Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stack over flow error during parsing #1427

Closed
hongxuchen opened this issue May 19, 2018 · 5 comments
Closed

stack over flow error during parsing #1427

hongxuchen opened this issue May 19, 2018 · 5 comments

Comments

@hongxuchen
Copy link

We found with our fuzzer a stackoverflow when the input file contains many parentheses.

ASAN:DEADLYSIGNAL
=================================================================
==28915==ERROR: AddressSanitizer: stack-overflow on address 0x7fffad975fb0 (pc 0x55fb67713a27 bp 0x7fffad976050 sp 0x7fffad975f30 T0)
    #0 0x55fb67713a26 in jspeFactor src/jsparse.c:1569
    #1 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #2 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #3 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #4 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #5 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #6 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #7 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #8 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #9 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #10 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #11 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #12 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #13 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #14 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #15 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #16 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #17 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #18 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #19 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #20 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #21 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #22 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #23 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #24 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #25 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #26 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #27 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #28 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #29 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #30 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #31 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #32 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #33 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #34 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #35 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #36 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #37 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #38 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #39 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #40 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #41 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #42 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #43 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #44 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #45 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #46 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #47 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #48 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #49 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #50 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #51 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #52 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #53 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #54 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #55 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #56 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #57 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #58 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #59 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #60 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #61 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #62 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #63 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #64 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #65 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #66 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #67 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #68 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #69 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #70 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #71 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #72 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #73 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #74 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #75 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #76 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #77 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #78 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #79 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #80 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #81 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #82 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #83 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #84 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #85 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #86 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #87 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #88 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #89 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #90 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #91 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #92 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #93 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #94 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #95 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #96 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #97 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #98 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #99 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #100 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #101 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #102 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #103 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #104 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #105 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #106 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #107 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #108 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #109 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #110 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #111 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #112 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #113 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #114 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #115 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #116 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #117 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #118 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #119 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #120 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #121 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #122 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #123 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #124 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #125 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #126 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #127 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #128 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #129 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #130 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #131 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #132 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #133 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #134 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #135 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #136 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #137 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #138 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #139 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #140 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #141 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #142 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #143 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #144 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #145 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #146 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #147 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #148 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #149 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #150 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #151 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #152 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #153 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #154 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #155 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #156 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #157 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #158 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #159 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #160 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #161 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #162 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #163 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #164 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #165 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #166 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #167 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #168 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #169 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #170 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #171 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #172 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #173 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #174 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #175 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #176 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #177 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #178 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #179 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #180 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #181 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #182 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #183 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #184 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #185 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #186 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #187 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #188 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #189 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #190 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #191 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #192 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #193 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #194 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #195 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #196 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #197 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #198 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #199 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #200 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #201 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #202 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #203 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #204 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #205 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #206 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #207 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #208 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #209 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #210 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #211 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #212 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #213 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #214 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #215 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #216 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #217 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #218 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #219 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #220 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #221 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #222 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #223 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #224 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #225 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #226 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #227 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #228 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #229 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #230 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #231 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #232 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #233 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #234 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #235 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #236 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #237 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #238 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #239 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #240 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #241 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #242 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765
    #243 0x55fb67715ac6 in jspeUnaryExpression src/jsparse.c:1791
    #244 0x55fb6771616a in jspeBinaryExpression src/jsparse.c:1919
    #245 0x55fb677163c5 in jspeConditionalExpression src/jsparse.c:1955
    #246 0x55fb67716b01 in jspeAssignmentExpression src/jsparse.c:2020
    #247 0x55fb67713080 in jspeExpressionOrArrowFunction src/jsparse.c:1485
    #248 0x55fb6771407e in jspeFactor src/jsparse.c:1606
    #249 0x55fb67711548 in jspeFactorFunctionCall src/jsparse.c:1200
    #250 0x55fb6771576f in jspePostfixExpression src/jsparse.c:1765

SUMMARY: AddressSanitizer: stack-overflow src/jsparse.c:1569 in jspeFactor
==28915==ABORTING

sample input file:
so_0.txt
@hongxuchen hongxuchen changed the title stack over error stack over flow error during parsing May 19, 2018
@gfwilliams
Copy link
Member

Again, I just get Uncaught Error: Expecting a function to call, got String when running ./espruino ~/Downloads/so_0.txt

Your stack trace shows jspeFactor src/jsparse.c:1606, but if you look at line 1599 right above that recursion there's if (!jspCheckStackPosition()) return 0; - so this should never be able to use past 1MB of the stack (see jsuGetFreeStack).

You can test it by trying something like:

./espruino -e "((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((("

and you get

Uncaught Error: Too much recursion - the stack is about to overflow

@hongxuchen
Copy link
Author

This was triggered still with address sanitizer.

With the input script you provided, the output on my console is:

Uncaught SyntaxError: Unexpected end of Input

@gfwilliams
Copy link
Member

That's odd - I wonder whether jsuGetFreeStack isn't working on your build for some reason? It might explain your errors.

@hongxuchen
Copy link
Author

hongxuchen commented May 19, 2018
edited
Loading

It is caused by an interger underflow where count may be >1000000, causing 1000000-count to be extremely huge.
I added one line to print relevant values in jsuGetFreeStack:

...
base=0x7ffcd7910da0, ptr=0x7ffcd781d2f0, count_usize=998064, final=1936
base=0x7ffcd7910da0, ptr=0x7ffcd781d050, count_usize=998736, final=1264
base=0x7ffcd7910da0, ptr=0x7ffcd781cdb0, count_usize=999408, final=592
base=0x7ffcd7910da0, ptr=0x7ffcd781cb10, count_usize=1000080, final=4294967216
base=0x7ffcd7910da0, ptr=0x7ffcd781c870, count_usize=1000752, final=4294966544
base=0x7ffcd7910da0, ptr=0x7ffcd781c5d0, count_usize=1001424, final=4294965872
...

@gfwilliams
Copy link
Member

Thanks - that was a stupid mistake. Must have just been luck that it worked on mine. It looks like your stack frames are bigger with the AddressSanitizer, so the 512 byte headroom check can sometimes never catch that before it overflows.

@hongxuchen hongxuchen mentioned this issue May 21, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gfwilliams @hongxuchen