Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

segment fault4 #6647

Open
bird8693 opened this issue Mar 17, 2021 · 3 comments
Open

segment fault4 #6647

bird8693 opened this issue Mar 17, 2021 · 3 comments

Comments

@bird8693
Copy link

enviroment

ubunut 16

poc

let x = 1;
fdRk = x.toFixed(x);
var PPJi = JSON;
fdRk = !9007199254740991;
this.x;
this.x = 4660;
fdRk = fdRk / x;
for (let i = 0; i < 495; i++) {
    String.prototype.localeCompare.call(x, new Date(0, 0, 0, 0, 0, 0, undefined));
    var EixA = +4;
    var djhd = Proxy;
    var NxQT = JSON;
    this.__defineSetter__('x', () => {
    });
    var EixA = +4;
    x = x / x;
    fdRk = new Uint32Array([
        1200,
        fdRk
    ]);
    x = new RegExp(null);
    var fdRk = JSON.stringify(1518500249);
    fdRk = 2147483649 % -2147483648;
    let a = new Uint8Array(100);
}
n.xyz = 2187875060;
this.x;

output

command line output

Segmentation fault (core dumped)

gef output

   0x555556d22540 <SCCLiveness::ProcessStackSymUse(StackSym*,+0> mov    r13d, eax
   0x555556d22543 <SCCLiveness::ProcessStackSymUse(StackSym*,+0> mov    rax, QWORD PTR [rbx]
   0x555556d22546 <SCCLiveness::ProcessStackSymUse(StackSym*,+0> mov    r15, QWORD PTR [rbx+0x10]
 → 0x555556d2254a <SCCLiveness::ProcessStackSymUse(StackSym*,+0> add    DWORD PTR [r12+0x74], r13d
   0x555556d2254f <SCCLiveness::ProcessStackSymUse(StackSym*,+0> test   r15, r15
   0x555556d22552 <SCCLiveness::ProcessStackSymUse(StackSym*,+0> je     0x555556d22771 <SCCLiveness::ProcessStackSymUse(StackSym*,  IR::Instr*,  int)+913>
   0x555556d22558 <SCCLiveness::ProcessStackSymUse(StackSym*,+0> mov    QWORD PTR [rbp-0x30], rax
   0x555556d2255c <SCCLiveness::ProcessStackSymUse(StackSym*,+0> mov    QWORD PTR [rbp-0x48], rbx
   0x555556d22560 <SCCLiveness::ProcessStackSymUse(StackSym*,+0> mov    rax, QWORD PTR fs:0x0
─────────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "ch", stopped 0x7ffff73d1360 in pthread_cond_wait@@GLIBC_2.3.2 (), reason: SIGSEGV
[#1] Id 2, Name: "ch", stopped 0x7ffff73d1709 in pthread_cond_timedwait@@GLIBC_2.3.2 (), reason: SIGSEGV
[#2] Id 3, Name: "ch", stopped 0x7ffff73d1709 in pthread_cond_timedwait@@GLIBC_2.3.2 (), reason: SIGSEGV
[#3] Id 4, Name: "ch", stopped 0x555556d2254a in SCCLiveness::ProcessStackSymUse (), reason: SIGSEGV
───────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x555556d2254a → SCCLiveness::ProcessStackSymUse(this=0x7ff7f37b3a48, stackSym=<optimized out>, instr=0x7ff700000008, usageSize=<optimized out>)
[#1] 0x555556d20981 → SCCLiveness::ProcessRegUse(this=0x7ff7f37b3a48, regUse=0x7ff7f2ec4158, instr=0x7ff7f2ec4208)
[#2] 0x555556d20981 → SCCLiveness::ProcessSrc(this=0x7ff7f37b3a48, src=0x7ff7f2ec4170, instr=0x7ff7f2ec4208)
[#3] 0x555556d1e176 → SCCLiveness::Build(this=<optimized out>)
[#4] 0x555556c19030 → LinearScan::RegAlloc(this=0x7ff7f37b3d98)
[#5] 0x5555569a461b → Func::TryCodegen(this=0x7ff7f37b46b0)
[!] Command 'context' failed to execute properly, reason: access outside bounds of object referenced via synthetic pointer
@bird8693
Copy link
Author

@rhuanjl please check this 6642~6654

@rhuanjl
Copy link
Collaborator

rhuanjl commented Apr 21, 2021

This doesn't repro for me with master - what version of chakracore did you use?

@bird8693
Copy link
Author

bird8693 commented Aug 8, 2021

1.12.0.0, this issue may have been fixed.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bird8693 @rhuanjl