jerryscript icon indicating copy to clipboard operation
jerryscript copied to clipboard

Published 20 hours ago verified publisher icon jerryscript-project

jerry crashed while running the following code.

Open marckwei opened this issue 1 year ago • 1 comments

JerryScript revision

1a2c04763aba49f52b1537acd3730098c873511c

Build platform

Name the build platform. E.g., copy the output of Ubuntu Lunar Lobster (development branch) (Linux 5.15.0-67-generic x86_64)

Build steps
python3 tools/build.py --builddir=asan --compile-flag=-fno-omit-frame-pointer --compile-flag=-fsanitize=address  --compile-flag=-fno-optimize-sibling-calls --compile-flag=-g --strip=OFF
Test case
function f0(a1, a2, ...a3) {
class C4 extends a1 {
}
var v5 = new C4(C4);
return C4;
}
f0(f0);
Execution steps
./build/bin/jerry  test.js
Output

segmentfault

Backtrace

==51694==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe6695efc0 (pc 0x5556250c8272 bp 0x7ffe6695f070 sp 0x7ffe6695efb0 T0) #0 0x5556250c8272 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1704 #1 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631 #2 0x5556250c8958 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727 #3 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631 ... ... #491 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631 #492 0x5556250c8958 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727 #493 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631 #494 0x5556250c8958 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727 #495 0x5556250c8958 in ecma_op_function_construct_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631 #496 0x5556250c8958 in ecma_op_function_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727

SUMMARY: AddressSanitizer: stack-overflow /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1704 in ecma_op_function_construct ==51694==ABORTING

marckwei avatar Mar 15 '23 06:03 marckwei

CVE-2023-30410 appears to have been assigned for this issue.

carnil avatar Apr 26 '23 19:04 carnil