Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-5769

Large messages crash Node.js client when using TFramedTransport

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.17.0, 0.18.0, 0.18.1, 0.19.0
    • 0.21.0
    • Node.js - Library
    • None

    Description

      Large messages cause Thrift client to crash when using TFramedTransport.

      Crash is caused by array overflow of residual variable in receiver function.

       

      Stack trace for Node.js v21.7.1
      (pinpoints the cause as it is using new version of V8)

      <redacted>/thrift/lib/nodejs/lib/thrift/framed_transport.js:43
      residual.push(data[i])
               ^

RangeError: Invalid array length
    at Array.push (<anonymous>)
    at <redacted>/thrift/lib/nodejs/lib/thrift/framed_transport.js:43:16
    <redacted>

       
      Stack trace for Node.js LTS v20.11.1

      #
# Fatal error in , line 0
# Fatal JavaScript invalid size error 169220804 (see crbug.com/1201626)
#
#
#
#FailureMessage Object: 0x16f48a0f8
----- Native stack trace -----

1: 0x100aad340 node::NodePlatform::GetStackTracePrinter()::$_3::__invoke() [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
2: 0x101b309ac V8_Fatal(char const*, <redacted>) [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
3: 0x100d71334 v8::internal::FactoryBase<v8::internal::Factory>::NewFixedArrayWithFiller(v8::internal::Handle<v8::internal::Map>, int, v8::internal::Handle<v8::internal::Oddball>, v8::internal::AllocationType) [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
4: 0x100f0cf68 v8::internal::(anonymous namespace)::ElementsAccessorBase<v8::internal::(anonymous namespace)::FastPackedSmiElementsAccessor, v8::internal::(anonymous namespace)::ElementsKindTraits<(v8::internal::ElementsKind)0>>::GrowCapacity(v8::internal::Handle<v8::internal::JSObject>, unsigned int) [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
5: 0x101158600 v8::internal::Runtime_GrowArrayElements(int, unsigned long*, v8::internal::Isolate*) [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
6: 0x1014c4c44 Builtins_CEntry_Return1_ArgvOnStack_NoBuiltinExit [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
7: 0x1064cfe9c
8: 0x1064aac88
9: 0x10143c3e4 Builtins_InterpreterEntryTrampoline [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
10: 0x1064aac88
11: 0x10143c3e4 Builtins_InterpreterEntryTrampoline [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
12: 0x10143c3e4 Builtins_InterpreterEntryTrampoline [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
13: 0x10143a50c Builtins_JSEntryTrampoline [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
14: 0x10143a1f4 Builtins_JSEntry [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
15: 0x100d104f8 v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
16: 0x100d0f944 v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
17: 0x100bea214 v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
18: 0x100978fd8 node::InternalMakeCallback(node::Environment*, v8::Local<v8::Object>, v8::Local<v8::Object>, v8::Local<v8::Function>, int, v8::Local<v8::Value>*, node::async_context) [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
19: 0x100979304 node::MakeCallback(v8::Isolate*, v8::Local<v8::Object>, v8::Local<v8::Function>, int, v8::Local<v8::Value>*, node::async_context) [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
20: 0x1009ee554 node::Environment::CheckImmediate(uv_check_s*) [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
21: 0x1014209e0 uv__run_check [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
22: 0x10141a700 uv_run [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
23: 0x100979754 node::SpinEventLoopInternal(node::Environment*) [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
24: 0x100a89c6c node::NodeMainInstance::Run(node::ExitCode*, node::Environment*) [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
25: 0x100a89a08 node::NodeMainInstance::Run() [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
26: 0x100a13718 node::Start(int, char**) [<redacted>/.nvm/versions/node/v20.11.1/bin/node]
27: 0x1a61dff28 start [/usr/lib/dyld]

       

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #2948

          Activity

            People

              tjokimie Tuomo Jokimies
              tjokimie Tuomo Jokimies
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m