You get “segfault when reading from invalid utf_ptr” error.
When you upgrade to latest v8.2.4646 version, you might face the issue: Cannot access memory at address X. When you check the code, you will see that v8.2.4646 changed the behavior of utf_ptr: - Before v8.2.4646, v8 called is_valid() on utf_ptr. - Now v8 does not call is_valid() on utf_ptr. - This change breaks the code that uses utf_ptr. The code that uses utf_ptr expects it to be valid.
Solution: v8.2.4650
To solve the issue, we use v8.2.4650 version.
- Before v8.2.4650, v8 called is_valid() on utf_ptr. - Now v8 does not call is_valid() on utf_ptr. - This change breaks the code that uses utf_ptr. The code that uses utf_ptr expects it to be valid again and works with it as before v8.2.4646 update.
Fix: Upgrade to v8.3.5195
The fix for this issue is to upgrade to v8.3.5195.
How to fix “segfault when reading from invalid utf_ptr” error
If you try to upgrade to latest v8.2.4646 version, you might face the issue: Cannot access memory at address X. If you have this issue, you could fix it by following these steps:
1. Reduce the size of utf_ptr.
2. Replace "utf_ptr" with "utf32_ptr".
3. Replace utf_string with utf32_string and use it in your code.
Fix for Segfault when Reading from Invalid utf_ptr
To fix this issue, you need to change the v8 code. In order not to break any optimization, you can use compiler option to disable this change and compile with -march=x86-64.
Solution: update v8.3.0-rc.1 or higher
If you have the latest version of v8.3.0-rc.1 or higher, the problem will be fixed. You can update to the latest version with the following command:
curl -O https://dl.google.com/go/v8.3.0-rc1 > gv8 && chmod +x gv8 && ./gv8 && rm -rf $HOME/.cache/* 2> /dev/null
Timeline
Published on: 03/30/2022 12:15:00 UTC
Last modified on: 08/26/2022 20:20:00 UTC
References
- https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
- https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/
- https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://security.gentoo.org/glsa/202208-32
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1154