From 96ec9d20b159329f72904ed39cfa6402652ae564 Mon Sep 17 00:00:00 2001 From: Dmitry Volyntsev Date: Tue, 28 Feb 2023 00:26:45 -0800 Subject: [PATCH] Fixed attaching of a stack to an error object. This problem is similar to previous commits. When njs_error_stack_attach() accepted the value as a pointer to vm->retval that value might be changed as a side effert of njs_error_stack_new() evaluation. This may result in a garbage value for njs_object(value) expression. The workaround fix is to make a copy of vm->retval to ensure its intergrity and to preserve it as a retval. The proper fix is to eliminate vm->retval altogether. This fixes #612, #613, #616 issues on Github. --- src/njs_vmcode.c | 7 ++++++- src/test/njs_unit_test.c | 6 ++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/njs_vmcode.c b/src/njs_vmcode.c index 9181adb2..31a261c8 100644 --- a/src/njs_vmcode.c +++ b/src/njs_vmcode.c @@ -1824,7 +1824,12 @@ error: if (njs_is_error(&vm->retval)) { vm->active_frame->native.pc = pc; - (void) njs_error_stack_attach(vm, &vm->retval); + + /* TODO: get rid of copying. */ + + njs_value_assign(&dst, &vm->retval); + (void) njs_error_stack_attach(vm, &dst); + njs_value_assign(&vm->retval, &dst); } for ( ;; ) { diff --git a/src/test/njs_unit_test.c b/src/test/njs_unit_test.c index 46a0ea88..beb2cea6 100644 --- a/src/test/njs_unit_test.c +++ b/src/test/njs_unit_test.c @@ -23122,6 +23122,12 @@ static njs_unit_test_t njs_backtraces_test[] = { njs_str("function f(n) { if (n == 0) { throw 'a'; } return f(n-1); }; f(2)"), njs_str("a") }, + { njs_str("Object.defineProperty(Function.__proto__, 'name', {get() { typeof 1;}});" + "(new Uint8Array()).every()"), + njs_str("TypeError: callback argument is not callable\n" + " at TypedArray.prototype.every (native)\n" + " at main (:1)\n") }, + /* line numbers */ { njs_str("/**/(function(){throw Error();})()"), -- 2.47.3