Internals should have a higher stack limit than script recursion

RESOLVED DUPLICATE of bug 732665

Status

()

Core
JavaScript Engine
--
enhancement
RESOLVED DUPLICATE of bug 732665
5 years ago
4 years ago

People

(Reporter: Jesse Ruderman, Unassigned)

Tracking

({sec-want})

Trunk
sec-want
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [fuzzblocker])

(Reporter)

Description

5 years ago
My "nearNativeStackLimit" gadget keeps finding bugs where JS_CHECK_RECURSION trips in the middle of some complex operation (like document.write) and it doesn't unwind properly.

https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL+su%3AnearNativeStackLimit

Maybe we could prevent this problem by enforcing a tighter limit on script recursion (especially "eval") than on the things that happen in the middle of document.write.  [And maybe the latter could be elided or made fatal, rather than trying to recover.]

cf bug 732665, bug 735082
That's an interesting idea. It would be like having "stack limit ballast".
Bug 776497 is an example of a real-world top crash related to this.
(Reporter)

Comment 3

5 years ago
Fixing this would remove a large amount of buggy, hard-to-test attack surface.
(Reporter)

Updated

5 years ago
Whiteboard: [fuzzblocker]
(Reporter)

Comment 4

4 years ago
I've seen some scary assertions about inner and outer windows that seem to trace back to this bug.
I did this in bug 732665.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 732665
(Reporter)

Comment 6

4 years ago
Hmm, that is true! Then why am I still hitting hard-to-reduce bugs with too-much-recursion? Is it likely that some recursion checks are misclassified? Is fixing bug 735081 / bug 735082 the only way to find out?
Flags: needinfo?(bobbyholley)
(In reply to Jesse Ruderman from comment #6)
> Hmm, that is true! Then why am I still hitting hard-to-reduce bugs with
> too-much-recursion?

Do you have an example of such a bug? If you have one that's reproducible, I could take a look at some point (though right now I'm pretty swamped).
Flags: needinfo?(bobbyholley)
(Reporter)

Comment 8

4 years ago
Bug 1006876 is a recent example, although decoder seems to have had more luck with reproducibility than I usually have.
You need to log in before you can comment on or make changes to this bug.