We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2dbb6f7
Ubuntu 22.04.3
python3 ./tools/build.py --builddir=xxx --clean --compile-flag=-fsanitize=address --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --stack-limit=20
class s extends Uint32Array { static { } const } const n = new s ( ) ;
./jerry poc.js
================================================================= ==880670==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000012211fc at pc 0x00000067e7fb bp 0x7ffddd05ca10 sp 0x7ffddd05ca08 READ of size 2 at 0x0000012211fc thread T0 #0 0x67e7fa in scanner_literal_is_created /jerryscript/jerry-core/parser/js/js-scanner-util.c:2922:44 #1 0x7e82c1 in parser_parse_var_statement /jerryscript/jerry-core/parser/js/js-parser-statm.c:523:15 #2 0x7da089 in parser_parse_statements /jerryscript/jerry-core/parser/js/js-parser-statm.c:2781:9 #3 0x663433 in parser_parse_source /jerryscript/jerry-core/parser/js/js-parser.c:2280:5 #4 0x6611ca in parser_parse_script /jerryscript/jerry-core/parser/js/js-parser.c:3332:38 #5 0x4ec611 in jerry_parse_common /jerryscript/jerry-core/api/jerryscript.c:418:21 #6 0x4ec23e in jerry_parse /jerryscript/jerry-core/api/jerryscript.c:486:10 #7 0x80402d in jerryx_source_parse_script /jerryscript/jerry-ext/util/sources.c:52:26 #8 0x80432c in jerryx_source_exec_script /jerryscript/jerry-ext/util/sources.c:63:26 #9 0x4e0160 in main /jerryscript/jerry-main/main-desktop.c:156:20 #10 0x7f0ac095fd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) #11 0x7f0ac095fe3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) #12 0x427fd4 in _start (/jerryscript/0805/bin/jerry+0x427fd4) 0x0000012211fc is located 4 bytes to the left of global variable 'jerry_global_heap' defined in '/jerryscript/jerry-core/jcontext/jcontext.c:148:13' (0x1221200) of size 524288 0x0000012211fc is located 1108 bytes to the right of global variable 'jerry_global_context' defined in '/jerryscript/jerry-core/jcontext/jcontext.c:135:17' (0x121fc40) of size 4456 SUMMARY: AddressSanitizer: global-buffer-overflow /jerryscript/jerry-core/parser/js/js-scanner-util.c:2922:44 in scanner_literal_is_created Shadow bytes around the buggy address: 0x00008023c1e0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x00008023c1f0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x00008023c200: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x00008023c210: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x00008023c220: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 =>0x00008023c230: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9[f9] 0x00008023c240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008023c250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008023c260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008023c270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008023c280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==880670==ABORTING
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Commit ID
2dbb6f7
Build platform
Ubuntu 22.04.3
Build steps
Test case
class s extends Uint32Array { static { } const } const n = new s ( ) ;Execution steps
Output
================================================================= ==880670==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000012211fc at pc 0x00000067e7fb bp 0x7ffddd05ca10 sp 0x7ffddd05ca08 READ of size 2 at 0x0000012211fc thread T0 #0 0x67e7fa in scanner_literal_is_created /jerryscript/jerry-core/parser/js/js-scanner-util.c:2922:44 #1 0x7e82c1 in parser_parse_var_statement /jerryscript/jerry-core/parser/js/js-parser-statm.c:523:15 #2 0x7da089 in parser_parse_statements /jerryscript/jerry-core/parser/js/js-parser-statm.c:2781:9 #3 0x663433 in parser_parse_source /jerryscript/jerry-core/parser/js/js-parser.c:2280:5 #4 0x6611ca in parser_parse_script /jerryscript/jerry-core/parser/js/js-parser.c:3332:38 #5 0x4ec611 in jerry_parse_common /jerryscript/jerry-core/api/jerryscript.c:418:21 #6 0x4ec23e in jerry_parse /jerryscript/jerry-core/api/jerryscript.c:486:10 #7 0x80402d in jerryx_source_parse_script /jerryscript/jerry-ext/util/sources.c:52:26 #8 0x80432c in jerryx_source_exec_script /jerryscript/jerry-ext/util/sources.c:63:26 #9 0x4e0160 in main /jerryscript/jerry-main/main-desktop.c:156:20 #10 0x7f0ac095fd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) #11 0x7f0ac095fe3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) #12 0x427fd4 in _start (/jerryscript/0805/bin/jerry+0x427fd4) 0x0000012211fc is located 4 bytes to the left of global variable 'jerry_global_heap' defined in '/jerryscript/jerry-core/jcontext/jcontext.c:148:13' (0x1221200) of size 524288 0x0000012211fc is located 1108 bytes to the right of global variable 'jerry_global_context' defined in '/jerryscript/jerry-core/jcontext/jcontext.c:135:17' (0x121fc40) of size 4456 SUMMARY: AddressSanitizer: global-buffer-overflow /jerryscript/jerry-core/parser/js/js-scanner-util.c:2922:44 in scanner_literal_is_created Shadow bytes around the buggy address: 0x00008023c1e0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x00008023c1f0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x00008023c200: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x00008023c210: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x00008023c220: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 =>0x00008023c230: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9[f9] 0x00008023c240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008023c250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008023c260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008023c270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008023c280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==880670==ABORTINGThe text was updated successfully, but these errors were encountered: