Stack Overflow: memory access out of bounds #816
Comments
|
Possibly related: #416
Not that I know of, other than the PHP memory limit which should result in a PHP Fatal Error, not wasm crash. That's definitely a bug in Playground. Some |
adamziel
added
[Type] Bug
|
This is the same bug as #870, and is fixed by the same code. |
|
Potentially related Emscripten issue: Automatically growing the stack. Passing a large request body or response body via stack may be hitting the default stack size of, I think, 1MB. |
|
The issue is indeed a related to stack size. Clicking "Use template" calls const size = this[__private__dont__use].lengthBytesUTF8(body);
const addr = this.malloc(size + 1);
this[__private__dont__use].stringToUTF8(body, addr, size + 1);
this[__private__dont__use].ccall(
'wasm_set_request_body',
null,
[NUMBER],
[addr]
);I'm not convinced about encoding the body bytes as UTF8 so the details may change, but there's a good chance the heap approach would fix this problem. |
adamziel
changed the title
Before this PR, requests with large body trigger a stack overflow error. For example, issue #816 describes how clicking a "Use template" button calls wasm_set_request_body with a body string that's 153KB large which is too much for the current WASM build. This PR fixes the issue by allocating the request body on the heap, not on the stack. ## Implementation details `BasePHP.setRequestBody` converts the body string into bytes using the `stringToUTF8` function provided by Emscripten. This is just as it was before this PR. This method isn't perfect and will break for some inputs. The `setRequestBody` method should just accept a `UInt8Array` instead of a string, but that's outside of scope of this PR. ## Testing instructions Confirm the CI checks are green. This PR ships with a series of checks to confirm the crash is fixed. For manual testing, navigate to https://beemovie.fandom.com/wiki/Bee_Movie/Transcript and Select All, then Copy the selection. Then go to http://localhost:5400/website-server/?php=8.3&wp=6.4&storage=none&url=/wp-admin/post-new.php and paste the content of the clipboard directly into the editor. The javascript will take a moment to digest the pasted content into blocks. The editor should end up creating very many blocks. Once thats done, click publish, and the post should save without crashing.
Before this PR, requests with large body trigger a stack overflow error. For example, issue #816 describes how clicking a "Use template" button calls wasm_set_request_body with a body string that's 153KB large which is too much for the current WASM build. This PR fixes the issue by allocating the request body on the heap, not on the stack. ## Implementation details `BasePHP.setRequestBody` allocates enough heap memory to store the body string. Then, it converts the body string into bytes and writes it into heap. Once the request is finished, `BasePHP.run()` frees that memory. The conversion to bytes is done via the `stringToUTF8` function provided by Emscripten. This is just as it was before this PR. This method isn't perfect and will break for some inputs. The `setRequestBody` method should just accept a `UInt8Array` instead of a string, but that's outside of scope of this PR. ## Testing instructions Confirm the CI checks are green. This PR ships with a series of checks to confirm the crash is fixed. For manual testing, navigate to https://beemovie.fandom.com/wiki/Bee_Movie/Transcript and Select All, then Copy the selection. Then go to http://localhost:5400/website-server/?php=8.3&wp=6.4&storage=none&url=/wp-admin/post-new.php and paste the content of the clipboard directly into the editor. The javascript will take a moment to digest the pasted content into blocks. The editor should end up creating very many blocks. Once thats done, click publish, and the post should save without crashing. Supersedes #870
|
@swissspidy this should be fixed! :-) Thank you for reporting, please let me know about any other issues you stumble upon.
|
Fix: #870
This might be a reincarnation of #169
To reproduce:
memory access out of boundserror in consoleAre there some body size limits with playground that one should be aware of?
The text was updated successfully, but these errors were encountered: