quickjs icon indicating copy to clipboard operation
quickjs copied to clipboard
Published 3 weeks ago verified publisher icon bellard

Memory violation in JS_CallInternal

Open SkyCrystal opened this issue 3 years ago • 0 comments

JSFunctionDef use int for var_count, but JSFunctionBytecode use uint16_t. And JS_MAX_LOCAL_VARS is 65536. So when we create exactly 65536 local vars, var_count in JSFunctionBytecode will overflow to zero at js_create_function. So it calculated a wrong alloca_size in JS_CallInternal.

SkyCrystal avatar Sep 05 '22 08:09 SkyCrystal