Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix use-after-free #442

Closed
wants to merge 1 commit into from
Closed

Fix use-after-free #442

wants to merge 1 commit into from

Conversation

orgads
Copy link
Contributor

@orgads orgads commented Jan 16, 2024
edited

Fixes #443

@orgads
Copy link
Contributor Author

orgads commented Jan 16, 2024

Actually this doesn't fix the crash.

@orgads
Copy link
Contributor Author

orgads commented Jan 16, 2024

Trace:

pass

Thread 1 "node" received signal SIGSEGV, Segmentation fault.
0x00007efc6846ec24 in ivm::Executor::GetCurrentEnvironment () at ../src/isolate/executor.h:168
168                     static thread_local Executor* current_executor;
(gdb) bt
#0  0x00007efc6846ec24 in ivm::Executor::GetCurrentEnvironment () at ../src/isolate/executor.h:168
#1  ivm::IsolateEnvironment::GetCurrent () at ../src/isolate/environment.h:201
#2  ivm::(anonymous namespace)::ExternalStringOneByte::~ExternalStringOneByte (this=0x7efc683d16c0, __in_chrg=<optimized out>)
    at ../src/external_copy/string.cc:49
#3  ivm::(anonymous namespace)::ExternalStringOneByte::~ExternalStringOneByte (this=0x7efc683d16c0, __in_chrg=<optimized out>)
    at ../src/external_copy/string.cc:52
#4  0x000055d785b8e912 in v8::internal::Heap::ExternalStringTable::TearDown() ()
#5  0x000055d785b8e944 in v8::internal::Heap::TearDownWithSharedHeap() ()
#6  0x000055d785b02553 in v8::internal::Isolate::Deinit() ()
#7  0x000055d785b04fb9 in v8::internal::Isolate::Delete(v8::internal::Isolate*) ()
#8  0x000055d78577af3c in node::NodeMainInstance::~NodeMainInstance() ()
#9  0x000055d7856df9be in node::Start(int, char**) ()
#10 0x00007efc6b2696d1 in libc_start_main_stage2 (main=0x55d78562ac80 <main>, argc=2, argv=0x7ffc898ef5a8) at src/env/__libc_start_main.c:95
#11 0x000055d7856326b1 in _start ()

@orgads
Copy link
Contributor Author

orgads commented Jan 16, 2024

It's use-after-free. I'll open an issue.

@laverdet
Copy link
Owner

The bugs are starting to pile up. I think it'll stay that way until I can find a month or so rethink some architecture given how nodejs and v8 have evolved over the past several years.

@orgads
Copy link
Contributor Author

orgads commented Jan 16, 2024

I didn't give up yet, I'm trying to fix it. I just prefer that it's tracked.

@orgads orgads changed the title Fix crash on async-rentry.js test Fix use-after-free Jan 17, 2024
@orgads
Copy link
Contributor Author

orgads commented Jan 18, 2024

Fixed, please merge.

laverdet added a commit that referenced this pull request Jan 19, 2024
@laverdet
Fix use after free issue
f6cc843 
Fixes #443

This is a different approach on #442. Thank you @orgads for doing the
legwork on tracking down the issue.
@laverdet
Copy link
Owner

Thanks for tracking down the issue. I took a closer look and went with a slightly different approach after understanding the issue further f6cc843

@laverdet laverdet closed this Jan 19, 2024
@orgads orgads deleted the string-crash branch January 20, 2024 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use after free
2 participants
@orgads @laverdet