Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault in jmem_pools_collect_empty #2774

Closed
renatahodovan opened this issue Feb 25, 2019 · 0 comments · Fixed by #2776
Closed

Segmentation fault in jmem_pools_collect_empty #2774

renatahodovan opened this issue Feb 25, 2019 · 0 comments · Fixed by #2776
Labels
bug Undesired behaviour critical Raises security concerns

Comments

@renatahodovan
Copy link
Contributor

Jerry version:
Checked revision: d4e27d30

Build command: ./tools/build.py --clean --debug --profile=es2015-subset --error-messages=on --logging=on
OS:
Linux-4.15.0-43-generic-x86_64-with-Ubuntu-18.04-bionic
Test case:

Download

Backtrace:
Script Error: TypeError: The structure is cyclical.

Program received signal SIGSEGV, Segmentation fault.
0x000055555558ae34 in jmem_pools_collect_empty () at jerryscript/jerry-core/jmem/jmem-poolman.c:158
158	    jmem_pools_chunk_t *const next_p = chunk_p->next_p;
(gdb) bt
#0  0x000055555558ae34 in jmem_pools_collect_empty () at jerryscript/jerry-core/jmem/jmem-poolman.c:158
#1  0x000055555558acd7 in jmem_pools_finalize () at jerryscript/jerry-core/jmem/jmem-poolman.c:40
#2  0x000055555558a146 in jmem_finalize () at jerryscript/jerry-core/jmem/jmem-allocator.c:161
#3  0x00005555555c1eff in jerry_cleanup () at jerryscript/jerry-core/api/jerry.c:228
#4  0x00005555555c1292 in main (argc=2, argv=0x7fffffffdcf8) at jerryscript/jerry-main/main-unix.c:874

Found by Fuzzinator with grammarinator.

@LaszloLango LaszloLango added the bug Undesired behaviour label Feb 25, 2019
@rerobika rerobika added the critical Raises security concerns label Feb 25, 2019
rerobika added a commit to rerobika/jerryscript that referenced this issue Feb 25, 2019
@rerobika
Fix the JSON stringify context abort in case of error
0dbb665 
This patch fixes jerryscript-project#2774 and fixes jerryscript-project#2775 as well.
Also add a shortcut to access the length of the array in `ecma_builtin_json_array`.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik [email protected]
@rerobika rerobika mentioned this issue Feb 25, 2019
Merged
dbatyai pushed a commit that referenced this issue Mar 6, 2019
@rerobika @dbatyai
Fix the JSON stringify context abort in case of error (#2776)
e4fee93 
This patch fixes #2774 and fixes #2775 as well.
Also add a shortcut to access the length of the array in `ecma_builtin_json_array`.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik [email protected]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Undesired behaviour critical Raises security concerns
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix the JSON stringify context abort in case of error rerobika/jerryscript
3 participants
@renatahodovan @LaszloLango @rerobika