Closed PotatoesFall closed 1 year ago
@bradleypeabody this is what I've figured out so far:
(il *instructionList) writeValString(s string)
seems to write 4 bytes containing the length of the string, and then the string itself:
func (il *instructionList) writeValString(s string) {
lenstr := len(s)
pos := il.pos
// write length as uint32
binary.BigEndian.PutUint32(il.buf[pos:pos+4], uint32(lenstr))
// copy bytes directly from string into buf
copy(il.buf[pos+4:pos+4+lenstr], s)
il.pos = pos + 4 + lenstr
}
However, in this case it is being called by (il *instructionList) writeSetAttrNSStr(namespace, name, value string) error
:
func (il *instructionList) writeSetAttrNSStr(namespace, name, value string) error {
il.logf("writeSetAttrNSStr[%d](ns=%q, name=%q, value=%q)", opcodeSetAttrNSStr, namespace, name, value)
size := len(namespace) + len(name) + len(value) + 9
err := il.checkLenAndFlush(size)
if err != nil {
return err
}
il.writeValUint8(opcodeSetAttrNSStr)
il.writeValString(namespace)
il.writeValString(name)
il.writeValString(value) // PANIC OCCURS HERE
return nil
}
which adds 9 bytes to the total length of bytes written. I think this needs to be 13 bytes, since we are writing three values plus the opcodeSetAttrNSStr
?
I made this pull request: https://github.com/vugu/vugu/pull/234
Yup, you're absolutely right. Good catch! And sorry for the delay getting back to on this. I'll merge the PR now.
Describe the bug After running smoothly for quite some time, I have an app that is suddenly crashing. Certain actions will trigger a panic with index out of range. This is happening in the
domrender
package in the(*instructionList).writeValString
, stack trace is included at the end.I tried to do some checking but I'm not quite sure I understand the
instructionList
well enough to diagnose what is happening.Software Versions Vugu version: 0.3.4 Go version: 1.18 and 1.19 (both) Browser and version: Firefox (version unclear), Brave 1.42.97 which is based on Chromium: 104.0.5112.102
To Reproduce unfortunately, I cannot reproduce this bug in a simple way, it seems to occur only with a very specify set of data.
Expected behavior I expect there not to be a panic.
Additional Notes
Stack Trace
``` panic: runtime error: slice bounds out of range [:16387] with capacity 16384 wasm_exec.js:51:14