Null dereference in `deps/v8/src/objects/js-segments.cc:33:46`

Hi! We've been fuzzing nodejs using `sydr-fuzz` and targets for https://github.com/ispras/oss-sydr-fuzz/tree/master/projects/nodejs made by @stasos24.

### Work environment

OS: Ubuntu 20.04
nodejs version: v16.x 7051ba4501883955daa6bf8e442fef0c32aa5ea3

### Bug description

Null dereference in `deps/v8/src/objects/js-segments.cc:33:46`.

### Steps to reproduce

1. Build docker container from https://github.com/ispras/oss-sydr-fuzz/tree/master/projects/nodejs:

        sudo docker build -t oss-sydr-fuzz-nodejs .

2. Run docker container:

        sudo docker run --privileged --network host -v /etc/localtime:/etc/localtime:ro --rm -it -v $PWD:/fuzz oss-sydr-fuzz-nodejs /bin/bash

3. Execute sanitizers built target with input that leads to crash ([crash-60e742070198c42e30e6b26ec3d967fbfd088ead.txt](https://github.com/nodejs/node/files/9921008/crash-60e742070198c42e30e6b26ec3d967fbfd088ead.txt)
):

        /v8_compile_afl < crash-60e742070198c42e30e6b26ec3d967fbfd088ead.txt

4. You will see the following ouput:

        AddressSanitizer:DEADLYSIGNAL
        =================================================================
        ==30==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000002df857f bp 0x7ffd3b43b3d0 sp 0x7ffd3b43b280 T0)
        ==30==The signal is caused by a READ memory access.
        ==30==Hint: address points to the zero page.
            #0 0x2df857f in v8::internal::JSSegments::Create(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSSegmenter>, v8::internal::Handle<v8::internal::String>) /node_afl/out/../deps/v8/src/objects/js-segments.cc:33:46
            #1 0x2d64a2a in v8::internal::Builtin_Impl_SegmenterPrototypeSegment(v8::internal::BuiltinArguments, v8::internal::Isolate*) /node_afl/out/../deps/v8/src/builtins/builtins-intl.cc:1058:3
           #2 0x2d64a2a in v8::internal::Builtin_SegmenterPrototypeSegment(int, unsigned long*, v8::internal::Isolate*) /node_afl/out/../deps/v8/src/builtins/builtins-intl.cc:1048:1
           #3 0x1c04898 in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit out/Release/obj.target/v8_snapshot/geni/embedded.o

        AddressSanitizer can not provide additional info.
        SUMMARY: AddressSanitizer: SEGV /node_afl/out/../deps/v8/src/objects/js-segments.cc:33:46 in v8::internal::JSSegments::Create(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSSegmenter>, v8::internal::Handle<v8::internal::String>)
        ==30==ABORTING
 


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Null dereference in `deps/v8/src/objects/js-segments.cc:33:46` #45283

Work environment

Bug description

Steps to reproduce

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Null dereference in deps/v8/src/objects/js-segments.cc:33:46 #45283

Description

Work environment

Bug description

Steps to reproduce

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Null dereference in `deps/v8/src/objects/js-segments.cc:33:46` #45283