AddressSanitizer:DEADLYSIGNAL
=================================================================
==30==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000002df857f bp 0x7ffd3b43b3d0 sp 0x7ffd3b43b280 T0)
==30==The signal is caused by a READ memory access.
==30==Hint: address points to the zero page.
#0 0x2df857f in v8::internal::JSSegments::Create(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSSegmenter>, v8::internal::Handle<v8::internal::String>) /node_afl/out/../deps/v8/src/objects/js-segments.cc:33:46
#1 0x2d64a2a in v8::internal::Builtin_Impl_SegmenterPrototypeSegment(v8::internal::BuiltinArguments, v8::internal::Isolate*) /node_afl/out/../deps/v8/src/builtins/builtins-intl.cc:1058:3
#2 0x2d64a2a in v8::internal::Builtin_SegmenterPrototypeSegment(int, unsigned long*, v8::internal::Isolate*) /node_afl/out/../deps/v8/src/builtins/builtins-intl.cc:1048:1
#3 0x1c04898 in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit out/Release/obj.target/v8_snapshot/geni/embedded.o
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /node_afl/out/../deps/v8/src/objects/js-segments.cc:33:46 in v8::internal::JSSegments::Create(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSSegmenter>, v8::internal::Handle<v8::internal::String>)
==30==ABORTING
Hi! We've been fuzzing nodejs using
sydr-fuzzand targets for https://github.com/ispras/oss-sydr-fuzz/tree/master/projects/nodejs made by @stasos24.Work environment
OS: Ubuntu 20.04
nodejs version: v16.x 7051ba4
Bug description
Null dereference in
deps/v8/src/objects/js-segments.cc:33:46.Steps to reproduce
Build docker container from https://github.com/ispras/oss-sydr-fuzz/tree/master/projects/nodejs:
Run docker container:
Execute sanitizers built target with input that leads to crash (crash-60e742070198c42e30e6b26ec3d967fbfd088ead.txt
):
You will see the following ouput: