Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault when calling isolate.dispose while the isolated code is blocked by applySyncPromise #333

Closed
DanielKag opened this issue Dec 19, 2022 · 2 comments
Closed

Segmentation fault when calling isolate.dispose while the isolated code is blocked by applySyncPromise #333

DanielKag opened this issue Dec 19, 2022 · 2 comments

Comments

@DanielKag
Copy link

Hello,
We start getting segmentation faults after upgrading isolated-vm to 4.4.2
4.4.1 works fine

We see the error when we use isolate.dispose() while the isolated code is blocked applySyncPromise.

Minimal code to reproduce the segmentation fault:

Files

package.json:

{
  "name": "isolated-test",
  "version": "1.0.0",
  "main": "index.js",
  "license": "MIT",
  "dependencies": {
    "isolated-vm": "4.4.2",
    "lodash": "^4.17.20",
    "segfault-handler": "^1.3.0"
  }
}

index.js

const ivm = require('isolated-vm')

const SegfaultHandler = require('segfault-handler')
SegfaultHandler.registerHandler('./segCrash.log')

const run = async () => {

    const isolate = new ivm.Isolate()
    const context = await isolate.createContext()

    await context.evalClosure(
        // language=JavaScript
        `
            globalThis.foo = () => {
                return $0.applySyncPromise(null, [])
            }
        `,
        [
            async () => {
                isolate.dispose()
                await new Promise(resolve => setTimeout(resolve, 0)) // segfault is not reproduced without this setTimeout
            }
        ],
        { arguments: { reference: true } }
    )

    const foo = await context.global.get('foo', { reference: true })
    await foo.apply(
        null,
        [new ivm.ExternalCopy({url: 'url'}).copyInto({ release: true })]
    )
    
}
run().catch(console.log)

Tested with node: 16.14.0 & 14.19.1

Errors

Error in nodejs 14.19.1:

Error: Isolate was disposed during execution
    at (<isolated-vm boundary>)
    at run (/Users/danielk/repos/test-isolated-vm/index.js:28:15)
0   segfault-handler.node               0x000000010fe580ba _ZL16segfault_handleriP9__siginfoPv + 298
1   libsystem_platform.dylib            0x00007ff815e7fe2d _sigtramp + 29
2   node                                0x00000001006521dc _ZN2v88internal10ParserBaseINS0_6ParserEE35DoParseMemberExpressionContinuationEPNS0_10ExpressionE + 300
3   node                                0x0000000100272038 _ZN2v88internal25FunctionCallbackArguments4CallENS0_15CallHandlerInfoE + 616
4   node                                0x00000001002715cc _ZN2v88internal12_GLOBAL__N_119HandleApiCallHelperILb0EEENS0_11MaybeHandleINS0_6ObjectEEEPNS0_7IsolateENS0_6HandleINS0_10HeapObjectEEESA_NS8_INS0_20FunctionTemplateInfoEEENS8_IS4_EENS0_16BuiltinArgumentsE + 524
5   node                                0x0000000100270d32 _ZN2v88internalL26Builtin_Impl_HandleApiCallENS0_16BuiltinArgumentsEPNS0_7IsolateE + 258
6   node                                0x0000000100a8e8b9 Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit + 57
[1]    70734 segmentation fault  node index.js

Error in nodejs 16.14.0:

Error: Isolate was disposed during execution
    at (<isolated-vm boundary>)
    at run (/Users/danielk/repos/test-isolated-vm/index.js:28:15)
PID 63005 received SIGSEGV for address: 0x0
0   segfault-handler.node               0x0000000104f5d34c _ZL16segfault_handleriP9__siginfoPv + 288
1   libsystem_platform.dylib            0x00000001c033c4e4 _sigtramp + 56
2   isolated_vm.node                    0x000000010d34865c _ZN3ivm11ApplyRunner13AsyncCallbackERKN2v820FunctionCallbackInfoINS1_5ValueEEE + 308
3   node                                0x00000001008add30 _ZN2v88internal25FunctionCallbackArguments4CallENS0_15CallHandlerInfoE + 276
4   node                                0x00000001008ad828 _ZN2v88internal12_GLOBAL__N_119HandleApiCallHelperILb0EEENS0_11MaybeHandleINS0_6ObjectEEEPNS0_7IsolateENS0_6HandleINS0_10HeapObjectEEESA_NS8_INS0_20FunctionTemplateInfoEEENS8_IS4_EENS0_16BuiltinArgumentsE + 468
5   node                                0x00000001008ad0b4 _ZN2v88internal21Builtin_HandleApiCallEiPmPNS0_7IsolateE + 228
6   node                                0x0000000100fedb8c Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit + 108
7   node                                0x0000000100f816d8 Builtins_InterpreterEntryTrampoline + 248
8   node                                0x0000000101035b78 Builtins_PromiseFulfillReactionJob + 56
9   node                                0x0000000100fa30b4 Builtins_RunMicrotasks + 596
10  node                                0x0000000100f7f3a4 Builtins_JSRunMicrotasksEntry + 164
11  node                                0x0000000100950ce4 _ZN2v88internal12_GLOBAL__N_16InvokeEPNS0_7IsolateERKNS1_12InvokeParamsE + 2332
12  node                                0x0000000100951118 _ZN2v88internal12_GLOBAL__N_118InvokeWithTryCatchEPNS0_7IsolateERKNS1_12InvokeParamsE + 88
13  node                                0x0000000100951204 _ZN2v88internal9Execution16TryRunMicrotasksEPNS0_7IsolateEPNS0_14MicrotaskQueueEPNS0_11MaybeHandleINS0_6ObjectEEE + 64
14  node                                0x0000000100973e40 _ZN2v88internal14MicrotaskQueue13RunMicrotasksEPNS0_7IsolateE + 336
15  node                                0x00000001009746d4 _ZN2v88internal14MicrotaskQueue17PerformCheckpointEPNS_7IsolateE + 124
16  node                                0x000000010063edb4 _ZN4node21InternalCallbackScope5CloseEv + 388
17  node                                0x000000010063e7c4 _ZN4node21InternalCallbackScopeD1Ev + 20
18  node                                0x000000010069b0bc _ZN4node11Environment9RunTimersEP10uv_timer_s + 452
19  node                                0x0000000100f60570 uv__run_timers + 40
20  node                                0x0000000100f635b0 uv_run + 164
21  node                                0x000000010063fccc _ZN4node13SpinEventLoopEPNS_11EnvironmentE + 244
22  node                                0x000000010072b440 _ZN4node16NodeMainInstance3RunEPiPNS_11EnvironmentE + 120
23  node                                0x000000010072b10c _ZN4node16NodeMainInstance3RunEPKNS_16EnvSerializeInfoE + 120
24  node                                0x00000001006c4080 _ZN4node5StartEiPPc + 184
25  dyld                                0x0000000104fc90f4 start + 520
[1]    63005 segmentation fault  node index.js
@DanielKag DanielKag changed the title Segmentation fault when calling isolate.dispose while script is running in isolation Segmentation fault when calling isolate.dispose while the isolated code is blocked by applySyncPromise Dec 19, 2022
@DanielKag DanielKag changed the title Segmentation fault when calling isolate.dispose while the isolated code is blocked by applySyncPromise Segmentation fault when calling isolate.dispose while the isolated code is blocked by applySyncPromise Dec 19, 2022
@laverdet
Copy link
Owner

Thanks for the report, and for the clear reproduction case. If you have the ability to test the latest revision on your actual application let me know if it works.

Also while this wasn't relevant here you should know that segfault-handler should not be used with isolated-vm. See: ddopson/segfault-handler#49

@DanielKag
Copy link
Author

Appreciate your (VERY) quick response and fix.
Please let me know when the new version (4.4.3) will be published so I can test it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@laverdet @DanielKag