search

synrc / n2o

⭕ N2O: Distributed WebSocket Application Server ISO 20922
https://ws.n2o.dev
Other
1.34k stars 168 forks source link

bert.js int_to_bytes("true") causes node/v8 to crash #314

Closed proger closed 5 years ago

proger commented 5 years ago

Describe the bug Trying to encode strings as numbers causes v8 (node v11.6.0) to crash.

To Reproduce

int_to_bytes("true") // or enc(number("true"))
<--- Last few GCs --->

[52991:0x104003200]    17941 ms: Mark-sweep 577.4 (585.5) -> 577.4 (581.5) MB, 4.9 / 0.0 ms  (average mu = 0.994, current mu = 0.002) last resort GC in old space requested
[52991:0x104003200]    17946 ms: Mark-sweep 577.4 (581.5) -> 577.4 (581.5) MB, 4.1 / 0.0 ms  (average mu = 0.989, current mu = 0.221) last resort GC in old space requested

<--- JS stacktrace --->

==== JS stack trace =========================================

    0: ExitFrame [pc: 0x135aa34fb7d]
Security context: 0x0e8b1a50b161 <JSObject>
    1: int_to_bytes [0xe8bcfcb27b9] [repl:~140] [pc=0x135aa3608cc](this=0x0e8b9e407869 <JSGlobal Object>,0x0e8b1c0ac539 <HeapNumber nan>)
    2: /* anonymous */ [0xe8bcfcc2a21] [repl:1] [bytecode=0xe8bcfcc2749 offset=10](this=0x0e8b9e407869 <JSGlobal Object>)
    3: InternalFrame [pc: 0x135aa30ba89]
    4: EntryFrame [pc: 0x135aa304b3e]
    5: ExitFrame [pc: ...

FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed - JavaScript heap out of memory
 1: 0x100061331 node::Abort() [/usr/local/bin/node]
 2: 0x10006194b node::OnFatalError(char const*, char const*) [/usr/local/bin/node]
 3: 0x10016926f v8::Utils::ReportOOMFailure(v8::internal::Isolate*, char const*, bool) [/usr/local/bin/node]
 4: 0x100169210 v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate*, char const*, bool) [/usr/local/bin/node]
 5: 0x1004249e0 v8::internal::Heap::UpdateSurvivalStatistics(int) [/usr/local/bin/node]
 6: 0x10042aaca v8::internal::Heap::SetUp() [/usr/local/bin/node]
 7: 0x10040b0c3 v8::internal::Factory::AllocateRawWithImmortalMap(int, v8::internal::PretenureFlag, v8::internal::Map*, v8::internal::AllocationAlignment) [/usr/local/bin/node]
 8: 0x10040c235 v8::internal::Factory::NewFixedDoubleArray(int, v8::internal::PretenureFlag) [/usr/local/bin/node]
 9: 0x1003cf59a v8::internal::(anonymous namespace)::ElementsAccessorBase<v8::internal::(anonymous namespace)::FastPackedDoubleElementsAccessor, v8::internal::(anonymous namespace)::ElementsKindTraits<(v8::internal::ElementsKind)4> >::ConvertElementsWithCapacity(v8::internal::Handle<v8::internal::JSObject>, v8::internal::Handle<v8::internal::FixedArrayBase>, v8::internal::ElementsKind, unsigned int, unsigned int, unsigned int, int) [/usr/local/bin/node]
10: 0x1003ce11b v8::internal::(anonymous namespace)::ElementsAccessorBase<v8::internal::(anonymous namespace)::FastPackedDoubleElementsAccessor, v8::internal::(anonymous namespace)::ElementsKindTraits<(v8::internal::ElementsKind)4> >::GrowCapacity(v8::internal::Handle<v8::internal::JSObject>, unsigned int) [/usr/local/bin/node]
11: 0x1005ba163 v8::internal::Runtime_GrowArrayElements(int, v8::internal::Object**, v8::internal::Isolate*) [/usr/local/bin/node]
12: 0x135aa34fb7d 
13: 0x135aa3608cc 
Abort trap: 6