$ uname -a
Linux user-AYA-NEO-FOUNDER 5.19.0-43-generic #44~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon May 22 13:39:36 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
AddressSanitizer:DEADLYSIGNAL
=================================================================
==4174418==ERROR: AddressSanitizer: SEGV on unknown address 0x000002032210 (pc 0x00000041ee08 bp 0x000000000008 sp 0x7ffcc387dd60 T0)
==4174418==The signal is caused by a WRITE memory access.
#0 0x41ee08 in jmem_pools_free /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/jmem/jmem-poolman.c:136:29
#1 0x580591 in vm_stack_context_abort_variable_length /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm-stack.c:73:5
#2 0x580591 in vm_stack_context_abort /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm-stack.c:125:24
#3 0x580cbc in vm_stack_find_finally /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm-stack.c:420:19
#4 0x58f8a3 in vm_loop /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:4892:15
#5 0x582c82 in vm_execute /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5211:37
#6 0x57b6db in opfunc_resume_executable_object /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/opcodes.c:758:25
#7 0x529e88 in ecma_process_promise_async_reaction_job /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-jobqueue.c:363:12
#8 0x529e88 in ecma_process_all_enqueued_jobs /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-jobqueue.c:567:15
#9 0x4dbf52 in jerry_run_jobs /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/api/jerryscript.c:1078:24
#10 0x4d7208 in main /home/user/fuzz/jerryscript_origin/jerryscript/jerry-main/main-desktop.c:229:12
#11 0x7efc7c629d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#12 0x7efc7c629e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#13 0x41ee74 in _start (/home/user/fuzz/jerryscript_origin/jerryscript/build/bin/jerry+0x41ee74)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/jmem/jmem-poolman.c:136:29 in jmem_pools_free
==4174418==ABORTING
Backtrace
$ gdb -nx -q ./jerry -ex 'r /home/user/vul/crash/Jerryscript/out/crashes/program_20230412010753_28034C1C-6509-445B-8305-557EE504E083_deterministic.js'
Reading symbols from ./jerry...
Starting program: /home/user/fuzz/jerryscript_origin/jerryscript/build/bin/jerry /home/user/vul/crash/Jerryscript/out/crashes/program_20230412010753_28034C1C-6509-445B-8305-557EE504E083_deterministic.js
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x000000000041d592 in jmem_heap_find_prev (block_p=<optimized out>) at /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/jmem/jmem-heap.c:379
379 while (prev_p->next_offset < block_offset)
(gdb)
JerryScript revision
Build & Execution platform
Build steps
Test case
the pocfile.js
Execution steps
Output
asan report:
Backtrace
Expected behavior
SEGV or crash
Credits:
@gandalf4a