SEGV in vm_loop #5237
Description
JerryScript revision
Build platform
Ubuntu 24.04.2 LTS
Build steps
python3 tools/build.py --debug --lto=off
--compile-flag=-fsanitize=address --compile-flag=-D_POSIX_C_SOURCE=200809 --compile-flag=-Wno-strict-prototypes"Test case
Execution steps
build/bin/jerry --exec-snapshot case.snapshotBacktrace
==110402==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5d4ce354594f at pc 0x5d4ce33aade6 bp 0x7ffc638b7160 sp 0x7ffc638b7150
READ of size 1 at 0x5d4ce354594f thread T0
#0 0x5d4ce33aade5 in vm_loop /home/www/jerryscript/jerry-core/vm/vm.c:1087
#1 0x5d4ce33c96b4 in vm_execute /home/www/jerryscript/jerry-core/vm/vm.c:5296
#2 0x5d4ce33c9e61 in vm_run /home/www/jerryscript/jerry-core/vm/vm.c:5397
#3 0x5d4ce33a7d71 in vm_run_global /home/www/jerryscript/jerry-core/vm/vm.c:286
#4 0x5d4ce345d6c4 in jerry_exec_snapshot /home/www/jerryscript/jerry-core/api/jerry-snapshot.c:1086
#5 0x5d4ce3452d6b in jerryx_source_exec_snapshot /home/www/jerryscript/jerry-ext/util/sources.c:125
#6 0x5d4ce3291b7d in main /home/www/jerryscript/jerry-main/main-desktop.c:203
#7 0x7e553402a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#8 0x7e553402a28a in __libc_start_main_impl ../csu/libc-start.c:360
#9 0x5d4ce3290ee4 in _start (/home/www/jerryscript/cmake-build-asan/bin/jerry+0x73ee4) (BuildId: 431b81918fcc47ee83d0012a1b44a15b4283caae)
Address 0x5d4ce354594f is a wild pointer inside of access range of size 0x000000000001.
SUMMARY: AddressSanitizer: global-buffer-overflow /home/www/jerryscript/jerry-core/vm/vm.c:1087 in vm_loop
Shadow bytes around the buggy address:
0x5d4ce3545680: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x5d4ce3545700: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x5d4ce3545780: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x5d4ce3545800: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x5d4ce3545880: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
=>0x5d4ce3545900: f9 f9 f9 f9 f9 f9 f9 f9 f9[f9]f9 f9 f9 f9 f9 f9
0x5d4ce3545980: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x5d4ce3545a00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x5d4ce3545a80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x5d4ce3545b00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x5d4ce3545b80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==110402==ABORTING