Hi, looking at upstream patch [1], it seems that iotjs 1.0-1 isn't affected by this security issue: there is no `(*(++stack_top_p))` anywhere. Cheers, Xavier [1]: https://github.com/jerryscript-project/jerryscript/pull/3867/files