Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Two Bugs ( Panic and Stackoverflow) #275

Open
CT-Zer0 opened this issue Mar 31, 2021 · 2 comments
Open

Two Bugs ( Panic and Stackoverflow) #275

CT-Zer0 opened this issue Mar 31, 2021 · 2 comments

Comments

@CT-Zer0
Copy link

CT-Zer0 commented Mar 31, 2021

Hi,

While I was fuzzing this repo, I came across with 2 problems. These are found by go-fuzz

Go Version

go version go1.16.2 linux/amd64

OS Version

Ubuntu 20.04.1 LTS

Bug 1

While parsing (/0AY000p\p/[Symbol.split](/쿽/)) string, it throws panic.

panic: Invalid regular expression (regexp2): 0AY000p\p (error parsing regexp: incomplete \p{X} character escape in 0AY000p\p) [recovered]

My program is:

package main

import "github.com/dop251/goja"
import "fmt"
func main(){

data := `(/0AY000p\p/[Symbol.split](/쿽/))`

fmt.Println("data: ",data)
vm := goja.New()
v, err := vm.RunString(data)
fmt.Println(v)

if err != nil {
    panic(err)
}

}

Bug 2

While parsing "[][g=[]]=g[[]&[]]=g" string, It throws stack overflow error.

runtime: goroutine stack exceeds 1000000000-byte limit
runtime: sp=0xc0201e0368 stack=[0xc0201e0000, 0xc0401e0000]
fatal error: stack overflow

runtime stack:
runtime.throw(0x793d09, 0xe)
        /usr/local/go/src/runtime/panic.go:1117 +0x72
runtime.newstack()
        /usr/local/go/src/runtime/stack.go:1069 +0x7ed
runtime.morestack()
        /usr/local/go/src/runtime/asm_amd64.s:458 +0x8f

goroutine 1 [running]:
github.com/dop251/goja.(*Object).get(0xc000109bf0, 0x7fe710, 0xc00000c2a0, 0x7fe678, 0xc000189170, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:1220 +0x17a fp=0xc0201e0378 sp=0xc0201e0370 pc=0x67325a
github.com/dop251/goja.(*baseObject).getWithOwnProp(0xc00018a480, 0x0, 0x0, 0x7fe710, 0xc00000c2a0, 0x0, 0x0, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:283 +0x19f fp=0xc0201e03c0 sp=0xc0201e0378 pc=0x66c6df
github.com/dop251/goja.(*baseObject).getSym(0xc00018a480, 0xc00000c2a0, 0x0, 0x0, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:317 +0x85 fp=0xc0201e0418 sp=0xc0201e03c0 pc=0x66ca65
github.com/dop251/goja.(*Object).tryExoticToPrimitive(0xc000189170, 0x7fe8d8, 0xb240f0, 0x5bd5b9, 0xc00018a480)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:838 +0x52 fp=0xc0201e04a0 sp=0xc0201e0418 pc=0x670732
github.com/dop251/goja.(*Object).toPrimitiveString(0xc000189170, 0x9d8708, 0x1)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:861 +0x47 fp=0xc0201e04d8 sp=0xc0201e04a0 pc=0x6709e7
github.com/dop251/goja.(*Object).toString(0xc000189170, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/value.go:670 +0x2b fp=0xc0201e0500 sp=0xc0201e04d8 pc=0x6b57eb
github.com/dop251/goja.(*Runtime).arrayproto_join(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:190 +0x3cf fp=0xc0201e0610 sp=0xc0201e0500 pc=0x5c4eaf
github.com/dop251/goja.(*Runtime).arrayproto_join-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:173 +0x51 fp=0xc0201e0660 sp=0xc0201e0610 pc=0x6da711
github.com/dop251/goja.(*Runtime).arrayproto_toString(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:209 +0x174 fp=0xc0201e06e0 sp=0xc0201e0660 pc=0x5c5194
github.com/dop251/goja.(*Runtime).arrayproto_toString-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:204 +0x51 fp=0xc0201e0730 sp=0xc0201e06e0 pc=0x6db551
github.com/dop251/goja.(*Object).tryPrimitive(0xc000189170, 0x7922cb, 0x8, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:786 +0xd2 fp=0xc0201e0778 sp=0xc0201e0730 pc=0x6702b2
github.com/dop251/goja.(*Object).genericToPrimitiveString(0xc000189170, 0x9d8708, 0x403005)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:814 +0x45 fp=0xc0201e07d0 sp=0xc0201e0778 pc=0x670505
github.com/dop251/goja.(*baseObject).toPrimitiveString(0xc00018a480, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:830 +0x2f fp=0xc0201e07f8 sp=0xc0201e07d0 pc=0x67064f
github.com/dop251/goja.(*Object).toPrimitiveString(0xc000189170, 0x9d8708, 0x1)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:865 +0x87 fp=0xc0201e0830 sp=0xc0201e07f8 pc=0x670a27
github.com/dop251/goja.(*Object).toString(0xc000189170, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/value.go:670 +0x2b fp=0xc0201e0858 sp=0xc0201e0830 pc=0x6b57eb
github.com/dop251/goja.(*Runtime).arrayproto_join(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:190 +0x3cf fp=0xc0201e0968 sp=0xc0201e0858 pc=0x5c4eaf
github.com/dop251/goja.(*Runtime).arrayproto_join-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:173 +0x51 fp=0xc0201e09b8 sp=0xc0201e0968 pc=0x6da711
github.com/dop251/goja.(*Runtime).arrayproto_toString(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:209 +0x174 fp=0xc0201e0a38 sp=0xc0201e09b8 pc=0x5c5194
github.com/dop251/goja.(*Runtime).arrayproto_toString-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:204 +0x51 fp=0xc0201e0a88 sp=0xc0201e0a38 pc=0x6db551
github.com/dop251/goja.(*Object).tryPrimitive(0xc000189170, 0x7922cb, 0x8, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:786 +0xd2 fp=0xc0201e0ad0 sp=0xc0201e0a88 pc=0x6702b2
github.com/dop251/goja.(*Object).genericToPrimitiveString(0xc000189170, 0x9d8708, 0x403005)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:814 +0x45 fp=0xc0201e0b28 sp=0xc0201e0ad0 pc=0x670505
github.com/dop251/goja.(*baseObject).toPrimitiveString(0xc00018a480, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:830 +0x2f fp=0xc0201e0b50 sp=0xc0201e0b28 pc=0x67064f
github.com/dop251/goja.(*Object).toPrimitiveString(0xc000189170, 0x9d8708, 0x1)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:865 +0x87 fp=0xc0201e0b88 sp=0xc0201e0b50 pc=0x670a27
github.com/dop251/goja.(*Object).toString(0xc000189170, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/value.go:670 +0x2b fp=0xc0201e0bb0 sp=0xc0201e0b88 pc=0x6b57eb
github.com/dop251/goja.(*Runtime).arrayproto_join(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:190 +0x3cf fp=0xc0201e0cc0 sp=0xc0201e0bb0 pc=0x5c4eaf
github.com/dop251/goja.(*Runtime).arrayproto_join-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:173 +0x51 fp=0xc0201e0d10 sp=0xc0201e0cc0 pc=0x6da711
github.com/dop251/goja.(*Runtime).arrayproto_toString(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:209 +0x174 fp=0xc0201e0d90 sp=0xc0201e0d10 pc=0x5c5194
github.com/dop251/goja.(*Runtime).arrayproto_toString-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:204 +0x51 fp=0xc0201e0de0 sp=0xc0201e0d90 pc=0x6db551
github.com/dop251/goja.(*Object).tryPrimitive(0xc000189170, 0x7922cb, 0x8, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:786 +0xd2 fp=0xc0201e0e28 sp=0xc0201e0de0 pc=0x6702b2
github.com/dop251/goja.(*Object).genericToPrimitiveString(0xc000189170, 0x9d8708, 0x403005)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:814 +0x45 fp=0xc0201e0e80 sp=0xc0201e0e28 pc=0x670505
github.com/dop251/goja.(*baseObject).toPrimitiveString(0xc00018a480, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:830 +0x2f fp=0xc0201e0ea8 sp=0xc0201e0e80 pc=0x67064f
github.com/dop251/goja.(*Object).toPrimitiveString(0xc000189170, 0x9d8708, 0x1)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:865 +0x87 fp=0xc0201e0ee0 sp=0xc0201e0ea8 pc=0x670a27
github.com/dop251/goja.(*Object).toString(0xc000189170, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/value.go:670 +0x2b fp=0xc0201e0f08 sp=0xc0201e0ee0 pc=0x6b57eb
github.com/dop251/goja.(*Runtime).arrayproto_join(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:190 +0x3cf fp=0xc0201e1018 sp=0xc0201e0f08 pc=0x5c4eaf
github.com/dop251/goja.(*Runtime).arrayproto_join-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:173 +0x51 fp=0xc0201e1068 sp=0xc0201e1018 pc=0x6da711
github.com/dop251/goja.(*Runtime).arrayproto_toString(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:209 +0x174 fp=0xc0201e10e8 sp=0xc0201e1068 pc=0x5c5194
github.com/dop251/goja.(*Runtime).arrayproto_toString-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:204 +0x51 fp=0xc0201e1138 sp=0xc0201e10e8 pc=0x6db551
github.com/dop251/goja.(*Object).tryPrimitive(0xc000189170, 0x7922cb, 0x8, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:786 +0xd2 fp=0xc0201e1180 sp=0xc0201e1138 pc=0x6702b2
github.com/dop251/goja.(*Object).genericToPrimitiveString(0xc000189170, 0x9d8708, 0x403005)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:814 +0x45 fp=0xc0201e11d8 sp=0xc0201e1180 pc=0x670505
github.com/dop251/goja.(*baseObject).toPrimitiveString(0xc00018a480, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:830 +0x2f fp=0xc0201e1200 sp=0xc0201e11d8 pc=0x67064f
github.com/dop251/goja.(*Object).toPrimitiveString(0xc000189170, 0x9d8708, 0x1)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:865 +0x87 fp=0xc0201e1238 sp=0xc0201e1200 pc=0x670a27
github.com/dop251/goja.(*Object).toString(0xc000189170, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/value.go:670 +0x2b fp=0xc0201e1260 sp=0xc0201e1238 pc=0x6b57eb
github.com/dop251/goja.(*Runtime).arrayproto_join(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:190 +0x3cf fp=0xc0201e1370 sp=0xc0201e1260 pc=0x5c4eaf
github.com/dop251/goja.(*Runtime).arrayproto_join-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:173 +0x51 fp=0xc0201e13c0 sp=0xc0201e1370 pc=0x6da711
github.com/dop251/goja.(*Runtime).arrayproto_toString(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:209 +0x174 fp=0xc0201e1440 sp=0xc0201e13c0 pc=0x5c5194
github.com/dop251/goja.(*Runtime).arrayproto_toString-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:204 +0x51 fp=0xc0201e1490 sp=0xc0201e1440 pc=0x6db551
github.com/dop251/goja.(*Object).tryPrimitive(0xc000189170, 0x7922cb, 0x8, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:786 +0xd2 fp=0xc0201e14d8 sp=0xc0201e1490 pc=0x6702b2
github.com/dop251/goja.(*Object).genericToPrimitiveString(0xc000189170, 0x9d8708, 0x403005)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:814 +0x45 fp=0xc0201e1530 sp=0xc0201e14d8 pc=0x670505
github.com/dop251/goja.(*baseObject).toPrimitiveString(0xc00018a480, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:830 +0x2f fp=0xc0201e1558 sp=0xc0201e1530 pc=0x67064f
github.com/dop251/goja.(*Object).toPrimitiveString(0xc000189170, 0x9d8708, 0x1)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:865 +0x87 fp=0xc0201e1590 sp=0xc0201e1558 pc=0x670a27
github.com/dop251/goja.(*Object).toString(0xc000189170, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/value.go:670 +0x2b fp=0xc0201e15b8 sp=0xc0201e1590 pc=0x6b57eb
github.com/dop251/goja.(*Runtime).arrayproto_join(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:190 +0x3cf fp=0xc0201e16c8 sp=0xc0201e15b8 pc=0x5c4eaf
github.com/dop251/goja.(*Runtime).arrayproto_join-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:173 +0x51 fp=0xc0201e1718 sp=0xc0201e16c8 pc=0x6da711
github.com/dop251/goja.(*Runtime).arrayproto_toString(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:209 +0x174 fp=0xc0201e1798 sp=0xc0201e1718 pc=0x5c5194
github.com/dop251/goja.(*Runtime).arrayproto_toString-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:204 +0x51 fp=0xc0201e17e8 sp=0xc0201e1798 pc=0x6db551
github.com/dop251/goja.(*Object).tryPrimitive(0xc000189170, 0x7922cb, 0x8, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:786 +0xd2 fp=0xc0201e1830 sp=0xc0201e17e8 pc=0x6702b2
github.com/dop251/goja.(*Object).genericToPrimitiveString(0xc000189170, 0x9d8708, 0x403005)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:814 +0x45 fp=0xc0201e1888 sp=0xc0201e1830 pc=0x670505
github.com/dop251/goja.(*baseObject).toPrimitiveString(0xc00018a480, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:830 +0x2f fp=0xc0201e18b0 sp=0xc0201e1888 pc=0x67064f
github.com/dop251/goja.(*Object).toPrimitiveString(0xc000189170, 0x9d8708, 0x1)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:865 +0x87 fp=0xc0201e18e8 sp=0xc0201e18b0 pc=0x670a27
github.com/dop251/goja.(*Object).toString(0xc000189170, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/value.go:670 +0x2b fp=0xc0201e1910 sp=0xc0201e18e8 pc=0x6b57eb
github.com/dop251/goja.(*Runtime).arrayproto_join(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:190 +0x3cf fp=0xc0201e1a20 sp=0xc0201e1910 pc=0x5c4eaf
github.com/dop251/goja.(*Runtime).arrayproto_join-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:173 +0x51 fp=0xc0201e1a70 sp=0xc0201e1a20 pc=0x6da711
github.com/dop251/goja.(*Runtime).arrayproto_toString(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:209 +0x174 fp=0xc0201e1af0 sp=0xc0201e1a70 pc=0x5c5194
github.com/dop251/goja.(*Runtime).arrayproto_toString-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:204 +0x51 fp=0xc0201e1b40 sp=0xc0201e1af0 pc=0x6db551
github.com/dop251/goja.(*Object).tryPrimitive(0xc000189170, 0x7922cb, 0x8, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:786 +0xd2 fp=0xc0201e1b88 sp=0xc0201e1b40 pc=0x6702b2
github.com/dop251/goja.(*Object).genericToPrimitiveString(0xc000189170, 0x9d8708, 0x403005)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:814 +0x45 fp=0xc0201e1be0 sp=0xc0201e1b88 pc=0x670505
github.com/dop251/goja.(*baseObject).toPrimitiveString(0xc00018a480, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:830 +0x2f fp=0xc0201e1c08 sp=0xc0201e1be0 pc=0x67064f
github.com/dop251/goja.(*Object).toPrimitiveString(0xc000189170, 0x9d8708, 0x1)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:865 +0x87 fp=0xc0201e1c40 sp=0xc0201e1c08 pc=0x670a27
github.com/dop251/goja.(*Object).toString(0xc000189170, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/value.go:670 +0x2b fp=0xc0201e1c68 sp=0xc0201e1c40 pc=0x6b57eb
github.com/dop251/goja.(*Runtime).arrayproto_join(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:190 +0x3cf fp=0xc0201e1d78 sp=0xc0201e1c68 pc=0x5c4eaf
github.com/dop251/goja.(*Runtime).arrayproto_join-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:173 +0x51 fp=0xc0201e1dc8 sp=0xc0201e1d78 pc=0x6da711
github.com/dop251/goja.(*Runtime).arrayproto_toString(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:209 +0x174 fp=0xc0201e1e48 sp=0xc0201e1dc8 pc=0x5c5194
github.com/dop251/goja.(*Runtime).arrayproto_toString-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:204 +0x51 fp=0xc0201e1e98 sp=0xc0201e1e48 pc=0x6db551
github.com/dop251/goja.(*Object).tryPrimitive(0xc000189170, 0x7922cb, 0x8, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:786 +0xd2 fp=0xc0201e1ee0 sp=0xc0201e1e98 pc=0x6702b2
github.com/dop251/goja.(*Object).genericToPrimitiveString(0xc000189170, 0x9d8708, 0x403005)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:814 +0x45 fp=0xc0201e1f38 sp=0xc0201e1ee0 pc=0x670505
github.com/dop251/goja.(*baseObject).toPrimitiveString(0xc00018a480, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:830 +0x2f fp=0xc0201e1f60 sp=0xc0201e1f38 pc=0x67064f
github.com/dop251/goja.(*Object).toPrimitiveString(0xc000189170, 0x9d8708, 0x1)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:865 +0x87 fp=0xc0201e1f98 sp=0xc0201e1f60 pc=0x670a27
github.com/dop251/goja.(*Object).toString(0xc000189170, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/value.go:670 +0x2b fp=0xc0201e1fc0 sp=0xc0201e1f98 pc=0x6b57eb
github.com/dop251/goja.(*Runtime).arrayproto_join(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:190 +0x3cf fp=0xc0201e20d0 sp=0xc0201e1fc0 pc=0x5c4eaf
github.com/dop251/goja.(*Runtime).arrayproto_join-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:173 +0x51 fp=0xc0201e2120 sp=0xc0201e20d0 pc=0x6da711
github.com/dop251/goja.(*Runtime).arrayproto_toString(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:209 +0x174 fp=0xc0201e21a0 sp=0xc0201e2120 pc=0x5c5194
github.com/dop251/goja.(*Runtime).arrayproto_toString-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:204 +0x51 fp=0xc0201e21f0 sp=0xc0201e21a0 pc=0x6db551
github.com/dop251/goja.(*Object).tryPrimitive(0xc000189170, 0x7922cb, 0x8, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:786 +0xd2 fp=0xc0201e2238 sp=0xc0201e21f0 pc=0x6702b2
github.com/dop251/goja.(*Object).genericToPrimitiveString(0xc000189170, 0x9d8708, 0x403005)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:814 +0x45 fp=0xc0201e2290 sp=0xc0201e2238 pc=0x670505
github.com/dop251/goja.(*baseObject).toPrimitiveString(0xc00018a480, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:830 +0x2f fp=0xc0201e22b8 sp=0xc0201e2290 pc=0x67064f
github.com/dop251/goja.(*Object).toPrimitiveString(0xc000189170, 0x9d8708, 0x1)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:865 +0x87 fp=0xc0201e22f0 sp=0xc0201e22b8 pc=0x670a27
github.com/dop251/goja.(*Object).toString(0xc000189170, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/value.go:670 +0x2b fp=0xc0201e2318 sp=0xc0201e22f0 pc=0x6b57eb
github.com/dop251/goja.(*Runtime).arrayproto_join(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:190 +0x3cf fp=0xc0201e2428 sp=0xc0201e2318 pc=0x5c4eaf
github.com/dop251/goja.(*Runtime).arrayproto_join-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:173 +0x51 fp=0xc0201e2478 sp=0xc0201e2428 pc=0x6da711
github.com/dop251/goja.(*Runtime).arrayproto_toString(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:209 +0x174 fp=0xc0201e24f8 sp=0xc0201e2478 pc=0x5c5194
github.com/dop251/goja.(*Runtime).arrayproto_toString-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:204 +0x51 fp=0xc0201e2548 sp=0xc0201e24f8 pc=0x6db551
github.com/dop251/goja.(*Object).tryPrimitive(0xc000189170, 0x7922cb, 0x8, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:786 +0xd2 fp=0xc0201e2590 sp=0xc0201e2548 pc=0x6702b2
github.com/dop251/goja.(*Object).genericToPrimitiveString(0xc000189170, 0x9d8708, 0x403005)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:814 +0x45 fp=0xc0201e25e8 sp=0xc0201e2590 pc=0x670505
github.com/dop251/goja.(*baseObject).toPrimitiveString(0xc00018a480, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:830 +0x2f fp=0xc0201e2610 sp=0xc0201e25e8 pc=0x67064f
github.com/dop251/goja.(*Object).toPrimitiveString(0xc000189170, 0x9d8708, 0x1)
        /home/fuzz/go/src/github.com/dop251/goja/object.go:865 +0x87 fp=0xc0201e2648 sp=0xc0201e2610 pc=0x670a27
github.com/dop251/goja.(*Object).toString(0xc000189170, 0x0, 0x0)
        /home/fuzz/go/src/github.com/dop251/goja/value.go:670 +0x2b fp=0xc0201e2670 sp=0xc0201e2648 pc=0x6b57eb
github.com/dop251/goja.(*Runtime).arrayproto_join(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:190 +0x3cf fp=0xc0201e2780 sp=0xc0201e2670 pc=0x5c4eaf
github.com/dop251/goja.(*Runtime).arrayproto_join-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000189a40)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:173 +0x51 fp=0xc0201e27d0 sp=0xc0201e2780 pc=0x6da711
github.com/dop251/goja.(*Runtime).arrayproto_toString(0xc00010f500, 0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:209 +0x174 fp=0xc0201e2850 sp=0xc0201e27d0 pc=0x5c5194
github.com/dop251/goja.(*Runtime).arrayproto_toString-fm(0x7fe678, 0xc000189170, 0x0, 0x0, 0x0, 0x7fe678, 0xc000109b60)
        /home/fuzz/go/src/github.com/dop251/goja/builtin_array.go:204 +0x51 fp=0xc0201e28a0 sp=0xc0201e2850 pc=0x6db551
...additional frames elided...
exit status 2

My program is:

package main

import "github.com/dop251/goja"
import "fmt"
func main(){

data := `[][g=[]]=g[[]&[]]=g`


fmt.Println("data: ",data)
vm := goja.New()
v, err := vm.RunString(data)
fmt.Println(v)

if err != nil {
    panic(err)
}
}
@dop251
Copy link
Owner

dop251 commented Mar 31, 2021

Hi. Thanks for submitting these. The first one should probably be fixed in regexp2, because the regex should not be considered invalid. The second one is about circular references, and although the ECMAScript standard does not require handling them, it probably should be fixed (maybe even as simple as limiting the maximum depth, since it's not specified).

I consider both relatively low priority and will have a look some time later. Feel free to submit PRs though.

@monkeyWie
Copy link
Contributor

@dop251 Hi boss, any progress on the circular reference issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dop251 @monkeyWie @CT-Zer0