ccxvii
commented
2 years ago I don't have clang-12 can it be replicated with clang-11?
Closed kdsjZh closed 2 years ago
ccxvii
commented
2 years ago I don't have clang-12 can it be replicated with clang-11?
kdsjZh
commented
2 years ago You can try with clang-11, pls let me know if it cannot be reproduced, I'll try to give you a set of instructions to reproduce via docker images.
kdsjZh
commented
2 years ago My steps to reproduce via docker, if you failed in your environment, you could try the following.
docker pull ubuntu:22.04
# start a container
apt update && apt install vim git gcc make g++ wget libreadline-dev unzip -y
vim /etc/apt/source.list
# add clang's source for ubuntu 22.04, which can be found in https://apt.llvm.org/
# add gpg key
wget https://apt.llvm.org/llvm-snapshot.gpg.key && apt-key add llvm-snapshot.gpg.key
apt install clang-12 -y
git clone https://github.com/ccxvii/mujs && pushd mujs
wget https://github.com/ccxvii/mujs/files/8694862/poc0.zip && unzip poc0.zip
CC=clang-12 make build=sanitize && ./build/sanitize/mujs poc0
The recent commit will limit recursion during compilation, so should solve this issue.
Brief summary
Hello, I was testing my fuzzer and found an echaustion bug in mujs. A stack exhaustion in function compile will be triggered when parsing a crafted js file, when
running ./mujs $POC, as shown in the attachmentCompiling the program
I compile mujs's latest commit https://github.com/ccxvii/mujs/commit/db110ea88edde20cfdd76a7162de751fefcc1fde in ubuntu 22 (docker image) with clang version 12.0.1. With command
CC=clang make build=sanitizeIn my test environment this bug cannot be reproduced if compiled via gcc so it's recommended to compile with clang-12ASan output
POC
poc0.zip
Credit
Han Zheng NCNIPC of China Hexhive