=================================================================
==457302==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000002450 at pc 0x5616b998735d bp 0x7ffd92687ed0 sp 0x7ffd92687ec8
READ of size 4 at 0x604000002450 thread T0
#0 0x5616b998735c in JS_DupValue /quickjs/./quickjs.h:671:21
#1 0x5616b998735c in JS_ToInt32 /quickjs/quickjs.c:10975:38
#2 0x5616b998735c in js_bigfloat_parseFloat /quickjs/quickjs.c:51607:9
#3 0x5616b9749fb4 in js_call_c_function /quickjs/quickjs.c:16014:19
#4 0x5616b97a3f63 in JS_CallInternal /quickjs/quickjs.c:16209:16
#5 0x5616b97b31fc in JS_CallInternal /quickjs/quickjs.c:16616:27
#6 0x5616b97dfc42 in JS_CallFree /quickjs/quickjs.c:18695:19
#7 0x5616b97dfc42 in JS_EvalFunctionInternal /quickjs/quickjs.c:34351:19
#8 0x5616b980931f in __JS_EvalInternal /quickjs/quickjs.c:34486:19
#9 0x5616b97e174e in JS_EvalInternal /quickjs/quickjs.c:34504:12
#10 0x5616b97e174e in JS_EvalThis /quickjs/quickjs.c:34535:11
#11 0x5616b97e174e in JS_Eval /quickjs/quickjs.c:34543:12
#12 0x5616b9746202 in eval_buf /quickjs/qjs.c:71:15
#13 0x5616b97465a0 in eval_file /quickjs/qjs.c:103:11
#14 0x5616b97454cf in main /quickjs/qjs.c:516:17
#15 0x7fcbb7a29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#16 0x7fcbb7a29e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#17 0x5616b9684734 in _start (/quickjs/qjs+0x4c734) (BuildId: 7ee6713a5851a816c63761bf03890241e521e4ac)
0x604000002450 is located 0 bytes inside of 48-byte region [0x604000002450,0x604000002480)
freed by thread T0 here:
#0 0x5616b9709eb2 in free (/quickjs/qjs+0xd1eb2) (BuildId: 7ee6713a5851a816c63761bf03890241e521e4ac)
#1 0x5616b982d259 in js_def_free /quickjs/quickjs.c:1744:5
#2 0x5616b976e9d5 in __JS_FreeValueRT /quickjs/quickjs.c
#3 0x5616b97bc73a in __JS_FreeValue /quickjs/quickjs.c:5597:5
#4 0x5616b97bc73a in JS_FreeValue /quickjs/./quickjs.h:652:13
#5 0x5616b97bc73a in JS_CallInternal /quickjs/quickjs.c:17497:17
#6 0x5616b97dfc42 in JS_CallFree /quickjs/quickjs.c:18695:19
#7 0x5616b97dfc42 in JS_EvalFunctionInternal /quickjs/quickjs.c:34351:19
#8 0x5616b980931f in __JS_EvalInternal /quickjs/quickjs.c:34486:19
#9 0x5616b97e174e in JS_EvalInternal /quickjs/quickjs.c:34504:12
#10 0x5616b97e174e in JS_EvalThis /quickjs/quickjs.c:34535:11
#11 0x5616b97e174e in JS_Eval /quickjs/quickjs.c:34543:12
#12 0x5616b9746202 in eval_buf /quickjs/qjs.c:71:15
#13 0x5616b97465a0 in eval_file /quickjs/qjs.c:103:11
#14 0x5616b97454cf in main /quickjs/qjs.c:516:17
#15 0x7fcbb7a29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
previously allocated by thread T0 here:
#0 0x5616b970a15e in __interceptor_malloc (/quickjs/qjs+0xd215e) (BuildId: 7ee6713a5851a816c63761bf03890241e521e4ac)
#1 0x5616b982d0bf in js_def_malloc /quickjs/quickjs.c:1728:11
#2 0x5616b998d1ab in js_malloc_rt /quickjs/quickjs.c:1315:12
#3 0x5616b998d1ab in js_malloc /quickjs/quickjs.c:1353:11
#4 0x5616b998d1ab in JS_NewBigDecimal /quickjs/quickjs.c:12502:9
#5 0x5616b998d1ab in JS_ToBigDecimalFree /quickjs/quickjs.c:52194:23
#6 0x5616b9819ec6 in js_bigdecimal_constructor /quickjs/quickjs.c:52256:15
#7 0x5616b9749fb4 in js_call_c_function /quickjs/quickjs.c:16014:19
#8 0x5616b97a3f63 in JS_CallInternal /quickjs/quickjs.c:16209:16
#9 0x5616b97b2823 in JS_CallInternal /quickjs/quickjs.c:16580:27
#10 0x5616b97dfc42 in JS_CallFree /quickjs/quickjs.c:18695:19
#11 0x5616b97dfc42 in JS_EvalFunctionInternal /quickjs/quickjs.c:34351:19
#12 0x5616b980931f in __JS_EvalInternal /quickjs/quickjs.c:34486:19
#13 0x5616b97e174e in JS_EvalInternal /quickjs/quickjs.c:34504:12
#14 0x5616b97e174e in JS_EvalThis /quickjs/quickjs.c:34535:11
#15 0x5616b97e174e in JS_Eval /quickjs/quickjs.c:34543:12
#16 0x5616b9746202 in eval_buf /quickjs/qjs.c:71:15
#17 0x5616b97465a0 in eval_file /quickjs/qjs.c:103:11
#18 0x5616b97454cf in main /quickjs/qjs.c:516:17
#19 0x7fcbb7a29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
SUMMARY: AddressSanitizer: heap-use-after-free /quickjs/./quickjs.h:671:21 in JS_DupValue
Shadow bytes around the buggy address:
0x0c087fff8430: fa fa 00 00 00 00 05 fa fa fa 00 00 00 00 01 fa
0x0c087fff8440: fa fa 00 00 00 00 01 fa fa fa fd fd fd fd fd fd
0x0c087fff8450: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff8460: fa fa fd fd fd fd fd fd fa fa 00 00 00 00 06 fa
0x0c087fff8470: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
=>0x0c087fff8480: fa fa fd fd fd fd fd fa fa fa[fd]fd fd fd fd fd
0x0c087fff8490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff84a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff84b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff84c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff84d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==457302==ABORTING
Version
3b45d155c77bbdfe9177b1e03db830d2aff0b2a8
Build platform
Ubuntu 22.04.3
Build steps
Test case
Execution steps
Output