Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FATAL ERROR: v8::ToLocalChecked Empty MaybeLocal #55932

Open
vdata1 opened this issue Nov 20, 2024 · 3 comments · May be fixed by #55942
Open

FATAL ERROR: v8::ToLocalChecked Empty MaybeLocal #55932

vdata1 opened this issue Nov 20, 2024 · 3 comments · May be fixed by #55942
Assignees
Labels
child_process Issues and PRs related to the child_process subsystem. confirmed-bug Issues with confirmed bugs.

Comments

@vdata1
Copy link

vdata1 commented Nov 20, 2024

Version

v22.11.0

Platform

Darwin 23.6.0 Darwin Kernel Version 23.6.0 

I also tested it on Linux machine.

Subsystem

No response

What steps will reproduce the bug?

Hi,

I want to report a node bug. It can reproduced by running the following PoC, node.js gives a FATAL error.

const {spawn} = require('child_process');
Object.defineProperty(Array.prototype, "0", {
  set(){
    console.log(123);
  } 
});
spawn("ls");

Please note that this bug differs from the reported here.

AH.

How often does it reproduce? Is there a required condition?

By just running the given code, node runtime gives node crash.

What is the expected behavior? Why is that the expected behavior?

Not a crash, by looking at the stack trace, it is connected to v8::ToLocalChecked Empty MaybeLocal.

What do you see instead?

FATAL ERROR: v8::ToLocalChecked Empty MaybeLocal

FATAL ERROR: v8::ToLocalChecked Empty MaybeLocal
----- Native stack trace -----

1: 0x10bdd2277 node::OnFatalError(char const*, char const*)
2: 0x10c025171 v8::Utils::ReportApiFailure(char const*, char const*)
3: 0x10bef84cc node::(anonymous namespace)::ProcessWrap::Spawn(v8::FunctionCallbackInfov8::Value const&)
4: 0x10cb21a62 Builtins_CallApiCallbackGeneric [~/node/v22.11.0/bin/node]

----- JavaScript stack trace -----

1: ChildProcess.spawn (node:internal/child_process:395:28)
2: spawn (node:child_process:759:9)
3: ${PATH_TO_POC}
4: node:internal/modules/cjs/loader:1546:14
5: node:internal/modules/cjs/loader:1689:10
6: node:internal/modules/cjs/loader:1318:32
7: node:internal/modules/cjs/loader:1128:12
8: traceSync (node:diagnostics_channel:315:14)
9: wrapModuleLoad (node:internal/modules/cjs/loader:218:24)
10: executeUserEntryPoint (node:internal/modules/run_main:170:5)

Additional information

No response

@RedYetiDev RedYetiDev added confirmed-bug Issues with confirmed bugs. child_process Issues and PRs related to the child_process subsystem. labels Nov 20, 2024
@juanarbol
Copy link
Member

juanarbol commented Nov 20, 2024

Let me work on this one.

Also on 20.5.x.

@juanarbol juanarbol self-assigned this Nov 20, 2024
@juanarbol juanarbol added the v8 engine Issues and PRs related to the V8 dependency. label Nov 21, 2024
@juanarbol
Copy link
Member

juanarbol commented Nov 21, 2024

This is 100% a V8 issue. I'm investigating.

Nevermind, I'm debugging. People won't like the patch and maybe it may open a good discussion around this. Thanks for this interesting issue.

@juanarbol juanarbol removed the v8 engine Issues and PRs related to the V8 dependency. label Nov 21, 2024
juanarbol added a commit to juanarbol/node that referenced this issue Nov 21, 2024
Fixes an issue where malformed or unexpected stdio configurations
could cause crashes or undefined behavior during child process
spawning. This patch ensures robust validation of stdio entries:

Fixes: nodejs#55932
Signed-off-by: Juan José Arboleda <soyjuanarbol@gmail.com>
juanarbol added a commit to juanarbol/node that referenced this issue Nov 21, 2024
Fixes an issue where malformed or unexpected stdio configurations
could cause crashes or undefined behavior during child process
spawning. This patch ensures robust validation of stdio entries:

Fixes: nodejs#55932
Signed-off-by: Juan José Arboleda <soyjuanarbol@gmail.com>
@juanarbol
Copy link
Member

You should not be mutating that :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
child_process Issues and PRs related to the child_process subsystem. confirmed-bug Issues with confirmed bugs.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants