search

jerryscript-project / jerryscript

Ultra-lightweight JavaScript engine for the Internet of Things.
https://jerryscript.net
Apache License 2.0
6.96k stars 673 forks source link

jerry crashed while running the following code. #5052

Open marckwei opened 1 year ago

marckwei commented 1 year ago
JerryScript revision

1a2c04763aba49f52b1537acd3730098c873511c

Build platform

Name the build platform. E.g., copy the output of Ubuntu Lunar Lobster (development branch) (Linux 5.15.0-67-generic x86_64)

Build steps
python3 tools/build.py --builddir=asan --compile-flag=-fno-omit-frame-pointer --compile-flag=-fsanitize=address  --compile-flag=-fno-optimize-sibling-calls --compile-flag=-g --strip=OFF
Test case
function f0(a1, a2, ...a3) {
class C4 extends a1 {
}
var v5 = new C4(C4);
return C4;
}
f0(f0);
Execution steps
./build/bin/jerry  test.js
Output

segmentfault

Backtrace

==51694==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe6695efc0 (pc 0x5556250c8272 bp 0x7ffe6695f070 sp 0x7ffe6695efb0 T0)

0 0x5556250c8272 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1704

#1 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631
#2 0x5556250c8958 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727
#3 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631

... ...

491 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631

#492 0x5556250c8958 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727
#493 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631
#494 0x5556250c8958 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727
#495 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631
#496 0x5556250c8958 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727

SUMMARY: AddressSanitizer: stack-overflow /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1704 in ecma_op_function_construct ==51694==ABORTING

carnil commented 1 year ago

CVE-2023-30410 appears to have been assigned for this issue.

ossy-szeged commented 1 day ago

dup of #5039