Headline

CVE-2020-23315: ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse · Issue #6453 · chakra-core/ChakraCore

There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.

2 years ago

CVE

Open in Source

#vulnerability #ubuntu #linux #js #git

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse #6453

Open

owl337 opened this issue

Jun 1, 2020

· 0 comments

Comments

@owl337

ChakraCore version:

version 1.12.0.0-beta

Build Commond

./build.sh --debug

Ubuntu 16.04.6 LTS (Linux 4.4.0-142-generic x86_64)

Test case

function test0() {
  var func2 = (async (xsbazt = hkvvxr(x)) => [...[
        -2,
      ]]);
  var a = -191;
  func3(a);
}

function Run(){
    WScript.Echo('PASSED');
}


WScript.Attach(Run);

Output

ASSERTION 202914: (ChakraCore/lib/Runtime/Debug/DebugContext.cpp, line 359) pFuncBody->GetYieldRegister() == oldYieldRegister
 Failure: (pFuncBody->GetYieldRegister() == oldYieldRegister)
Illegal instruction

Credits: This vulnerability is detected by chong from OWL337.

@owl337 owl337 changed the title DebugBreak in Js::DebugContext::RundownSourcesAndReparse ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse