CVE-2023-30406: Segmentation fault in jerry · Issue #5058 · jerryscript-project/jerryscript

JerryScript revision

1a2c047

Build platform

Ubuntu 20.04.2 LTS (Linux 5.15.0-67-generic x86_64)

Build steps

Describe how to build JerryScript. Give all the necessary details of the build
(e.g., environment variables, command(s), profile, command line options, etc.).

E.g.:

tools/build.py --compile-flag=-fsanitize=address --compile-flag=-g

Build log****Test case

function i(a,b=eval()){eval()} i(i(“a”),eval(“var a”))

Execution platform

same as the build platform.

Execution steps

build/bin/jerry testcase.js

Output

Segmentation fault (core dumped)

Backtrace

=================================================================
==167385==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x562a05bd8581 bp 0x7fffdc027800 sp 0x7fffdc027790 T0)
==167385==The signal is caused by a READ memory access.
==167385==Hint: address points to the zero page.
#0 0x562a05bd8580 (/data/jerryscript/asan/bin/jerry+0xd0580)
#1 0x562a05b8051c (/data/jerryscript/asan/bin/jerry+0x7851c)
#2 0x562a05b9069f (/data/jerryscript/asan/bin/jerry+0x8869f)
#3 0x562a05b919b9 (/data/jerryscript/asan/bin/jerry+0x899b9)
#4 0x562a05b6b6d8 (/data/jerryscript/asan/bin/jerry+0x636d8)
#5 0x562a05bc14cd (/data/jerryscript/asan/bin/jerry+0xb94cd)
#6 0x562a05bc696a (/data/jerryscript/asan/bin/jerry+0xbe96a)
#7 0x562a05b9085b (/data/jerryscript/asan/bin/jerry+0x8885b)
#8 0x562a05b919b9 (/data/jerryscript/asan/bin/jerry+0x899b9)
#9 0x562a05bf8576 (/data/jerryscript/asan/bin/jerry+0xf0576)
#10 0x562a05b25dac (/data/jerryscript/asan/bin/jerry+0x1ddac)
#11 0x7f32bb095082 in __libc_start_main …/csu/libc-start.c:308
#12 0x562a05b26cfd (/data/jerryscript/asan/bin/jerry+0x1ecfd)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/data/jerryscript/asan/bin/jerry+0xd0580)
==167385==ABORTING

Expected behavior