Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERROR: LeakSanitizer: detected memory leaks in quickjs #274

Open
Qbtly opened this issue Apr 10, 2024 · 0 comments · May be fixed by #304
Open

ERROR: LeakSanitizer: detected memory leaks in quickjs #274

Qbtly opened this issue Apr 10, 2024 · 0 comments · May be fixed by #304

Comments

@Qbtly
Copy link

Qbtly commented Apr 10, 2024
edited
Loading

Version

3b45d15

Build platform

Ubuntu 22.04.3

Build steps
CONFIG_ASAN=y make qjs
Test case
//poc1
v1 = '';
v2 = v1.padEnd(2147483620, 0);
//poc2
v1 = '';
v2 = v1.padEnd(2147483620, '0');
Execution steps
./qjs poc.js
Output
//poc1
RangeError: invalid string length
    at padEnd (native)
    at <eval> (/js/poc.js:2)

=================================================================
==3597854==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 18 byte(s) in 1 object(s) allocated from:
    #0 0x56350e75811e in __interceptor_malloc (/quickjs/qjs+0xd211e) (BuildId: 4466830005a83e88bca3c9bb84fc0eb15d5a5115)
    #1 0x56350e879072 in js_def_malloc /quickjs/quickjs.c:1728:11
    #2 0x56350e7aeb02 in js_malloc_rt /quickjs/quickjs.c:1315:12
    #3 0x56350e7aeb02 in js_alloc_string_rt /quickjs/quickjs.c:1894:11
    #4 0x56350e7aeb02 in js_alloc_string /quickjs/quickjs.c:1912:9
    #5 0x56350e7aeb02 in js_new_string8 /quickjs/quickjs.c:3491:11
    #6 0x56350e7aeb02 in JS_NewStringLen /quickjs/quickjs.c:3902:16
    #7 0x56350e7ec17e in JS_NewString /quickjs/quickjs.c:3977:12
    #8 0x56350e7ec17e in JS_ToStringInternal /quickjs/quickjs.c:11739:16
    #9 0x56350ea253ef in JS_ToString /quickjs/quickjs.c:11745:12
    #10 0x56350ea253ef in js_string_pad /quickjs/quickjs.c:42395:13
    #11 0x56350e797cfe in js_call_c_function /quickjs/quickjs.c:16027:19
    #12 0x56350e7f0053 in JS_CallInternal /quickjs/quickjs.c:16209:16
    #13 0x56350e7ff4ad in JS_CallInternal /quickjs/quickjs.c:16616:27
    #14 0x56350e82ba38 in JS_CallFree /quickjs/quickjs.c:18695:19
    #15 0x56350e82ba38 in JS_EvalFunctionInternal /quickjs/quickjs.c:34351:19
    #16 0x56350e855f41 in __JS_EvalInternal /quickjs/quickjs.c:34486:19
    #17 0x56350e82d4e1 in JS_EvalInternal /quickjs/quickjs.c:34504:12
    #18 0x56350e82d4e1 in JS_EvalThis /quickjs/quickjs.c:34535:11
    #19 0x56350e82d4e1 in JS_Eval /quickjs/quickjs.c:34543:12
    #20 0x56350e794143 in eval_buf /quickjs/qjs.c:71:15
    #21 0x56350e7944ae in eval_file /quickjs/qjs.c:103:11
    #22 0x56350e79346f in main /quickjs/qjs.c:516:17
    #23 0x7f3e421d1d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: 18 byte(s) leaked in 1 allocation(s).
//poc2
'RangeError: invalid string length
    at padEnd (native)
    at <eval> (/js/poc.js:2)

=================================================================
==3691592==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 18 byte(s) in 1 object(s) allocated from:
    #0 0x56155185c546 in __interceptor_realloc (/quickjs/qjs+0xd2546) (BuildId: 4466830005a83e88bca3c9bb84fc0eb15d5a5115)
    #1 0x56155197d3dd in js_def_realloc /quickjs/quickjs.c:1766:11
    #2 0x5615518b9afb in js_realloc_rt /quickjs/quickjs.c:1325:12
    #3 0x5615518b9afb in string_buffer_end /quickjs/quickjs.c:3867:15
    #4 0x5615519fd232 in js_parse_string /quickjs/quickjs.c:20447:24
    #5 0x561551a51d63 in next_token /quickjs/quickjs.c:20719:13
    #6 0x561551a8d80c in js_parse_expect /quickjs/quickjs.c:20239:12
    #7 0x561551a8d80c in js_parse_postfix_expr /quickjs/quickjs.c:24859:21
    #8 0x561551aa8f85 in js_parse_unary /quickjs/quickjs.c:25267:13
    #9 0x561551aa8141 in js_parse_expr_binary /quickjs/quickjs.c:25331:16
    #10 0x561551aa817e in js_parse_expr_binary /quickjs/quickjs.c:25355:13
    #11 0x561551aa817e in js_parse_expr_binary /quickjs/quickjs.c:25355:13
    #12 0x561551aa817e in js_parse_expr_binary /quickjs/quickjs.c:25355:13
    #13 0x561551aa817e in js_parse_expr_binary /quickjs/quickjs.c:25355:13
    #14 0x561551aa817e in js_parse_expr_binary /quickjs/quickjs.c:25355:13
    #15 0x561551aa817e in js_parse_expr_binary /quickjs/quickjs.c:25355:13
    #16 0x561551aa817e in js_parse_expr_binary /quickjs/quickjs.c:25355:13
    #17 0x561551aa817e in js_parse_expr_binary /quickjs/quickjs.c:25355:13
    #18 0x561551aa74ff in js_parse_logical_and_or /quickjs/quickjs.c:25500:13
    #19 0x561551aa751d in js_parse_logical_and_or /quickjs/quickjs.c:25503:13
    #20 0x561551aa0603 in js_parse_coalesce_expr /quickjs/quickjs.c:25540:9
    #21 0x561551aa0603 in js_parse_cond_expr /quickjs/quickjs.c:25568:9
    #22 0x561551aa0603 in js_parse_assign_expr2 /quickjs/quickjs.c:25781:9
    #23 0x561551aa1323 in js_parse_assign_expr2 /quickjs/quickjs.c:25792:13
    #24 0x561551a9fc3b in js_parse_expr2 /quickjs/quickjs.c:25888:13
    #25 0x561551a5ecc8 in js_parse_expr /quickjs/quickjs.c:25910:12
    #26 0x561551a5ecc8 in js_parse_statement_or_decl /quickjs/quickjs.c:27219:13
    #27 0x561551a555cf in js_parse_source_element /quickjs/quickjs.c:29418:13
    #28 0x561551959913 in js_parse_program /quickjs/quickjs.c:34298:13
    #29 0x561551959913 in __JS_EvalInternal /quickjs/quickjs.c:34461:11
    #30 0x5615519314e1 in JS_EvalInternal /quickjs/quickjs.c:34504:12
    #31 0x5615519314e1 in JS_EvalThis /quickjs/quickjs.c:34535:11
    #32 0x5615519314e1 in JS_Eval /quickjs/quickjs.c:34543:12
    #33 0x561551898143 in eval_buf /quickjs/qjs.c:71:15
    #34 0x5615518984ae in eval_file /quickjs/qjs.c:103:11
    #35 0x56155189746f in main /quickjs/qjs.c:516:17
    #36 0x7fe555791d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: 18 byte(s) leaked in 1 allocation(s).
GerHobbelt pushed a commit to GerHobbelt/quickjs that referenced this issue May 6, 2024
@bnoordhuis
Better output from JS_ToCString() on exception (bellard#274)
b257545 
`ToString(object)` can fail when there is a pending exception. Add a
special case for exception objects to help debugging. Getting an empty
string when the real error was "InternalError: stack overflow" is rage
inducing.

Fixes: quickjs-ng/quickjs#273
xeioex added a commit to xeioex/quickjs that referenced this issue May 17, 2024
@xeioex
Fix js_string_pad() mem leak
cff5440 
Fixes bellard#274
@xeioex xeioex linked a pull request May 17, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix js_string_pad() mem leak xeioex/quickjs
1 participant
@Qbtly