Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

stack-overflow in duktape/duk_api_stack.c:337 in duk_is_valid_posidx #2549

Open
gandalf4a opened this issue Oct 10, 2023 · 0 comments
Open

Comments

@gandalf4a
Copy link

Version

$ git show
commit 47eedc5d53cdab72c5933148496b91142d5f0940 (HEAD -> master, origin/master, origin/HEAD)
Merge: f203a13e 7f66f09f
Author: Sami Vaarala <sami.vaarala@iki.fi>
Date:   Sun Sep 10 16:07:39 2023 +0300

Platform

$ uname -a
Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic #33~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Sep  7 10:33:52 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

Asan

duk_hobject_lookup.c:20:49: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior duk_hobject_lookup.c:20:49 in 
duk_hobject_misc.c:124:70: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior duk_hobject_misc.c:124:70 in 
duk_hobject_misc.c:103:49: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior duk_hobject_misc.c:103:49 in 
duk_hobject_misc.c:104:49: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior duk_hobject_misc.c:104:49 in 
duk_hobject_resize.c:400:48: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior duk_hobject_resize.c:400:48 in 
duk_hobject_resize.c:401:46: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior duk_hobject_resize.c:401:46 in 
duk_hobject_misc.c:266:50: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior duk_hobject_misc.c:266:50 in 
duk_hobject_misc.c:267:49: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior duk_hobject_misc.c:267:49 in 
duk_heap_markandsweep.c:98:15: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior duk_heap_markandsweep.c:98:15 in 
duk_util_bufwriter.c:27:16: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior duk_util_bufwriter.c:27:16 in 
duk_util_bufwriter.c:29:22: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior duk_util_bufwriter.c:29:22 in 
duk_hobject_lookup.c:105:49: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior duk_hobject_lookup.c:105:49 in 
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==19481==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff2bb4df98 (pc 0x0000005753cc bp 0x7fff2bb4e030 sp 0x7fff2bb4dfa0 T19481)
    #0 0x5753cc in duk_is_valid_posidx /home/user/fuzz/duktape/duk_api_stack.c:337
    #1 0xa5c1b3 in duk__get_own_prop_strkey_ordinary /home/user/fuzz/duktape/duk_prop_get.c:338:2
    #2 0xa60357 in duk__get_ownprop_strkey_ordinary /home/user/fuzz/duktape/duk_prop_get.c:1097:9
    #3 0xa56508 in duk__get_own_prop_strkey_htypejump /home/user/fuzz/duktape/duk_prop_get.c:1205:9
    #4 0xa6b442 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1275:9
    #5 0xa6b442 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #6 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #7 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #8 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #9 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #10 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #11 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #12 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #13 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #14 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #15 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #16 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #17 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #18 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #19 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #20 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #21 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #22 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #23 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #24 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #25 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #26 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #27 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #28 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #29 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #30 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #31 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #32 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #33 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #34 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #35 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #36 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #37 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #38 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #39 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #40 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #41 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #42 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #43 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #44 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #45 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #46 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #47 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #48 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #49 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #50 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #51 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #52 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #53 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #54 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #55 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #56 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #57 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #58 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #59 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #60 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #61 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #62 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #63 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #64 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #65 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #66 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #67 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #68 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #69 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #70 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #71 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #72 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #73 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #74 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #75 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #76 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #77 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #78 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #79 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #80 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #81 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #82 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #83 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #84 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #85 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #86 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #87 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #88 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #89 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #90 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #91 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #92 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #93 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #94 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #95 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #96 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #97 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #98 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #99 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #100 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #101 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #102 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #103 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #104 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #105 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #106 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #107 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #108 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #109 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #110 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #111 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #112 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #113 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #114 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #115 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #116 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #117 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #118 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #119 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #120 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #121 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #122 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #123 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #124 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #125 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #126 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #127 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #128 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #129 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #130 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #131 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #132 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #133 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #134 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #135 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #136 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #137 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #138 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #139 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #140 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #141 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #142 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #143 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #144 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #145 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #146 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #147 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #148 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #149 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #150 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #151 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #152 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #153 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #154 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #155 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #156 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #157 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #158 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #159 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #160 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #161 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #162 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #163 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #164 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #165 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #166 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #167 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #168 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #169 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #170 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #171 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #172 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #173 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #174 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #175 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #176 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #177 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #178 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #179 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #180 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #181 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #182 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #183 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #184 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #185 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #186 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #187 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #188 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #189 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #190 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #191 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #192 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #193 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #194 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #195 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #196 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #197 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #198 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #199 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #200 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #201 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #202 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #203 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #204 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #205 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #206 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #207 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #208 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #209 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #210 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #211 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #212 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #213 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #214 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #215 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #216 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #217 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #218 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #219 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #220 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #221 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #222 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #223 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #224 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #225 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #226 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #227 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #228 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #229 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #230 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #231 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #232 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #233 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #234 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #235 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #236 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #237 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #238 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #239 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #240 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #241 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #242 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #243 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #244 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #245 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #246 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #247 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #248 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #249 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #250 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #251 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #252 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #253 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #254 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #255 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #256 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #257 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #258 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #259 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #260 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #261 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #262 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #263 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #264 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #265 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #266 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #267 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #268 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #269 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #270 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #271 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #272 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #273 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #274 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #275 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #276 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #277 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #278 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #279 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #280 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #281 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #282 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #283 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #284 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #285 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #286 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9
    #287 0x5a7e44 in duk__proxy_trap_check /home/user/fuzz/duktape/duk_hobject_proxy.c:46:9
    #288 0x5d2d9b in duk_proxy_trap_check_strkey /home/user/fuzz/duktape/duk_hobject_proxy.c:71:9
    #289 0xa574bf in duk__get_own_prop_strkey_proxy_actual /home/user/fuzz/duktape/duk_prop_get.c:463:6
    #290 0xa585ee in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1332:12
    #291 0xa585ee in duk__prop_get_strkey_safe /home/user/fuzz/duktape/duk_prop_get.c:1402:9
    #292 0xa6cd62 in duk__prop_get_stroridx_helper /home/user/fuzz/duktape/duk_prop_get.c:1385:10
    #293 0xa6cd62 in duk__prop_get_strkey_unsafe /home/user/fuzz/duktape/duk_prop_get.c:1396:9
    #294 0xa6ad4f in duk__prop_get_str /home/user/fuzz/duktape/duk_prop_get.c:1411:9
    #295 0xa4fb7b in duk__prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1624:9
    #296 0x4a40b3 in duk_prop_getvalue_strkey_outidx /home/user/fuzz/duktape/duk_prop_get.c:1654:8
    #297 0x4c8b7c in duk_get_prop_stridx /home/user/fuzz/duktape/duk_api_object.c:116:9
    #298 0x5a7fbb in duk_get_prop_stridx_short_raw /home/user/fuzz/duktape/duk_api_object.c:120:9

SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /home/user/fuzz/duktape/duk_api_stack.c:337 in duk_is_valid_posidx
==19481==ABORTING

Reproduce

./duk pocfile

POC File

var o0 = {
};
var v2 = new Proxy(o0, o0);
v2.__proto__ = v2;
v2 >> -4294967295;
// CRASH INFO
// ==========
// TERMSIG: 11
// STDERR:
// 
// STDOUT:
// 
// ARGS: /home/user/fuzz/duktape/build/duk-fuzzilli --reprl
// EXECUTION TIME: 111ms

Credit

Gandalf4a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant