stack-overflow at quickjs.c:31754 #8

kvenux · 2020-09-14T02:27:36Z

Build environment:

Ubuntu 16.04
gcc 5.4.0
qjs version: af1420f(git hash)
test command: ./qjs poc

POC

Description

Below is the ASAN outputs.

ASAN:SIGSEGV
==107042==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd4f3befb8 (pc 0x00000087b714 bp 0x7ffd4f3bf0c0 sp 0x7ffd4f3befb8 T0)
#0 0x87b713 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31754
#1 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#2 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#3 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#4 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#5 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#6 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#7 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#8 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#9 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#10 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#11 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#12 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#13 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#14 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#15 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#16 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#17 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#18 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#19 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#20 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#21 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#22 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#23 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#24 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#25 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#26 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#27 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#28 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#29 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#30 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#31 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#32 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#33 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#34 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#35 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#36 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#37 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#38 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#39 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#40 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#41 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#42 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#43 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#44 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#45 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#46 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#47 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#48 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#49 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#50 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#51 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#52 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#53 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#54 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#55 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#56 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#57 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#58 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#59 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#60 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#61 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#62 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#63 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#64 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#65 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#66 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#67 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#68 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#69 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#70 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#71 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#72 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#73 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#74 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#75 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#76 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#77 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#78 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#79 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#80 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#81 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#82 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#83 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#84 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#85 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#86 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#87 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#88 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#89 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#90 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#91 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#92 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#93 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#94 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#95 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#96 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#97 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#98 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#99 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#100 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#101 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#102 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#103 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#104 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#105 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#106 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#107 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#108 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#109 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#110 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#111 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#112 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#113 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#114 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#115 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#116 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#117 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#118 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#119 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#120 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#121 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#122 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#123 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#124 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#125 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#126 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#127 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#128 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#129 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#130 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#131 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#132 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#133 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#134 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#135 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#136 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#137 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#138 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#139 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#140 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#141 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#142 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#143 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#144 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#145 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#146 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#147 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#148 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#149 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#150 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#151 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#152 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#153 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#154 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#155 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#156 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#157 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#158 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#159 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#160 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#161 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#162 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#163 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#164 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#165 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#166 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#167 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#168 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#169 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#170 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#171 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#172 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#173 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#174 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#175 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#176 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#177 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#178 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#179 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#180 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#181 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#182 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#183 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#184 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#185 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#186 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#187 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#188 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#189 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#190 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#191 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#192 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#193 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#194 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#195 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#196 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#197 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#198 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#199 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#200 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#201 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#202 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#203 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#204 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#205 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#206 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#207 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#208 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#209 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#210 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#211 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#212 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#213 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#214 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#215 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#216 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#217 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#218 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#219 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#220 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#221 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#222 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#223 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#224 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#225 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#226 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#227 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#228 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#229 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#230 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#231 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#232 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#233 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#234 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#235 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#236 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#237 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#238 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#239 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#240 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#241 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#242 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#243 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#244 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#245 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#246 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#247 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#248 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#249 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#250 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#251 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835

SUMMARY: AddressSanitizer: stack-overflow /home/keven/Fuzzing/QuickJS/quickjs.c:31754 compute_stack_size_rec
==107042==ABORTING

The text was updated successfully, but these errors were encountered:

moqi2011 · 2020-09-19T16:31:35Z

我在v2ex上面看到一个人头像和名字都和你一样，是你吗？

kvenux · 2020-09-20T06:47:15Z

@moqi2011 Yes....

HelloAlone · 2020-09-28T03:07:54Z

refer this repo (support msvc 2017 or 2019): https://github.com/c-smile/quickjs/

kvenux · 2020-09-29T01:50:40Z

refer this repo (support msvc 2017 or 2019): https://github.com/c-smile/quickjs/

another official repo?

alexdowad · 2020-11-02T06:23:14Z

This evals a 1.4MB string in such a way that QuickJS generates an enormous number of OP_with_get_var opcodes when compiling that source string. When compiling a function (or eval'd string), QuickJS must determine how much space it needs for its evaluation stack. Since OP_with_get_var does a conditional forward jump, compute_stack_size_rec recurses to check what the maximum required evaluation stack size is both when the conditional jump is taken, and when it is not taken.

Generate a function with lots and lots of OP_with_get_var opcodes, and the recursion tree for compute_stack_size_rec will be enormous.

This is unfortunate, since the recursive code for compute_stack_size_rec is quite simple and straightforward. From a cursory examination, it looks like any fix will make the function significantly less readable.

bellard · 2020-11-08T13:35:22Z

fixed

alexdowad · 2020-11-08T16:29:45Z

OK, so explicit recursion is no longer used to explore different paths through a function and calculate the required stack size. Instead, paths which still need to be searched are pushed onto a queue.

I must say that the fix is simpler and less intrusive than what I had imagined. Nice!

fix: more accurate column number for call_method and call

feat/gc-dump

Switch usleep to conditionally sleep

bellard added the Will be fixed in next release label Nov 2, 2020

bellard closed this as completed Nov 8, 2020

cykoder pushed a commit to cykoder/quickjs that referenced this issue Sep 1, 2023

Merge pull request bellard#8 from openwebf/feat/column

f6336ad

fix: more accurate column number for call_method and call

GerHobbelt pushed a commit to GerHobbelt/quickjs that referenced this issue Oct 17, 2023

Merge pull request bellard#8 from hsiaosiyuan0/feat/gc-dump

4b8cc27

feat/gc-dump

GerHobbelt pushed a commit to GerHobbelt/quickjs that referenced this issue Oct 17, 2023

Fix UB in left-shifts in the M2/M3/M4 macros (bellard#8)

975d74d

MarkAckert pushed a commit to MarkAckert/quickjs-profiling that referenced this issue Dec 18, 2024

Merge pull request bellard#8 from 1000TurquoisePogs/bugfix/os-sleep

291b874

Switch usleep to conditionally sleep

bsekisser pushed a commit to bsekisser/quickjs that referenced this issue Jan 21, 2025

Fix UB in left-shifts in the M2/M3/M4 macros (bellard#8)

06a924a

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

stack-overflow at quickjs.c:31754 #8

stack-overflow at quickjs.c:31754 #8

kvenux commented Sep 14, 2020

moqi2011 commented Sep 19, 2020

kvenux commented Sep 20, 2020

HelloAlone commented Sep 28, 2020

kvenux commented Sep 29, 2020

alexdowad commented Nov 2, 2020

bellard commented Nov 8, 2020

alexdowad commented Nov 8, 2020

stack-overflow at quickjs.c:31754 #8

stack-overflow at quickjs.c:31754 #8

Comments

kvenux commented Sep 14, 2020

Build environment:

POC

Description

moqi2011 commented Sep 19, 2020

kvenux commented Sep 20, 2020

HelloAlone commented Sep 28, 2020

kvenux commented Sep 29, 2020

alexdowad commented Nov 2, 2020

bellard commented Nov 8, 2020

alexdowad commented Nov 8, 2020