Open renatahodovan opened 5 years ago
Checked revision: bc9a5da Build command: CC=clang-7 \ tools/build.py --clean \ --buildtype=debug \ --compile-flag="-D'IOTJS_ASSERT(x)=assert(x)'" \ --compile-flag=-O2 --compile-flag=-fno-common --no-snapshot \ --compile-flag=-fsanitize=address --compile-flag=-fno-omit-frame-pointer \ --jerry-cmake-param=-DFEATURE_SYSTEM_ALLOCATOR=ON --target-arch=i686 \ --profile=test/profiles/host-linux.profile --jerry-profile=es2015-subset \ --jerry-cmake-param=-DEXTERNAL_COMPILE_FLAGS=-Wno-conversion
Linux-4.15.0-54-generic-x86_64-with-Ubuntu-18.04-bionic
var dgram = require('dgram') var v0 = dgram.createSocket('udp4') v0.addMembership(decodeURIComponent(), v0)
iotjs: iotjs/src/iotjs_binding.c:217: iotjs_string_t iotjs_jval_as_string(jerry_value_t): Assertion `jerry_value_is_string(jval)' failed. Program received signal SIGABRT, Aborted. 0xf7fd3939 in __kernel_vsyscall () (gdb) bt #0 0xf7fd3939 in __kernel_vsyscall () #1 0xf7c90182 in raise () from /lib/i386-linux-gnu/libc.so.6 #2 0xf7c7a2b6 in abort () from /lib/i386-linux-gnu/libc.so.6 #3 0xf7c7a1c1 in ?? () from /lib/i386-linux-gnu/libc.so.6 #4 0xf7c87fd9 in __assert_fail () from /lib/i386-linux-gnu/libc.so.6 #5 0x081564ac in iotjs_jval_as_string (jval=<optimized out>) at iotjs/src/iotjs_binding.c:217 #6 0x0818fb16 in set_membership (jthis=4294949184, jargv=0xffffbb5c, jargc=<optimized out>, membership=<optimized out>) at iotjs/src/modules/iotjs_module_udp.c:310 #7 0x0818edf9 in udp_add_membership (jfunc=4117812643, jthis=4119891123, jargv=0xffffbb58, jargc=2) at iotjs/src/modules/iotjs_module_udp.c:331 #8 0x081b60dd in ecma_op_function_call (func_obj_p=0xf570d5a0, this_arg_value=4119891123, arguments_list_p=0xffffbb58, arguments_list_len=2) at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:815 #9 0x08277fc9 in opfunc_call (frame_ctx_p=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:565 #10 vm_execute (frame_ctx_p=0xffffbbb0, arg_p=0xffffbbe3, arg_list_len=2) at iotjs/deps/jerry/jerry-core/vm/vm.c:3478 #11 0x082187ad in vm_run (bytecode_header_p=<optimized out>, this_binding_value=<optimized out>, lex_env_p=<optimized out>, parse_opts=<optimized out>, arg_list_p=0x0, arg_list_len=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:3611 #12 0x081b6443 in ecma_op_function_call (func_obj_p=0xf570e710, this_arg_value=4119891187, arguments_list_p=0x0, arguments_list_len=2) at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:792 #13 0x08277fc9 in opfunc_call (frame_ctx_p=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:565 #14 vm_execute (frame_ctx_p=0xffffbe50, arg_p=0xffffbe83, arg_list_len=3) at iotjs/deps/jerry/jerry-core/vm/vm.c:3478 #15 0x082187ad in vm_run (bytecode_header_p=<optimized out>, this_binding_value=<optimized out>, lex_env_p=<optimized out>, parse_opts=<optimized out>, arg_list_p=0x0, arg_list_len=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:3611 #16 0x081b6443 in ecma_op_function_call (func_obj_p=0xf570be60, this_arg_value=4119885075, arguments_list_p=0x0, arguments_list_len=3) at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:792 #17 0x081eaa81 in ecma_builtin_function_prototype_dispatch_routine (builtin_routine_id=<optimized out>, this_arg_value=<optimized out>, arguments_list=<optimized out>, arguments_number=<optimized out>) at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-function-prototype.c:212 #18 0x0820b10b in ecma_builtin_dispatch_routine (builtin_object_id=<optimized out>, builtin_routine_id=<optimized out>, this_arg_value=<optimized out>, arguments_list_p=<optimized out>, arguments_list_len=<optimized out>) at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtins.c:1016 #19 ecma_builtin_dispatch_call (obj_p=<optimized out>, this_arg_value=<optimized out>, arguments_list_p=<optimized out>, arguments_list_len=<optimized out>) at iotjs/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtins.c:1041 #20 0x081b6471 in ecma_op_function_call (func_obj_p=0xf5703ee0, this_arg_value=4117806691, arguments_list_p=0xffffc258, arguments_list_len=4) at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:716 #21 0x08277fc9 in opfunc_call (frame_ctx_p=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:565 #22 vm_execute (frame_ctx_p=0xffffc2d0, arg_p=0xffffc303, arg_list_len=2) at iotjs/deps/jerry/jerry-core/vm/vm.c:3478 #23 0x082187ad in vm_run (bytecode_header_p=<optimized out>, this_binding_value=<optimized out>, lex_env_p=<optimized out>, parse_opts=<optimized out>, arg_list_p=0x0, arg_list_len=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:3611 #24 0x081b6443 in ecma_op_function_call (func_obj_p=0xf570b320, this_arg_value=4119885107, arguments_list_p=0x0, arguments_list_len=2) at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:792 #25 0x08277fc9 in opfunc_call (frame_ctx_p=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:565 #26 vm_execute (frame_ctx_p=0xffffc590, arg_p=0xffffc5c3, arg_list_len=2) at iotjs/deps/jerry/jerry-core/vm/vm.c:3478 #27 0x082187ad in vm_run (bytecode_header_p=<optimized out>, this_binding_value=<optimized out>, lex_env_p=<optimized out>, parse_opts=<optimized out>, arg_list_p=0x0, arg_list_len=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:3611 #28 0x081b6443 in ecma_op_function_call (func_obj_p=0xf570b410, this_arg_value=4117776835, arguments_list_p=0x0, arguments_list_len=2) at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:792 #29 0x08277fc9 in opfunc_call (frame_ctx_p=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:565 #30 vm_execute (frame_ctx_p=0xffffc810, arg_p=0xffffc843, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:3478 #31 0x082187ad in vm_run (bytecode_header_p=<optimized out>, this_binding_value=<optimized out>, lex_env_p=<optimized out>, parse_opts=<optimized out>, arg_list_p=0x0, arg_list_len=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:3611 #32 0x081b6443 in ecma_op_function_call (func_obj_p=0xf570b2f0, this_arg_value=4117776835, arguments_list_p=0x0, arguments_list_len=0) at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:792 #33 0x08277fc9 in opfunc_call (frame_ctx_p=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:565 #34 vm_execute (frame_ctx_p=0xffffcab0, arg_p=0xffffcae3, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:3478 #35 0x082187ad in vm_run (bytecode_header_p=<optimized out>, this_binding_value=<optimized out>, lex_env_p=<optimized out>, parse_opts=<optimized out>, arg_list_p=0x0, arg_list_len=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:3611 #36 0x081b63f0 in ecma_op_function_call (func_obj_p=0xf57010c0, this_arg_value=72, arguments_list_p=0xffffccc4, arguments_list_len=0) at iotjs/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c:792 #37 0x08277fc9 in opfunc_call (frame_ctx_p=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:565 #38 vm_execute (frame_ctx_p=0xffffcd30, arg_p=0xffffcd63, arg_list_len=0) at iotjs/deps/jerry/jerry-core/vm/vm.c:3478 #39 0x082187ad in vm_run (bytecode_header_p=<optimized out>, this_binding_value=<optimized out>, lex_env_p=<optimized out>, parse_opts=<optimized out>, arg_list_p=0x0, arg_list_len=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:3611 #40 0x08199d86 in vm_run_global (bytecode_p=<optimized out>) at iotjs/deps/jerry/jerry-core/vm/vm.c:266 #41 jerry_run (func_val=4117762291) at iotjs/deps/jerry/jerry-core/api/jerry.c:550 #42 0x081569e0 in iotjs_jhelper_eval (name=0x833c700 <str> "iotjs.js", name_len=8, data=0x837a460 <iotjs_s> "/* Copyright 2015-present Samsung Electronics Co., Ltd. and other contributors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance w"..., size=4730, strict_mode=<optimized out>) at iotjs/src/iotjs_binding.c:379 #43 0x08155156 in iotjs_run (env=0x88ccee0 <current_env>) at iotjs/src/iotjs.c:175 #44 0x081552ea in iotjs_start (env=<optimized out>) at iotjs/src/iotjs.c:224 #45 iotjs_entry (argc=2, argv=0xffffcfa4) at iotjs/src/iotjs.c:312 #46 0xf7c7b751 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6 #47 0x08080872 in _start ()
Found by Fuzzinator with JsProFuzz.
IoT.js version:
OS:
Test case:
Backtrace:
Found by Fuzzinator with JsProFuzz.