Skip to content

SEGV in njs_function_lambda_call #530

New issue
New issue
Closed
Closed
SEGV in njs_function_lambda_call#530
Assignees
xeioex
Labels
bugfuzzer
@Q1IQ

Description

@Q1IQ
Q1IQ
opened on Jun 2, 2022

Environment

OS      : Linux ubuntu 5.11.10 #1 SMP Sat Oct 30 23:40:08 CST 2021 x86_64 x86_64 x86_64 GNU/Linux
Commit  : c62a9fb92b102c90a66aa724cb9054183a33a68c
Version : 0.7.4
Build   : 
          NJS_CFLAGS="$NJS_CFLAGS -fsanitize=address"
          NJS_CFLAGS="$NJS_CFLAGS -fno-omit-frame-pointer"

Proof of concept

async function f() {
    await 1;
    var v = 2;

    function g() {
      v + 1;
    }

    function s() {
      g + 1;
    }

    g();
}

f();

Stack dump

UndefinedBehaviorSanitizer:DEADLYSIGNAL
==3050875==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000043a7c6 bp 0x7ffcd6f10b00 sp 0x7ffcd6f10920 T3050875)
==3050875==The signal is caused by a READ memory access.
==3050875==Hint: address points to the zero page.
    #0 0x43a7c6 in njs_scope_valid_value /njs/src/njs_scope.h:86:10
    #1 0x43a7c6 in njs_vmcode_await /njs/src/njs_vmcode.c:1924:13
    #2 0x43a7c6 in njs_vmcode_interpreter /njs/src/njs_vmcode.c:861:24
    #3 0x468070 in njs_function_lambda_call /njs/src/njs_function.c:693:11
    #4 0x4bd170 in njs_async_function_frame_invoke /njs/src/njs_async.c:32:11
    #5 0x4364d7 in njs_vmcode_interpreter /njs/src/njs_vmcode.c:799:23
    #6 0x4bd35d in njs_await_fulfilled /njs/src/njs_async.c:91:11
    #7 0x468574 in njs_function_native_call /njs/src/njs_function.c:728:11
    #8 0x467941 in njs_function_frame_invoke /njs/src/njs_function.c:766:16
    #9 0x467941 in njs_function_call2 /njs/src/njs_function.c:592:11
    #10 0x4b6938 in njs_function_call /njs/src/njs_function.h:178:12
    #11 0x4b6938 in njs_promise_reaction_job /njs/src/njs_promise.c:1171:15
    #12 0x468574 in njs_function_native_call /njs/src/njs_function.c:728:11
    #13 0x433a27 in njs_vm_invoke /njs/src/njs_vm.c:428:12
    #14 0x433a27 in njs_vm_call /njs/src/njs_vm.c:412:12
    #15 0x433a27 in njs_vm_handle_events /njs/src/njs_vm.c:572:19
    #16 0x433a27 in njs_vm_run /njs/src/njs_vm.c:532:12
    #17 0x428d13 in njs_process_script /njs/src/njs_shell.c:1059:15
    #18 0x428763 in njs_process_file /njs/src/njs_shell.c:754:11
    #19 0x428763 in main /njs/src/njs_shell.c:435:15
    #20 0x7f8424948082 in __libc_start_main /build/glibc-KZwQYS/glibc-2.31/csu/../csu/libc-start.c:308:16
    #21 0x406d3d in _start (/home/q1iq/Documents/njs-dump/njs/build/njs+0x406d3d)

UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV /njs/src/njs_scope.h:86:10 in njs_scope_valid_value
==3050875==ABORTING

Credit

Q1IQ(@Q1IQ)

Metadata

Metadata

Assignees

Labels

bugfuzzer

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions