ChakraCore icon indicating copy to clipboard operation
ChakraCore copied to clipboard
verified publisher icon chakra-core

Segmentation fault

Open oneyue6761 opened this issue 3 years ago • 0 comments

Version: 41ad58a9eebf8d52a83424c8fccfaacdb14105ec (2022//2/20 latest) OS: Linux Ubuntu 20.04.3 LTS Architecture: x64

Poc:

function attach(f) { (function (r) {    WScript.Attach(r); })(f); }

async function mainTest(notAttachCall) {    if (notAttachCall) {        for (let i = 0; i < [1]; ++i) {            await attach(mainTest);       }   } else {        var i = 10;/bp:locals()/   } } mainTest(true); WScript.Echo("PASSED");

Trace:

AddressSanitizer:DEADLYSIGNAL ==229002==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x5564849d4998 bp 0x7ffe7ae00630 sp 0x7ffe7ae00630 T0) ==229002==The signal is caused by a READ memory access. ==229002==Hint: address points to the zero page. #0 0x5564849d4998 in Js::ByteBlock::GetBuffer() /home/xyf2001/Desktop/wy/ChakraCore/lib/Runtime/ByteCode/ByteBlock.cpp:21:16 #1 0x556484a3bb4c in Js::AuxArray const* Js::ByteCodeReader::ReadAuxArray(unsigned int, Js::FunctionBody*) /home/xyf2001/Desktop/wy/ChakraCore/lib/Runtime/ByteCode/ByteCodeReader.cpp:231:104 #2 0x556484f54aaf in void Js::InterpreterStackFrame::ProfiledNewScIntArray(Js::OpLayoutDynamicProfileJs::OpLayoutAuxiliary const __unaligned*) /home/xyf2001/Desktop/wy/ChakraCore/lib/Runtime/Language/InterpreterStackFrame.cpp:5409:43 #3 0x556484cc279b in Js::InterpreterStackFrame::ProcessWithDebugging() /home/xyf2001/Desktop/wy/ChakraCore/lib/Runtime/Language/InterpreterHandler.inl:401:3 #4 0x556484c9d977 in Js::InterpreterStackFrame::DebugProcess() /home/xyf2001/Desktop/wy/ChakraCore/lib/Runtime/Language/InterpreterStackFrame.cpp:2517:34 #5 0x556484c9c4f3 in Js::InterpreterStackFrame::InterpreterHelper(Js::ScriptFunction*, Js::ArgumentReader, void*, void*, Js::InterpreterStackFrame::AsmJsReturnStruct*) /home/xyf2001/Desktop/wy/ChakraCore/lib/Runtime/Language/InterpreterStackFrame.cpp:2143:40 #6 0x556484c9b73b in Js::InterpreterStackFrame::InterpreterThunk(Js::JavascriptCallStackLayout*) /home/xyf2001/Desktop/wy/ChakraCore/lib/Runtime/Language/InterpreterStackFrame.cpp:1833:16 #7 0x7fed87010f99 () ... #55 0x5564845e4f28 in main /home/xyf2001/Desktop/wy/ChakraCore/bin/ch/ch.cpp:1274:20 #56 0x7fed8bd460b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 #57 0x55648453581d in _start (/home/xyf2001/Desktop/wy/ChakraCore/out/Release/ch+0x2c181d)

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/.../ChakraCore/lib/Runtime/ByteCode/ByteBlock.cpp:21:16 in Js::ByteBlock::GetBuffer() ==229002==ABORTING

oneyue6761 avatar Feb 20 '22 06:02 oneyue6761