code-google-com / pyv8

Automatically exported from code.google.com/p/pyv8
0 stars 0 forks source link

New function to modify the maximum call stack size limit #223

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Hi! 

I
started using PyV8 in my tool peepdf
(https://code.google.com/p/peepdf/). I found an error while I was trying to 
analyze a new
PDF exploit 
(http://www.fireeye.com/blog/technical/cyber-exploits/2013/12/cve-2013-33465065-
technical-analysis.html).
It contains Javascript code encoded with jjencode
(http://utf-8.jp/public/jjencode.html) and when I try to execute it with
PyV8 I have this error:

RangeError: Maximum call stack size exceeded

I have been reading about this error and it seems that it is due to the
fact that a high number of arguments are pushed to the stack, reaching
the limit. I have tested changing the stack limit with V8 as suggested
here (http://fw.hardijzer.nl/?p=97) and then it works like a charm. So I
think that the solution for this error could be creating a new function
(if it does not exist yet) to change that limit from the PyV8 code. I
have found this change that you added some time ago
(https://code.google.com/p/pyv8/source/detail?r=366) and I think that
this should be really similar to that, adding the missing function
set_stack_limit, because I think the others are already there:

> ResourceConstraints::ResourceConstraints()
>   : max_young_space_size_(0),
>     max_old_space_size_(0),
>     max_executable_size_(0),
>     stack_limit_(NULL) { }

With node.js is possible to do this
(https://code.google.com/p/v8/issues/detail?id=2896), so I was thinking
that maybe adding this to PyV8 could be useful.

I am attaching the malicious JS code which is causing the error
(password is "test", without quotes). This code should trigger the
exception:

>>>> import PyV8
>>>> context = PyV8.JSContext()
>>>> context.enter()
>>>> context.eval(open('3_oneline.js','r').read())
> Traceback (most recent call last):
>   File "<stdin>", line 1, in <module>
> IndexError: RangeError: Maximum call stack size exceeded (  @ 0 : -1 )  -> 

Thanks!

Original issue reported on code.google.com by josemigu...@gmail.com on 19 Jan 2014 at 11:57

Attachments:

GoogleCodeExporter commented 9 years ago
BTW, I cannot change the Type-Defect, but I consider this as a new 
feature/function request, because I have already taken a look at other defect 
issues related to this error.

Original comment by josemigu...@gmail.com on 20 Jan 2014 at 12:00

GoogleCodeExporter commented 9 years ago
I will woking on it later :)

Original comment by flier...@gmail.com on 29 Jan 2014 at 6:36

GoogleCodeExporter commented 9 years ago
Please use JSEngine.setStackLimit with SVN trunk code after r574

https://code.google.com/p/pyv8/source/browse/trunk/PyV8.py#2241

Original comment by flier...@gmail.com on 29 Jan 2014 at 8:42

GoogleCodeExporter commented 9 years ago
Thanks a lot for adding the function! :) You can add peepdf 
(http://eternal-todo.com/tools/peepdf-pdf-analysis-tool) as another project 
using PyV8 ;)

Original comment by josemigu...@gmail.com on 2 Feb 2014 at 7:50