Artifact ID: e70719414332f2e9cb3fdaac0fff9973dfb1948a
Ticket: a86dc1c04b93e9d5953e784a2a21b32c0428db6b
Heap use after free in Jsi_ObjFree
User & Date: mdominiak 2018-10-11 09:51:51

  1. Change foundin to "2.5.16 2.0516"
  2. Change icomment to:

    Testcase: cat testcase | ./jsish where testcase has the following contents: x=/0/

    Result: The code seems to run fine, but tools like ASan or valgrind report a use after free error: ==29391==ERROR: AddressSanitizer: heap-use-after-free on address 0x608000002ce8 at pc 0x0000004e84cc bp 0x7fffad8e73b0 sp 0x7fffad8e73a8 READ of size 4 at 0x608000002ce8 thread T0 #0 0x4e84cb in Jsi_ObjFree src/jsiObj.c:230 #1 0x4e935c in Jsi_ObjDecrRefCount src/jsiObj.c:344 #2 0x437f01 in ValueFree src/jsiValue.c:171 #3 0x4380f9 in Jsi_ValueFree src/jsiValue.c:195 #4 0x437bd3 in Jsi_DecrRefCount src/jsiValue.c:50 #5 0x4ad764 in Jsi_OptionsFree src/jsiOptions.c:1317 #6 0x459d5e in jsiInterpDelete src/jsiInterp.c:1746 #7 0x45ae49 in Jsi_EventuallyFree src/jsiInterp.c:1846 #8 0x45a8e5 in Jsi_InterpDelete src/jsiInterp.c:1800 #9 0x8bafb7 in main src/main.c:45

  3. Change login to "mdominiak"
  4. Change mimetype to "text/x-fossil-plain"
  5. Change private_contact to "10a0dbaf9eda8ef38517a5d6019c473b92e9a550"
  6. Change severity to "Critical"
  7. Change status to "Open"
  8. Change title to "Heap use after free in Jsi_ObjFree"
  9. Change type to "Code_Defect"