kotovalexarian-likes-github
/
mini_racer
mirror of https://github.com/rubyjs/mini_racer
1
0
Fork 0
Code Releases Activity

FEATURE: Configurable max marshal stack depth (#202) 

`marshal_stack_depth` can be used to determine how deep objects are allowed to be when marshalling JS to Ruby objects in evals.
This commit is contained in:
seanmakesgames 2021-05-12 23:08:22 -07:00 committed by GitHub
parent a2feab01f3
commit 5274ab4c30
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 222 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -10,3 +10,4 @@ Gemfile.lock
lib/mini_racer_extension.so
lib/mini_racer_loader.so
*.bundle
.vscode/

13
README.md
View File

@ -85,6 +85,19 @@ context.eval 'var a = new Array(10000); while(true) {a = a.concat(new Array(1000
# => V8OutOfMemoryError is raised
```
### Object marshal max stackdepth support
Contexts can specify a stack depth limit for object marshalling. Max depth is unbounded by default.
```ruby
# terminates script if stack depth exceeds max during marshal
context = MiniRacer::Context.new(marshal_stack_depth: 500)
context.attach("a", proc{|a| a})
context.eval("let arr = []; arr.push(arr); a(arr)")
# => RuntimeError is raised
```
### Rich debugging with "filename" support
```ruby

152
ext/mini_racer_extension/mini_racer_extension.cc
View File

@ -115,6 +115,7 @@ typedef struct {
useconds_t timeout;
EvalResult* result;
size_t max_memory;
size_t marshal_stackdepth;
} EvalParams;
typedef struct {
@ -126,6 +127,7 @@ typedef struct {
Local<Value> *argv;
EvalResult result;
size_t max_memory;
size_t marshal_stackdepth;
} FunctionCall;
class IsolateData {
@ -136,16 +138,27 @@ public:
IN_GVL, // whether we are inside of ruby gvl or not
DO_TERMINATE, // terminate as soon as possible
MEM_SOFTLIMIT_REACHED, // we've hit the memory soft limit
MEM_SOFTLIMIT_VALUE,
MEM_SOFTLIMIT_MAX, // maximum memory value
MARSHAL_STACKDEPTH_REACHED, // we've hit our max stack depth
MARSHAL_STACKDEPTH_VALUE, // current stackdepth
MARSHAL_STACKDEPTH_MAX, // maximum stack depth during marshal
};
static void Init(Isolate *isolate) {
// zero out all fields in the bitfield
isolate->SetData(0, 0);
}
static uintptr_t Get(Isolate *isolate, Flag flag) {
Bitfield u = { reinterpret_cast<uint64_t>(isolate->GetData(0)) };
switch (flag) {
case IN_GVL: return u.IN_GVL;
case DO_TERMINATE: return u.DO_TERMINATE;
case MEM_SOFTLIMIT_REACHED: return u.MEM_SOFTLIMIT_REACHED;
case MEM_SOFTLIMIT_VALUE: return u.MEM_SOFTLIMIT_VALUE << 10;
case MEM_SOFTLIMIT_MAX: return u.MEM_SOFTLIMIT_MAX << 10;
case MARSHAL_STACKDEPTH_REACHED: return u.MARSHAL_STACKDEPTH_REACHED;
case MARSHAL_STACKDEPTH_VALUE: return u.MARSHAL_STACKDEPTH_VALUE;
case MARSHAL_STACKDEPTH_MAX: return u.MARSHAL_STACKDEPTH_MAX;
}
}
@ -156,7 +169,10 @@ public:
case DO_TERMINATE: u.DO_TERMINATE = value; break;
case MEM_SOFTLIMIT_REACHED: u.MEM_SOFTLIMIT_REACHED = value; break;
// drop least significant 10 bits 'store memory amount in kb'
case MEM_SOFTLIMIT_VALUE: u.MEM_SOFTLIMIT_VALUE = value >> 10; break;
case MEM_SOFTLIMIT_MAX: u.MEM_SOFTLIMIT_MAX = value >> 10; break;
case MARSHAL_STACKDEPTH_REACHED: u.MARSHAL_STACKDEPTH_REACHED = value; break;
case MARSHAL_STACKDEPTH_VALUE: u.MARSHAL_STACKDEPTH_VALUE = value; break;
case MARSHAL_STACKDEPTH_MAX: u.MARSHAL_STACKDEPTH_MAX = value; break;
}
isolate->SetData(0, reinterpret_cast<void*>(u.dataPtr));
}
@ -174,15 +190,88 @@ private:
// order in this struct matters. For cpu performance keep larger subobjects
// aligned on their boundaries (8 16 32), try not to straddle
struct {
size_t MEM_SOFTLIMIT_VALUE:22;
size_t MEM_SOFTLIMIT_MAX:22;
bool IN_GVL:1;
bool DO_TERMINATE:1;
bool MEM_SOFTLIMIT_REACHED:1;
bool MARSHAL_STACKDEPTH_REACHED:1;
uint8_t :0; // align to next 8bit bound
size_t MARSHAL_STACKDEPTH_VALUE:10;
uint8_t :0; // align to next 8bit bound
size_t MARSHAL_STACKDEPTH_MAX:10;
};
};
};
};
struct StackCounter {
static void Reset(Isolate* isolate) {
if (IsolateData::Get(isolate, IsolateData::MARSHAL_STACKDEPTH_MAX) > 0) {
IsolateData::Set(isolate, IsolateData::MARSHAL_STACKDEPTH_VALUE, 0);
IsolateData::Set(isolate, IsolateData::MARSHAL_STACKDEPTH_REACHED, false);
}
}
static void SetMax(Isolate* isolate, size_t marshalMaxStackDepth) {
if (marshalMaxStackDepth > 0) {
IsolateData::Set(isolate, IsolateData::MARSHAL_STACKDEPTH_MAX, marshalMaxStackDepth);
IsolateData::Set(isolate, IsolateData::MARSHAL_STACKDEPTH_VALUE, 0);
IsolateData::Set(isolate, IsolateData::MARSHAL_STACKDEPTH_REACHED, false);
}
}
StackCounter(Isolate* isolate) {
this->isActive = IsolateData::Get(isolate, IsolateData::MARSHAL_STACKDEPTH_MAX) > 0;
if (this->isActive) {
this->isolate = isolate;
this->IncDepth(1);
}
}
bool IsTooDeep() {
if (!this->IsActive()) {
return false;
}
size_t depth = IsolateData::Get(this->isolate, IsolateData::MARSHAL_STACKDEPTH_VALUE);
size_t maxDepth = IsolateData::Get(this->isolate, IsolateData::MARSHAL_STACKDEPTH_MAX);
if (depth > maxDepth) {
IsolateData::Set(this->isolate, IsolateData::MARSHAL_STACKDEPTH_REACHED, true);
return true;
}
return false;
}
bool IsActive() {
return this->isActive && !IsolateData::Get(this->isolate, IsolateData::DO_TERMINATE);
}
~StackCounter() {
if (this->IsActive()) {
this->IncDepth(-1);
}
}
private:
Isolate* isolate;
bool isActive;
void IncDepth(int direction) {
int inc = direction > 0 ? 1 : -1;
size_t depth = IsolateData::Get(this->isolate, IsolateData::MARSHAL_STACKDEPTH_VALUE);
// don't decrement past 0
if (inc > 0 || depth > 0) {
depth += inc;
}
IsolateData::Set(this->isolate, IsolateData::MARSHAL_STACKDEPTH_VALUE, depth);
}
};
static VALUE rb_cContext;
static VALUE rb_cSnapshot;
static VALUE rb_cIsolate;
@ -257,7 +346,7 @@ static void gc_callback(Isolate *isolate, GCType type, GCCallbackFlags flags) {
return;
}
size_t softlimit = IsolateData::Get(isolate, IsolateData::MEM_SOFTLIMIT_VALUE);
size_t softlimit = IsolateData::Get(isolate, IsolateData::MEM_SOFTLIMIT_MAX);
HeapStatistics stats;
isolate->GetHeapStatistics(&stats);
@ -376,10 +465,7 @@ nogvl_context_eval(void* arg) {
Context::Scope context_scope(context);
v8::ScriptOrigin *origin = NULL;
IsolateData::Set(isolate, IsolateData::IN_GVL, false);
IsolateData::Set(isolate, IsolateData::DO_TERMINATE, false);
IsolateData::Set(isolate, IsolateData::MEM_SOFTLIMIT_VALUE, 0);
IsolateData::Set(isolate, IsolateData::MEM_SOFTLIMIT_REACHED, false);
IsolateData::Init(isolate);
MaybeLocal<Script> parsed_script;
@ -406,13 +492,17 @@ nogvl_context_eval(void* arg) {
} else {
// parsing successful
if (eval_params->max_memory > 0) {
IsolateData::Set(isolate, IsolateData::MEM_SOFTLIMIT_VALUE, eval_params->max_memory);
IsolateData::Set(isolate, IsolateData::MEM_SOFTLIMIT_MAX, eval_params->max_memory);
if (!isolate_info->added_gc_cb) {
isolate->AddGCEpilogueCallback(gc_callback);
isolate_info->added_gc_cb = true;
}
}
if (eval_params->marshal_stackdepth > 0) {
StackCounter::SetMax(isolate, eval_params->marshal_stackdepth);
}
maybe_value = parsed_script.ToLocalChecked()->Run(context);
}
@ -436,6 +526,18 @@ static VALUE convert_v8_to_ruby(Isolate* isolate, Local<Context> context,
Isolate::Scope isolate_scope(isolate);
HandleScope scope(isolate);
StackCounter stackCounter(isolate);
if (IsolateData::Get(isolate, IsolateData::MARSHAL_STACKDEPTH_REACHED)) {
return Qnil;
}
if (stackCounter.IsTooDeep()) {
IsolateData::Set(isolate, IsolateData::DO_TERMINATE, true);
isolate->TerminateExecution();
return Qnil;
}
if (value->IsNull() || value->IsUndefined()){
return Qnil;
}
@ -931,8 +1033,13 @@ static VALUE convert_result_to_ruby(VALUE self /* context */,
VALUE ruby_exception = rb_iv_get(self, "@current_exception");
if (ruby_exception == Qnil) {
bool mem_softlimit_reached = IsolateData::Get(isolate, IsolateData::MEM_SOFTLIMIT_REACHED);
bool marshal_stack_maxdepth_reached = IsolateData::Get(isolate, IsolateData::MARSHAL_STACKDEPTH_REACHED);
// If we were terminated or have the memory softlimit flag set
if (result.terminated || mem_softlimit_reached) {
if (marshal_stack_maxdepth_reached) {
ruby_exception = rb_eScriptRuntimeError;
std::string msg = std::string("Marshal object depth too deep. Script terminated.");
message = rb_enc_str_new(msg.c_str(), msg.length(), rb_enc_find("utf-8"));
} else if (result.terminated || mem_softlimit_reached) {
ruby_exception = mem_softlimit_reached ? rb_eV8OutOfMemoryError : rb_eScriptTerminatedError;
} else {
ruby_exception = rb_eScriptRuntimeError;
@ -967,6 +1074,7 @@ static VALUE convert_result_to_ruby(VALUE self /* context */,
VALUE json_string = rb_enc_str_new(*String::Utf8Value(isolate, rstr), rstr->Utf8Length(isolate), rb_enc_find("utf-8"));
ret = rb_funcall(rb_mJSON, rb_intern("parse"), 1, json_string);
} else {
StackCounter::Reset(isolate);
ret = convert_v8_to_ruby(isolate, *p_ctx, tmp);
}
@ -1024,6 +1132,7 @@ static VALUE rb_context_eval_unsafe(VALUE self, VALUE str, VALUE filename) {
eval_params.result = &eval_result;
eval_params.timeout = 0;
eval_params.max_memory = 0;
eval_params.marshal_stackdepth = 0;
VALUE timeout = rb_iv_get(self, "@timeout");
if (timeout != Qnil) {
eval_params.timeout = (useconds_t)NUM2LONG(timeout);
@ -1034,6 +1143,11 @@ static VALUE rb_context_eval_unsafe(VALUE self, VALUE str, VALUE filename) {
eval_params.max_memory = (size_t)NUM2ULONG(mem_softlimit);
}
VALUE stack_depth = rb_iv_get(self, "@marshal_stack_depth");
if (stack_depth != Qnil) {
eval_params.marshal_stackdepth = (size_t)NUM2ULONG(stack_depth);
}
eval_result.message = NULL;
eval_result.backtrace = NULL;
@ -1103,6 +1217,7 @@ gvl_ruby_callback(void* data) {
for (int i = 0; i < length; i++) {
Local<Value> value = ((*args)[i]).As<Value>();
StackCounter::Reset(args->GetIsolate());
VALUE tmp = convert_v8_to_ruby(args->GetIsolate(),
*context_info->context, value);
rb_ary_push(ruby_args, tmp);
@ -1556,12 +1671,16 @@ nogvl_context_call(void *args) {
IsolateData::Set(isolate, IsolateData::DO_TERMINATE, false);
if (call->max_memory > 0) {
IsolateData::Set(isolate, IsolateData::MEM_SOFTLIMIT_VALUE, call->max_memory);
IsolateData::Set(isolate, IsolateData::MEM_SOFTLIMIT_MAX, call->max_memory);
IsolateData::Set(isolate, IsolateData::MEM_SOFTLIMIT_REACHED, false);
if (!isolate_info->added_gc_cb) {
isolate->AddGCEpilogueCallback(gc_callback);
isolate->AddGCEpilogueCallback(gc_callback);
isolate_info->added_gc_cb = true;
}
}
if (call->marshal_stackdepth > 0) {
StackCounter::SetMax(isolate, call->marshal_stackdepth);
}
Isolate::Scope isolate_scope(isolate);
@ -1627,6 +1746,13 @@ static VALUE rb_context_call_unsafe(int argc, VALUE *argv, VALUE self) {
unsigned long sl_int = NUM2ULONG(mem_softlimit);
call.max_memory = (size_t)sl_int;
}
call.marshal_stackdepth = 0;
VALUE marshal_stackdepth = rb_iv_get(self, "@marshal_stack_depth");
if (marshal_stackdepth != Qnil) {
unsigned long sl_int = NUM2ULONG(marshal_stackdepth);
call.marshal_stackdepth = (size_t)sl_int;
}
bool missingFunction = false;
{

13
lib/mini_racer.rb
View File

@ -15,6 +15,9 @@ require "json"
module MiniRacer
MARSHAL_STACKDEPTH_DEFAULT = 2**9-2
MARSHAL_STACKDEPTH_MAX_VALUE = 2**10-2
class Error < ::StandardError; end
class ContextDisposedError < Error; end
@ -140,10 +143,10 @@ module MiniRacer
end
end
def initialize(max_memory: nil, timeout: nil, isolate: nil, ensure_gc_after_idle: nil, snapshot: nil)
def initialize(max_memory: nil, timeout: nil, isolate: nil, ensure_gc_after_idle: nil, snapshot: nil, marshal_stack_depth: nil)
options ||= {}
check_init_options!(isolate: isolate, snapshot: snapshot, max_memory: max_memory, ensure_gc_after_idle: ensure_gc_after_idle, timeout: timeout)
check_init_options!(isolate: isolate, snapshot: snapshot, max_memory: max_memory, marshal_stack_depth: marshal_stack_depth, ensure_gc_after_idle: ensure_gc_after_idle, timeout: timeout)
@functions = {}
@timeout = nil
@ -151,6 +154,7 @@ module MiniRacer
@current_exception = nil
@timeout = timeout
@max_memory = max_memory
@marshal_stack_depth = marshal_stack_depth
# false signals it should be fetched if requested
@isolate = isolate || false
@ -379,11 +383,12 @@ module MiniRacer
rp.close if rp
end
def check_init_options!(isolate:, snapshot:, max_memory:, ensure_gc_after_idle:, timeout:)
def check_init_options!(isolate:, snapshot:, max_memory:, marshal_stack_depth:, ensure_gc_after_idle:, timeout:)
assert_option_is_nil_or_a('isolate', isolate, Isolate)
assert_option_is_nil_or_a('snapshot', snapshot, Snapshot)
assert_numeric_or_nil('max_memory', max_memory, min_value: 10_000, max_value: 2**32)
assert_numeric_or_nil('max_memory', max_memory, min_value: 10_000, max_value: 2**32-1)
assert_numeric_or_nil('marshal_stack_depth', marshal_stack_depth, min_value: 1, max_value: MARSHAL_STACKDEPTH_MAX_VALUE)
assert_numeric_or_nil('ensure_gc_after_idle', ensure_gc_after_idle, min_value: 1)
assert_numeric_or_nil('timeout', timeout, min_value: 1)

61
test/mini_racer_test.rb
View File

@ -340,7 +340,7 @@ raise FooError, "I like foos"
end
assert_raises(ArgumentError) do
MiniRacer::Context.new(max_memory: 2**32+1)
MiniRacer::Context.new(max_memory: 2**32)
end
end
@ -868,6 +868,65 @@ raise FooError, "I like foos"
assert_equal :foo, context.eval("Symbol('foo')")
end
def test_cyclical_object_js
context = MiniRacer::Context.new(marshal_stack_depth: 5)
context.attach("a", proc{|a| a})
assert_raises(MiniRacer::RuntimeError) { context.eval("var o={}; o.o=o; a(o)") }
end
def test_cyclical_array_js
context = MiniRacer::Context.new(marshal_stack_depth: 5)
context.attach("a", proc{|a| a})
assert_raises(MiniRacer::RuntimeError) { context.eval("let arr = []; arr.push(arr); a(arr)") }
end
def test_cyclical_elem_in_array_js
context = MiniRacer::Context.new(marshal_stack_depth: 5)
context.attach("a", proc{|a| a})
assert_raises(MiniRacer::RuntimeError) { context.eval("let arr = []; arr[0]=1; arr[1]=arr; a(arr)") }
end
def test_infinite_object_js
context = MiniRacer::Context.new(marshal_stack_depth: 5)
context.attach("a", proc{|a| a})
js = <<~JS
var d=0;
function get(z) {
z.depth=d++; // this isn't necessary to make it infinite, just to make it more obvious that it is
Object.defineProperty(z,'foo',{get(){var r={};return get(r);},enumerable:true})
return z;
}
a(get({}));
JS
assert_raises(MiniRacer::RuntimeError) { context.eval(js) }
end
def test_deep_object_js
context = MiniRacer::Context.new(marshal_stack_depth: 5)
context.attach("a", proc{|a| a})
# stack depth should be enough to marshal the object
assert_equal [[[]]], context.eval("let arr = [[[]]]; a(arr)")
# too deep
assert_raises(MiniRacer::RuntimeError) { context.eval("let arr = [[[[[[[[]]]]]]]]; a(arr)") }
end
def test_stackdepth_bounds
assert_raises(ArgumentError) do
MiniRacer::Context.new(marshal_stack_depth: -2)
end
assert_raises(ArgumentError) do
MiniRacer::Context.new(marshal_stack_depth: MiniRacer::MARSHAL_STACKDEPTH_MAX_VALUE+1)
end
end
def test_proxy_support
js = <<~JS
function MyProxy(reference) {