-
Notifications
You must be signed in to change notification settings - Fork 28.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SegFault in process while using inspector #31362
Comments
It's unlikely to be a vulnerability, but if you have a repro, you could post to H1, at https://hackerone.com/nodejs, talk it over with the sec triage team, and we can bring in any v8 experts if that turns out to be necessary. Most likely it'll end up back here in the public, but above is the safe way to have a private conversation about this. |
There is an issue reported about a year ago: #27637, which still reproduces the segfault with the current Node.js v13.6.0 and both Node.js inspector and Chrome 79.0.3945.117 devtools inspector and which even has a fully automated repro... |
I agree, and looking at the issue posted by @Hakerh400 it looks like this might be the same or related.
I will follow your example and see if I can make this automated. Then I think I will post it here in the OP. |
I can reproduce using the code in #27637 but not this one. It crashes inside V8, so I’ll try to get a proper stack trace from a debug build. |
Hm, the test case which I posted faithfully reproduced yesterday, today It does not. I will see if there is something else missing and re-open this if I can find it (and it looks separate from #27637). As you can see both are related to the inspector with a static class field, so there is a chance it is really the same issue. |
While stepping through a specific pattern in code I am reliably able to reproduce a segmentation fault error. I have produced a reduced test case which when run with
--inspect --inspect-brk
always segfaults when I step to a specific line.I do not think this is an exploit, but I think that sometimes a segfault can be used as a security exploit, so I wanted to post here before adding details. What should my next step be? Post the reproduction test case here?See the reproduction below:
The text was updated successfully, but these errors were encountered: