0019 CRASH detected in recff_rawset due to a fault at or near 0x00000020dfff807f leading to SIGSEGV

Question

0019 CRASH detected in recff_rawset due to a fault at or near 0x00000020dfff807f leading to SIGSEGV

pwnhacker0x18 opened this issue 2 months ago · comments

                      268: void recff_rawset(J = (jit_State *)<optimized out>, rd = (RecordFFData *)<optimized out>) {

                       |||: /* Local reference: RecordIndex ix = {tabv = {u64 = 0, n = 0, gcr = {gcptr64 = 0}, it64 = 0, {i = 0, it = 0}, ftsz = 0, u32 = {lo = 0, hi = 0}}, keyv = {u64 = 0, n = 0, gcr = {gcptr64 = 0}, it64 = 0, {i = 0, it = 0}, fts... */

                       |||: /* Local reference: jit_State * J = <optimized out>; */

                       269: {

                       270:   RecordIndex ix;

                       271:   ix.tab = J->base[0]; ix.key = J->base[1]; ix.val = J->base[2];

                       |||:

                       ---: }

                       at lj_ffrecord.c:271

poc.txt

Peter Cawley · Answer 1 · Fri May 10 2024 04:39:54 GMT+0800 (China Standard Time)

The poc.txt does not reproduce for me (using git head, 5790d25).

Sergey Kaplun · Answer 2 · Fri May 10 2024 05:04:48 GMT+0800 (China Standard Time)

Looks like a duplicate of #1152. The issue is not reproduced on defe61a ("Rework stack overflow handling.") and leads to the crash right before.