Jack Ren

icon location Pursuit for a broad horizon.

Results 6 comments of Jack Ren

How to setup redis for the fuzzer?

You need a ssh tunnel to proxy the redis port to localhost:9000. The guidance in README: ``` ./fuzz/scripts/redis.py ```

Construct a specific payload to [String].match cause ChakraCore engine StackOverflow crash, which may cause denial of service.

Hello, As long as variable `dnaInput` is longer enough, the bug will be triggered. You may extend the length of `dnaInput` by append random slices of `dnaInput` itself.

Construct a specific payload to [String].match cause ChakraCore engine StackOverflow crash, which may cause denial of service.

My above PoC is confirmed again to be reproduced on Windows. Maybe you could try the following PoC on Ubuntu? ```javascript var dnaInput = "tacgattttatcgcgactagttaatcatcatagcaagtaaaatttgaattatgtcattat\ catgctccattaacaggttatttaattgatactgacgaaattttttcacaatgggttttc\ tagaatttaatatcagtaattgaagccttcataggggtcctactagtatcctacacgacg\ caggtccgcagtatcctggagggacgtgttactgattaaaagggtcaaaggaatgaaggc\ tcacaatgttacctgcttcaccatagtgagccgatgagttttacattagtactaaatccc\ aaatcatactttacgatgaggcttgctagcgctaaagagaatacatacaccaccacatag\...

Construct a specific payload to [String].match cause ChakraCore engine StackOverflow crash, which may cause denial of service.

Hello, I'm able to reproduce the bug in Ubuntu 18.04 as long as executing `ulimit -s1024` to limit the stack size before running `ch`.

Construct a specific payload to [String].match cause ChakraCore engine StackOverflow crash, which may cause denial of service.

On my Ubuntu 18.04, the default value of `ulimit -s` is `8192`. The following attached PoC file can crash the `ch` in the above condition. [poc.js.txt](https://github.com/chakra-core/ChakraCore/files/9650657/poc.js.txt)

Construct a specific payload to [String].match cause ChakraCore engine StackOverflow crash, which may cause denial of service.

Unhandled StackOverflow exception.