/ View Ticket
DEMO | DOWNLOAD | DEPLOY | SEARCH
Login
Ticket UUID: 3a069014976f3422d9d96821dc555c8326c02ae3
Title: Illegal read in lexer_getchar
Status: Closed Type: Code_Defect
Severity: Critical Priority: Immediate
Subsystem: Javascript Resolution: Fixed
Last Modified: 2018-09-05 17:50:36
Version Found In: 2.4.77 2.0477
User Comments:
mdominiak added on 2018-09-04 11:30:50:
Testcase:
cat testcase | base64 -d | xz -d | ./jsish

where testcase has the following contents
/Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4D6IAEFdAC2Lwhv/7pbgYScUJBi5CPCLlQEEgWkMhtc0
wjPgJXwsxalnsVKNqZxXGyZcSmXgUuzmGx0fY05HNvE87+qbKSsAAAAAAGBmVU44iR61AAFdiX0A
AABWZeZWscRn+wIAAAAABFla

Stack trace (from valgrind):
==32570== Invalid read of size 8
==32570==    at 0x4127FE: lexer_getchar (jsiLexer.c:9)
==32570==    by 0x41316A: jsi_do_regex (jsiLexer.c:238)
==32570==    by 0x413B40: jsi_yylex (jsiLexer.c:439)
==32570==    by 0x413C3C: yylex (jsiLexer.c:463)
==32570==    by 0x4A2A98: yyparse (parser.c:2249)
==32570==    by 0x4A9DE3: jsiNewParser (jsiEval.c:50)
==32570==    by 0x4B3FC3: jsi_evalStrFile (jsiEval.c:2319)
==32570==    by 0x4B4499: Jsi_EvalString (jsiEval.c:2391)
==32570==    by 0x42BFC6: Jsi_Interactive (jsiUtils.c:926)
==32570==    by 0x420F4B: Jsi_Main (jsiInterp.c:674)
==32570==    by 0x553DDA: main (main.c:43)
==32570==  Address 0x30 is not stack'd, malloc'd or (recently) free'd

pcmacdon added on 2018-09-05 17:50:36:
Fixed in commit [3540a61b0033805188b2aa6cd9238b56bed11ed5].
Good find.  Hopefully this is the last such bug in the lexer.