You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The bug is reproducible with the latest version of njs.
I minimized the code and NGINX configuration to the smallest
possible to reproduce the issue.
To reproduce
Steps to reproduce the behavior:
$ ./njs ./poc.js
JS script
asyncfunctionparentFunction(){// Called by Promise.resolve().then(() => {});awaitnewPromise(resolve=>setTimeout(resolve,0));// Function to make the scope chain more complexfunctioninnerFunc1(){returnparentFunction;}functioninnerFunc2(){returninnerFunc1;}functioninnerFunc3(){returninnerFunc2;}// Call the functions in sequenceinnerFunc3();innerFunc2();innerFunc1();returninnerFunc1;}parentFunction();
Your NGINX logs here
GDB back trace
$ gdb -nx -q -batch -ex "run ./poc.js" -ex "bt" ./njs 2>&1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
njs_vmcode_function_copy (retidx=20, value=0x55555565c840, vm=0x5555556406d0) at src/njs_vmcode.c:1977
1977 if (!njs_is_valid(retval)) {
#0 njs_vmcode_function_copy (retidx=20, value=0x55555565c840, vm=0x5555556406d0) at src/njs_vmcode.c:1977
#1 njs_vmcode_interpreter (vm=vm@entry=0x5555556406d0, pc=0x55555565ee80 "\nZZZZZZZ@\310eUUU", rval=rval@entry=0x555555660738, promise_cap=promise_cap@entry=0x0, async_ctx=async_ctx@entry=0x0) at src/njs_vmcode.c:1366
#2 0x00005555555b1151 in njs_function_lambda_call (vm=vm@entry=0x5555556406d0, retval=0x555555660738, promise_cap=promise_cap@entry=0x0) at src/njs_function.c:610
#3 0x00005555555b11a8 in njs_function_frame_invoke (vm=vm@entry=0x5555556406d0, retval=<optimized out>) at src/njs_function.c:686
#4 0x0000555555579e2e in njs_vmcode_interpreter (vm=vm@entry=0x5555556406d0, pc=0x55555564b078 "\ryeUUU", rval=rval@entry=0x7fffffffd610, promise_cap=0x55555565ce00, async_ctx=async_ctx@entry=0x555555645e40) at src/njs_vmcode.c:1451
#5 0x00005555555c3092 in njs_await_fulfilled (vm=0x5555556406d0, args=<optimized out>, nargs=<optimized out>, exception=<optimized out>, retval=0x7fffffffd6c0) at src/njs_async.c:91
#6 0x00005555555b11cd in njs_function_native_call (retval=0x55555564bbf0, vm=0x5555556406d0) at src/njs_function.c:647
#7 njs_function_frame_invoke (vm=vm@entry=0x5555556406d0, retval=retval@entry=0x7fffffffd6c0) at src/njs_function.c:683
#8 0x00005555555b1225 in njs_function_call2 (vm=vm@entry=0x5555556406d0, function=<optimized out>, this=<optimized out>, args=<optimized out>, nargs=nargs@entry=1, retval=retval@entry=0x7fffffffd6c0, ctor=0) at src/njs_function.c:515
#9 0x00005555555bf52a in njs_function_call (retval=0x7fffffffd6c0, nargs=1, args=<optimized out>, this=<optimized out>, function=<optimized out>, vm=0x5555556406d0) at src/njs_function.h:164
#10 njs_promise_reaction_job (vm=0x5555556406d0, args=<optimized out>, nargs=<optimized out>, unused=<optimized out>, retval=0x7fffffffd740) at src/njs_promise.c:1089
#11 0x00005555555b11cd in njs_function_native_call (retval=0x55555564bb70, vm=0x5555556406d0) at src/njs_function.c:647
#12 njs_function_frame_invoke (vm=vm@entry=0x5555556406d0, retval=retval@entry=0x7fffffffd740) at src/njs_function.c:683
#13 0x0000555555570fab in njs_vm_invoke (vm=0x5555556406d0, function=<optimized out>, args=<optimized out>, nargs=<optimized out>, retval=retval@entry=0x7fffffffd740) at src/njs_vm.c:630
#14 0x0000555555570fec in njs_vm_call (vm=<optimized out>, function=<optimized out>, args=<optimized out>, nargs=<optimized out>) at src/njs_vm.c:614
#15 0x00005555555711a3 in njs_vm_execute_pending_job (vm=<optimized out>) at src/njs_vm.c:721
#16 0x000055555556a72a in njs_engine_njs_execute_pending_job (engine=<optimized out>) at external/njs_shell.c:1398
#17 0x000055555556932f in njs_process_script (engine=engine@entry=0x55555563e580, console=console@entry=0x55555562ba00 <njs_console>, script=script@entry=0x7fffffffd7d0) at external/njs_shell.c:3358
#18 0x000055555556bd5b in njs_process_file (opts=0x7fffffffd7e0) at external/njs_shell.c:3318
#19 njs_main (opts=0x7fffffffd7e0) at external/njs_shell.c:458
#20 main (argc=<optimized out>, argv=<optimized out>) at external/njs_shell.c:488
Expected behavior
Not Segmentation fault.
Your environment
Version of njs or specific commit: commit 1f8f9992d03e2865f354da3415f8a49931cf2fe8 (HEAD -> master, origin/master, origin/HEAD)
OS: Linux user-desktop 6.8.0-49-generic #49~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Nov 6 17:42:15 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Additional context
This issue is memory bug, so not vuln
The text was updated successfully, but these errors were encountered:
Describe the bug
possible to reproduce the issue.
To reproduce
Steps to reproduce the behavior:
Your NGINX logs here
GDB back trace
Expected behavior
Not Segmentation fault.
Your environment
commit 1f8f9992d03e2865f354da3415f8a49931cf2fe8 (HEAD -> master, origin/master, origin/HEAD)Linux user-desktop 6.8.0-49-generic #49~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Nov 6 17:42:15 UTC 2 x86_64 x86_64 x86_64 GNU/LinuxAdditional context
This issue is memory bug, so not vuln
The text was updated successfully, but these errors were encountered: