c:796
    #9 0x55586ecf671a in jsiEvalFunction src/jsiEval.c:837
    #10 0x55586ecf671a in jsiEvalCodeSub src/jsiEval.c:1264
    #11 0x55586ed0a15e in jsi_evalcode src/jsiEval.c:2204
    #12 0x55586ed0e274 in jsi_evalStrFile src/jsiEval.c:2665
    #13 0x55586e9fd66a in Jsi_Main src/jsiInterp.c:936
    #14 0x55586f20203a in jsi_main src/main.c:47
    #15 0x7ffa096e4bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #16 0x55586e991969 in _start (/usr/local/bin/jsish+0xe8969)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV src/jsiValue.c:418 in Jsi_ValueIsNumber

Credits: Found by OWL337 team.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant