Skip to content

SEGV in ecma_gc_free_native_pointer #5152

New issue
New issue
Open
Open
SEGV in ecma_gc_free_native_pointer#5152
Labels
bugUndesired behaviourfuzzingRelated to fuzz testing of the enginememory managementRelated to memory management or garbage collection
@Qbtly

Description

@Qbtly
Qbtly
opened on Aug 5, 2024
Commit ID

2dbb6f7

Build platform

Ubuntu 22.04.3

Build steps
python3 ./tools/build.py --builddir=xxx --clean --compile-flag=-fsanitize=address --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --stack-limit=20
Test case
var a = [ ] ;
for ( var v = 0 ; v < 256 ; v ++ ) {
        var n = Object . create ( null ) ;
        a . push ( n , a ) ;
        n = new WeakSet ( a ) ;
        n . o = [ ] ;
} T(Promise.resolve('success'))  
BigInt ( 4 );
Execution steps
./jerry poc.js
Output
Unhandled exception: ReferenceError: T is not defined
 0:/default/crashes/id:000033,sig:06,src:0009
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2065425==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x00000050c644 bp 0x0000000000c0 sp 0x7ffc795bc3b0 T0)
==2065425==The signal is caused by a READ memory access.
==2065425==Hint: this fault was caused by a dereference of a high value address (see register values below).  Disassemble the provided pc to learn which register was used.
    #0 0x50c644 in ecma_gc_free_native_pointer /jerryscript/jerry-core/ecma/base/ecma-gc.c:1311:75
    #1 0x50c644 in ecma_gc_free_property /jerryscript/jerry-core/ecma/base/ecma-gc.c:1648:7
    #2 0x50cb48 in ecma_gc_free_properties /jerryscript/jerry-core/ecma/base/ecma-gc.c:1684:7
    #3 0x50fb49 in ecma_gc_free_object /jerryscript/jerry-core/ecma/base/ecma-gc.c:2108:3
    #4 0x50fb49 in ecma_gc_run /jerryscript/jerry-core/ecma/base/ecma-gc.c:2236:5
    #5 0x55aa24 in ecma_finalize /jerryscript/jerry-core/ecma/base/ecma-init-finalize.c:83:5
    #6 0x4eb545 in jerry_cleanup /jerryscript/jerry-core/api/jerryscript.c:229:3
    #7 0x4e0b2f in main /jerryscript/jerry-main/main-desktop.c:264:3
    #8 0x7fb8baa4ed8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    #9 0x7fb8baa4ee3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    #10 0x427fd4 in _start (/jerryscript/0805/bin/jerry+0x427fd4)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /jerryscript/jerry-core/ecma/base/ecma-gc.c:1311:75 in ecma_gc_free_native_pointer
==2065425==ABORTING

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugUndesired behaviourfuzzingRelated to fuzz testing of the enginememory managementRelated to memory management or garbage collection

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions