Duktape segfaults

[horacio-penya]

How to reproduce: Open duktape echotest plugin demo. Refresh several times, until janus segfaults.

Versions:

Janus-gateway 0.4.5 (compiled from git 17e5658 )
Ubuntu 18.04
Duktape 2.2.0-3 from ubuntu

Backtrace:

#0  0x00007f8085d4be97 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007f8085d4d801 in __GI_abort () at abort.c:79
#2  0x00007f8079e787e9 in duk_default_fatal_handler (udata=0x0, msg=0x7f8053ffe150 "uncaught: 'cannot push beyond allocated stack'") at plugins/duktape-deps/duktape.c:11480
#3  0x00007f8079e8c2de in duk_fatal_raw (thr=0x556c1b57eb90, err_msg=0x7f8053ffe150 "uncaught: 'cannot push beyond allocated stack'") at plugins/duktape-deps/duktape.c:23158
#4  0x00007f8079ea463b in duk__uncaught_error_aware (thr=0x556c1b57eb90) at plugins/duktape-deps/duktape.c:45342
#5  0x00007f8079ea4687 in duk_err_longjmp (thr=0x556c1b57eb90) at plugins/duktape-deps/duktape.c:45397
#6  0x00007f8079ea4961 in duk_err_create_and_throw (thr=0x556c1b57eb90, code=3, msg=0x7f8079ee9808 "cannot push beyond allocated stack", filename=0x7f8079ee98e8 "plugins/duktape-deps/duktape.c", line=21778)
    at plugins/duktape-deps/duktape.c:45725
#7  0x00007f8079e78430 in duk_err_handle_error (thr=0x556c1b57eb90, filename=0x7f8079ee98e8 "plugins/duktape-deps/duktape.c", line_and_code=50353426, msg=0x7f8079ee9808 "cannot push beyond allocated stack")
    at plugins/duktape-deps/duktape.c:11365
#8  0x00007f8079e786cc in duk_err_range_push_beyond (thr=0x556c1b57eb90, filename=0x7f8079ee98e8 "plugins/duktape-deps/duktape.c", linenumber=21778) at plugins/duktape-deps/duktape.c:11408
#9  0x00007f8079e89e45 in duk_push_thread_raw (thr=0x556c1b57eb90, flags=0) at plugins/duktape-deps/duktape.c:21778
#10 0x00007f8079e72a78 in janus_duktape_handle_message (handle=0x7f803c002a80, transaction=0x7f802c0345c0 "0U3z44JL0Z3i", message=0x7f8038004c50, jsep=0x7f802c02a670) at plugins/janus_duktape.c:1878
#11 0x0000556c197267b1 in janus_process_incoming_request (request=0x7f803801b6d0) at janus.c:1327
#12 0x0000556c1973077c in janus_transport_task (data=0x7f803801b6d0, user_data=0x0) at janus.c:2596
#13 0x00007f80876bf850 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x00007f80876bee85 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#15 0x00007f80861056db in start_thread (arg=0x7f8053fff700) at pthread_create.c:463
#16 0x00007f8085e2e88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

[lminiero]

I don't know what you mean by "Duktape 2.2.0-3 from ubuntu", the duktape code is provided with Janus itself.

[horacio-penya]

Didn't know that, I just uninstalled duktape from ubuntu and recompiled, same thing happens.

Thanks!

[lminiero]

Sorry, not familiar enough with the Duktape internals to figure out what may be wrong.

[lminiero]

This commit makes sure we do a duk_pop(duktape_ctx) after each thread/coroutine ends: my guess is that, since we were not doing this before, we were basically overflowing the heap space Duktape uses for variables and other stuff after a while. It seems to fix the issue for me: I could replicate the crash by refreshing the Duktape EchoTest demo ~15 times, and now I can't anymore.