RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 22:37:36 +00:00
Code Issues Activity Actions

LibJS: Prevent stack overflow in flatten_into_array()

Browse source 
The check for stack space in VM from push_execution_context has been
moved to a method on VM called did_reach_stack_space_limit. This
allows us to check the stack size in other places besides
push_execution_context.

We can now verify that we have enough space on the stack before calling
flatten_into_array to ensure that we don't cause a stack overflow error
when calling the function with a large depth.
This commit is contained in:
Robert Stefanic 2021-08-13 12:59:57 -04:00 committed by Linus Groh
parent da51b8f39d
commit e26cfd313e
3 changed files with 22 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Userland/Libraries/LibJS/Tests/builtins/Array/Array.prototype.flat.js
View file

@ -2,6 +2,16 @@ test("length is 0", () => {
expect(Array.prototype.flat).toHaveLength(0);
});
describe("error", () => {
test("Issue #9317, stack overflow in flatten_into_array from flat call", () => {
var a = [];
a[0] = a;
expect(() => {
a.flat(3893232121);
}).toThrowWithMessage(Error, "Call stack size limit exceeded");
});
});
describe("normal behavior", () => {
test("basic functionality", () => {
var array1 = [1, 2, [3, 4]];