Skip to content

Stack-overflow in JS_GetPropertyInternal2 #776

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Hanseltu opened this issue Dec 29, 2024 · 0 comments · Fixed by #778
Closed

Stack-overflow in JS_GetPropertyInternal2 #776

Hanseltu opened this issue Dec 29, 2024 · 0 comments · Fixed by #778

Comments

@Hanseltu
Copy link

Hi,

The following test input (input.js) causes the qjs a stack-overflow issue.

$cat input.js
function f(aqqusxkzn) {
var abudgcquf;
f.apply(null, ['']);
}
f('')

$./qjs input.js
ASAN:DEADLYSIGNAL
=================================================================
==27669==ERROR: AddressSanitizer: stack-overflow on address 0x7fffff7fef18 (pc 0x5555556f97fa bp 0x7fffff7ff210 sp 0x7fffff7feea0 T0)
    #0 0x5555556f97f9 in JS_GetPropertyInternal2 /home/benchmarks/quickjs/quickjs.c:7357
    #1 0x5555556faedd in JS_GetProperty /home/benchmarks/quickjs/quickjs.c:7510
    #2 0x5555557db985 in js_get_length32 /home/benchmarks/quickjs/quickjs.c:37557
    #3 0x5555557dbdff in build_arg_list /home/benchmarks/quickjs/quickjs.c:37603
    #4 0x5555557dc582 in js_function_apply /home/benchmarks/quickjs/quickjs.c:37653
    #5 0x55555572b2de in js_call_c_function /home/benchmarks/quickjs/quickjs.c:14727
    #6 0x55555572d0f1 in JS_CallInternal /home/benchmarks/quickjs/quickjs.c:14928
    #7 0x55555573492b in JS_CallInternal /home/benchmarks/quickjs/quickjs.c:15340
    #8 0x555555751627 in JS_Call /home/benchmarks/quickjs/quickjs.c:17451
    #9 0x5555557dc6b5 in js_function_apply /home/benchmarks/quickjs/quickjs.c:37659
    #10 0x55555572b2de in js_call_c_function /home/benchmarks/quickjs/quickjs.c:14727
    #11 0x55555572d0f1 in JS_CallInternal /home/benchmarks/quickjs/quickjs.c:14928
    #12 0x55555573492b in JS_CallInternal /home/benchmarks/quickjs/quickjs.c:15340
    #13 0x555555751627 in JS_Call /home/benchmarks/quickjs/quickjs.c:17451
    #14 0x5555557dc6b5 in js_function_apply /home/benchmarks/quickjs/quickjs.c:37659
    #15 0x55555572b2de in js_call_c_function /home/benchmarks/quickjs/quickjs.c:14727
    #16 0x55555572d0f1 in JS_CallInternal /home/benchmarks/quickjs/quickjs.c:14928
    #17 0x55555573492b in JS_CallInternal /home/benchmarks/quickjs/quickjs.c:15340
    ... // omit the same stack trace information
    #244 0x5555557dc6b5 in js_function_apply /home/benchmarks/quickjs/quickjs.c:37659
    #245 0x55555572b2de in js_call_c_function /home/benchmarks/quickjs/quickjs.c:14727
    #246 0x55555572d0f1 in JS_CallInternal /home/benchmarks/quickjs/quickjs.c:14928
    #247 0x55555573492b in JS_CallInternal /home/benchmarks/quickjs/quickjs.c:15340
    #248 0x555555751627 in JS_Call /home/benchmarks/quickjs/quickjs.c:17451
    #249 0x5555557dc6b5 in js_function_apply /home/benchmarks/quickjs/quickjs.c:37659
    #250 0x55555572b2de in js_call_c_function /home/benchmarks/quickjs/quickjs.c:14727

SUMMARY: AddressSanitizer: stack-overflow /home/benchmarks/quickjs/quickjs.c:7357 in JS_GetPropertyInternal2
==27669==ABORTING
G


Compilation command: cmake -DCMAKE_C_COMPILER=gcc -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_FLAGS="-fsanitize=address -ldl -static-libasan" -DCMAKE_INSTALL_PREFIX=/home/benchmarks/quickjs/build .. and make -j12.
Compiler version: gcc-7.5.0.
System: ubuntu 18.04.
quickjs version: master (74fd4d7).

Thanks.

bnoordhuis added a commit to bnoordhuis/quickjs that referenced this issue Dec 29, 2024
Otherwise recursive calls keep going until they trip ASan checks.

Remove the `__ASAN__` and `__UBSAN__` defines; no longer necessary.

Remove `globalThis.__running_with_sanitizer__` from qjs; likewise.

Fixes: quickjs-ng#671
Fixes: quickjs-ng#775
Fixes: quickjs-ng#776
bluesky950520 pushed a commit to bluesky950520/quickjs that referenced this issue Mar 14, 2025
Otherwise recursive calls keep going until they trip ASan checks.

Remove the `__ASAN__` and `__UBSAN__` defines; no longer necessary.

Remove `globalThis.__running_with_sanitizer__` from qjs; likewise.

Fixes: quickjs-ng/quickjs#671
Fixes: quickjs-ng/quickjs#775
Fixes: quickjs-ng/quickjs#776
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant