We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Found with Fuzzillli Initial crash program_20240409121357_B4CA4B4F-CC19-4625-89C0-E913E00C270F_flaky.js.txt Minified:
function F() { constructor = this.constructor; originalPrototype = Object.getPrototypeOf(this.constructor); newPrototype = new Proxy(originalPrototype, {}); Object.setPrototypeOf(constructor, newPrototype); try { new constructor(); } catch (e) {} } class C extends F{} proxyC = new Proxy(C, {}); new proxyC();
Asan output:
AddressSanitizer:DEADLYSIGNAL ================================================================= ==67765==ERROR: AddressSanitizer: stack-overflow on address 0x7fff1635af98 (pc 0x0000004cc3db bp 0x7fff1635b7d0 sp 0x7fff1635afa0 T0) #0 0x4cc3db in __asan_memset (/home/serenity/Build/lagom/bin/js+0x4cc3db) (BuildId: 498c30ee301d0e17992f957d4298c6ec2fca6aa3) #1 0x7f075c370ea2 in AK::Optional<JS::PropertyMetadata>::Optional() /home/serenity/Meta/Lagom/../../AK/Optional.h:323:10 #2 0x7f075c370ea2 in JS::Shape::lookup(JS::StringOrSymbol const&) const /home/serenity/Userland/Libraries/LibJS/Runtime/Shape.cpp #3 0x7f075c1da4f2 in JS::Object::storage_get(JS::PropertyKey const&) const /home/serenity/Userland/Libraries/LibJS/Runtime/Object.cpp:1139:33 #4 0x7f075c1d9b12 in JS::Object::internal_get_own_property(JS::PropertyKey const&) const /home/serenity/Userland/Libraries/LibJS/Runtime/Object.cpp:793:32 #5 0x7f075c1de111 in JS::Object::internal_get(JS::PropertyKey const&, JS::Value, JS::CacheablePropertyMetadata*) const /home/serenity/Userland/Libraries/LibJS/Runtime/Object.cpp:884:23 #6 0x7f075c1ded46 in JS::Object::internal_get(JS::PropertyKey const&, JS::Value, JS::CacheablePropertyMetadata*) const /home/serenity/Userland/Libraries/LibJS/Runtime/Object.cpp:896:24 #7 0x7f075c8bf6de in JS::Value::get(JS::VM&, JS::PropertyKey const&) const /home/serenity/Userland/Libraries/LibJS/Runtime/Value.cpp:1215:12 #8 0x7f075c8af2d6 in JS::Value::get_method(JS::VM&, JS::PropertyKey const&) const /home/serenity/Userland/Libraries/LibJS/Runtime/Value.cpp:1225:21 #9 0x7f075c2b2ecf in JS::ProxyObject::internal_construct(AK::Span<JS::Value const>, JS::FunctionObject&) /home/serenity/Userland/Libraries/LibJS/Runtime/ProxyObject.cpp:840:17 #10 0x7f075bc622f5 in JS::construct_impl(JS::VM&, JS::FunctionObject&, AK::Span<JS::Value const>, JS::FunctionObject*) /home/serenity/Userland/Libraries/LibJS/Runtime/AbstractOperations.cpp:85:21 #11 0x7f075c2b339d in JS::construct(JS::VM&, JS::FunctionObject&, AK::Span<JS::Value const>, JS::FunctionObject*) /home/serenity/Meta/Lagom/../../Userland/Libraries/LibJS/Runtime/AbstractOperations.h:137:12 #12 0x7f075c2b339d in JS::ProxyObject::internal_construct(AK::Span<JS::Value const>, JS::FunctionObject&) /home/serenity/Userland/Libraries/LibJS/Runtime/ProxyObject.cpp:845:16 #13 0x7f075bc622f5 in JS::construct_impl(JS::VM&, JS::FunctionObject&, AK::Span<JS::Value const>, JS::FunctionObject*) /home/serenity/Userland/Libraries/LibJS/Runtime/AbstractOperations.cpp:85:21 #14 0x7f075c2b339d in JS::construct(JS::VM&, JS::FunctionObject&, AK::Span<JS::Value const>, JS::FunctionObject*) /home/serenity/Meta/Lagom/../../Userland/Libraries/LibJS/Runtime/AbstractOperations.h:137:12 #15 0x7f075c2b339d in JS::ProxyObject::internal_construct(AK::Span<JS::Value const>, JS::FunctionObject&) /home/serenity/Userland/Libraries/LibJS/Runtime/ProxyObject.cpp:845:16 #16 0x7f075bc622f5 in JS::construct_impl(JS::VM&, JS::FunctionObject&, AK::Span<JS::Value const>, JS::FunctionObject*) /home/serenity/Userland/Libraries/LibJS/Runtime/AbstractOperations.cpp:85:21 #17 0x7f075c2b339d in JS::construct(JS::VM&, JS::FunctionObject&, AK::Span<JS::Value const>, JS::FunctionObject*) /home/serenity/Meta/Lagom/../../Userland/Libraries/LibJS/Runtime/AbstractOperations.h:137:12 #18 0x7f075c2b339d in JS::ProxyObject::internal_construct(AK::Span<JS::Value const>, JS::FunctionObject&) /home/serenity/Userland/Libraries/LibJS/Runtime/ProxyObject.cpp:845:16 #19 0x7f075bc622f5 in JS::construct_impl(JS::VM&, JS::FunctionObject&, AK::Span<JS::Value const>, JS::FunctionObject*) /home/serenity/Userland/Libraries/LibJS/Runtime/AbstractOperations.cpp:85:21 #20 0x7f075c2b339d in JS::construct(JS::VM&, JS::FunctionObject&, AK::Span<JS::Value const>, JS::FunctionObject*) /home/serenity/Meta/Lagom/../../Userland/Libraries/LibJS/Runtime/AbstractOperations.h --- repeats
asan.txt
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Found with Fuzzillli
Initial crash
program_20240409121357_B4CA4B4F-CC19-4625-89C0-E913E00C270F_flaky.js.txt
Minified:
Asan output:
asan.txt
The text was updated successfully, but these errors were encountered: