-
Notifications
You must be signed in to change notification settings - Fork 15k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Renderer crashes on ArrayBuffer->GetBackingStore() when Buffer is too large #31554
Comments
Update: i.e.
Happens on both |
Update: The bug does not seem to occur with a standard node.js |
Related? |
Current status: sync.cc
build with node-gyp |
CC @miniak |
This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the latest version of Electron or in the beta—please include it with your comment! |
This issue has been closed due to inactivity, and will not be monitored. If this is a bug and you can reproduce this issue on a supported version of Electron please open a new issue and include instructions for reproducing the issue. |
Preflight Checklist
Electron Version
14.1.1
What operating system are you using?
Ubuntu
Operating System Version
Kubuntu 20.04
What arch are you using?
x64
Last Known Working Electron version
N/A
Expected Behavior
ArrayBuffer->GetBackingStore()
should not crash the renderer for any buffer sizeActual Behavior
Consider the following snippet in a native addon:
For Electron 9.0.0, if you call this from the JS world for
param = 245760
everything is fine.When you change param to
param = 245761
or any bigger value, the renderer process crashes with the following stack trace:i.e.
param <= 245760
works, butparam >= 245761
crashes the renderer.For Electron 14, the magic number is
229376
(works forparam <= 229376
, crashes forparam >= 229377
)I have tested the following numbers for Electron 9.0.0:
For Electron 14.1.1.:
If you remove the Float32Array and only return the Buffer, everything seems to work fine.
I don't have a stack trace for Electron 14.1.1 at hand... Debug version is still compiling
Repro Repos:
https://github.com/robinchrist/electron-native-arraybuffer-crash-addon
https://github.com/robinchrist/electron-native-arraybuffer-crash-electron
Repro guide:
in devtools:
-> Renderer crash
change parameter to
size_t param = 229376
in devtools:
-> WORKS
OS: Kubuntu 20.04
Compiler:
Testcase Gist URL
No response
Additional Information
No response
The text was updated successfully, but these errors were encountered: