github
/
boa
mirror of https://github.com/boa-dev/boa.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

fuzzer: bubble up NoInstructionsRemain error instead of trying to handle as exception (#2566) 

Hi,

the `vm-implied` fuzzer panics when executing this testcase:

```javascript
try {
    new function() {
        while (this) {}
    }();
} catch {
}
```

`internal error: entered unreachable code: The NoInstructionsRemain native error cannot be converted to an opaque type`

Handling the `NoInstructionsRemain` error upfront instead of going through the VM exception handling logic seems to work.
pull/2587/head
Mrmaxmeier 2 years ago
parent
9d521f9acf
commit
4aebe39e15
2 changed files with 11 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      boa_engine/src/vm/mod.rs
  2. 4
      fuzz/Cargo.toml

10
boa_engine/src/vm/mod.rs
Unescape View File

@ -10,7 +10,7 @@ use crate::{
Context, JsResult, JsValue,
};
#[cfg(feature = "fuzz")]
use crate::{JsError, JsNativeError};
use crate::{JsError, JsNativeError, JsNativeErrorKind};
use boa_interner::ToInternedString;
use boa_profiler::Profiler;
use std::{convert::TryInto, mem::size_of, time::Instant};
@ -281,6 +281,14 @@ impl Context<'_> {
return Ok((result, ReturnType::Yield));
}
Err(e) => {
#[cfg(feature = "fuzz")]
if let Some(native_error) = e.as_native() {
// If we hit the execution step limit, bubble up the error to the
// (Rust) caller instead of trying to handle as an exception.
if matches!(native_error.kind, JsNativeErrorKind::NoInstructionsRemain) {
return Err(e);
}
}
if let Some(address) = self.vm.frame().catch.last() {
let address = address.next;
let try_stack_entry = self

4
fuzz/Cargo.toml
Unescape View File

@ -10,9 +10,9 @@ cargo-fuzz = true
[dependencies]
libfuzzer-sys = "0.4"
boa_ast = { path = "../boa_ast", features = ["fuzz"] }
boa_ast = { path = "../boa_ast", features = ["arbitrary"] }
boa_engine = { path = "../boa_engine", features = ["fuzz"] }
boa_interner = { path = "../boa_interner", features = ["fuzz"] }
boa_interner = { path = "../boa_interner", features = ["arbitrary"] }
boa_parser = { path = "../boa_parser" }
# Prevent this from interfering with workspaces

Write Preview
Loading…
Cancel
Save