0016 CRASH detected in recff_math_call due to a fault at or near 0x00000020dfff807f leading to SIGSEGV

Question

0016 CRASH detected in recff_math_call due to a fault at or near 0x00000020dfff807f leading to SIGSEGV

pwnhacker0x18 opened this issue 2 months ago · comments

                      634: void recff_math_call(J = (jit_State *)0x7ffff7e533f0, rd = (RecordFFData *)0x7ffff70c0010) {

                       |||: /* Local reference: jit_State * J = 0x7ffff7e533f0; */

                       |||: /* Local reference: RecordFFData * rd = 0x7ffff70c0010; */

                       |||: /* Local reference: TRef tr = <optimized out>; */

                       635: {

                       636:   TRef tr = lj_ir_tonum(J, J->base[0]);

                       |||:


                       ---: }

                       at lj_ffrecord.c:636

poc.txt

Peter Cawley · Answer 1 · Fri May 10 2024 04:37:28 GMT+0800 (China Standard Time)

The poc.txt does not reproduce for me (using git head, 5790d25).

Sergey Kaplun · Answer 2 · Fri May 10 2024 05:04:01 GMT+0800 (China Standard Time)

Looks like a duplicate of #1152. The issue is not reproduced on defe61a ("Rework stack overflow handling.") and leads to the crash right before.