Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEGV in ecma_gc_free_native_pointer #5152

Open
Qbtly opened this issue Aug 5, 2024 · 0 comments
Open

SEGV in ecma_gc_free_native_pointer #5152

Qbtly opened this issue Aug 5, 2024 · 0 comments
Labels
bug Undesired behaviour fuzzing Related to fuzz testing of the engine memory management Related to memory management or garbage collection

Comments

@Qbtly
Copy link

Qbtly commented Aug 5, 2024

Commit ID

2dbb6f7

Build platform

Ubuntu 22.04.3

Build steps
python3 ./tools/build.py --builddir=xxx --clean --compile-flag=-fsanitize=address --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --stack-limit=20
Test case
var a = [ ] ;
for ( var v = 0 ; v < 256 ; v ++ ) {
        var n = Object . create ( null ) ;
        a . push ( n , a ) ;
        n = new WeakSet ( a ) ;
        n . o = [ ] ;
} T(Promise.resolve('success'))  
BigInt ( 4 );
Execution steps
./jerry poc.js
Output
Unhandled exception: ReferenceError: T is not defined
 0:/default/crashes/id:000033,sig:06,src:0009
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2065425==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x00000050c644 bp 0x0000000000c0 sp 0x7ffc795bc3b0 T0)
==2065425==The signal is caused by a READ memory access.
==2065425==Hint: this fault was caused by a dereference of a high value address (see register values below).  Disassemble the provided pc to learn which register was used.
    #0 0x50c644 in ecma_gc_free_native_pointer /jerryscript/jerry-core/ecma/base/ecma-gc.c:1311:75
    #1 0x50c644 in ecma_gc_free_property /jerryscript/jerry-core/ecma/base/ecma-gc.c:1648:7
    #2 0x50cb48 in ecma_gc_free_properties /jerryscript/jerry-core/ecma/base/ecma-gc.c:1684:7
    #3 0x50fb49 in ecma_gc_free_object /jerryscript/jerry-core/ecma/base/ecma-gc.c:2108:3
    #4 0x50fb49 in ecma_gc_run /jerryscript/jerry-core/ecma/base/ecma-gc.c:2236:5
    #5 0x55aa24 in ecma_finalize /jerryscript/jerry-core/ecma/base/ecma-init-finalize.c:83:5
    #6 0x4eb545 in jerry_cleanup /jerryscript/jerry-core/api/jerryscript.c:229:3
    #7 0x4e0b2f in main /jerryscript/jerry-main/main-desktop.c:264:3
    #8 0x7fb8baa4ed8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    #9 0x7fb8baa4ee3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    #10 0x427fd4 in _start (/jerryscript/0805/bin/jerry+0x427fd4)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /jerryscript/jerry-core/ecma/base/ecma-gc.c:1311:75 in ecma_gc_free_native_pointer
==2065425==ABORTING
@LaszloLango LaszloLango added bug Undesired behaviour memory management Related to memory management or garbage collection fuzzing Related to fuzz testing of the engine labels Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Undesired behaviour fuzzing Related to fuzz testing of the engine memory management Related to memory management or garbage collection
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LaszloLango @Qbtly