CVE-2021-46481: Memory leaks in linenoise src/linenoise.c:1061 · Issue #55 · pcmacdon/jsish

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed

hope-fly opened this issue

Dec 24, 2021

· 0 comments

Comments

Jsish revision

Commit: 9fa798e

Version: v3.5.0

Build platform

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps

export CFLAGS=’-fsanitize=address’ make

Test case

var JSEtest = [ 'aa’, 'bb’, ‘hhh’ ]; try { Number.bind(console.input(‘listNum’ + JSEtest), 4)(); } catch (e) {}; try { (1 >> y).toFixed.bind(2, 4)(); } catch (e) {}; (1 >> y).toFixed.bind(2, 4)();

​

Execution steps & Output

$ ./jsish/jsish poc.js

listNum [object Object] /home/user/poc.js:10: error: apply Number.toFixed to a non-number object ERROR: ================================================================= ERROR: LeakSanitizer: detected memory leaks Direct leak of 1 byte(s) in 1 object(s) allocated from: #0 0x7f0e5412d538 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x77538) #1 0x56523c6594ad in linenoise src/linenoise.c:1061 SUMMARY: AddressSanitizer: 1 byte(s) leaked in 1 allocation(s).

Credits: Found by OWL337 team.

1 participant