parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jerryscript | Jerryscript | 2.2.0 (including) | 2.2.0 (including) |
| Iotjs | Ubuntu | bionic | * |
| Iotjs | Ubuntu | groovy | * |
| Iotjs | Ubuntu | hirsute | * |
| Iotjs | Ubuntu | impish | * |
| Iotjs | Ubuntu | trusty | * |
| Iotjs | Ubuntu | upstream | * |
Potential Mitigations
References
- https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24
- https://github.com/jerryscript-project/jerryscript/issues/3786
- https://github.com/jerryscript-project/jerryscript/issues/3788
- https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24
- https://github.com/jerryscript-project/jerryscript/issues/3786
- https://github.com/jerryscript-project/jerryscript/issues/3788