Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentations fault with --untrusted-code-mitigations #43296

Closed
XadillaX opened this issue Jun 2, 2022 · 3 comments
Closed

Segmentations fault with --untrusted-code-mitigations #43296

XadillaX opened this issue Jun 2, 2022 · 3 comments
Labels
v8 engine Issues and PRs related to the V8 dependency.

Comments

@XadillaX
Copy link
Contributor

XadillaX commented Jun 2, 2022
edited
Loading

Version

16.15.0

Platform

Linux zanardance 5.14.0-1036-oem #40-Ubuntu SMP Mon May 9 09:15:08 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

macOS has the same problem

Subsystem

No response

What steps will reproduce the bug?

Use this code:

'use strict';

while (true) {
  const tagKeys = Object.keys({ k: 'key' });
  // const tagKeys = [ 1 ];
  tagKeys[0];
}

And run with --untrusted-code-mitigations:

$ node --untrusted-code-mitigations foo.js

How often does it reproduce? Is there a required condition?

Every time.

What is the expected behavior?

No response

What do you see instead?

Segmentation fault.

Additional information

No response
@XadillaX XadillaX added the v8 engine Issues and PRs related to the V8 dependency. label Jun 2, 2022
@XadillaX
Copy link
Contributor Author

XadillaX commented Jun 2, 2022

Sync to v8 issue: https://bugs.chromium.org/p/v8/issues/detail?id=12931

@targos
Copy link
Member

targos commented Jun 2, 2022

Note that V8 removed untrusted code mitigations in https://chromium-review.googlesource.com/c/v8/v8/+/3045704 (landed in version 9.5 / Node.js 17.0.0)

@targos targos added the v16.x label Jun 2, 2022
XadillaX added a commit to XadillaX/node that referenced this issue Jun 6, 2022
@XadillaX
deps: cherry-pick 4ab70f6 from V8 upstream
ece86ce 
    [Compiler] Remove untrusted code mitigations.

    These are no longer enabled, so remove the code mitigation logic from
    the codebase.

    BUG=chromium:1003890

    Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704
    Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
    Reviewed-by: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: Clemens Backes <clemensb@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#76256}

Refs: v8/v8@4ab70f6
Fixes: nodejs#43296
@XadillaX XadillaX mentioned this issue Jun 6, 2022
Closed
danielleadams pushed a commit that referenced this issue Jun 26, 2022
@XadillaX @danielleadams
deps: cherry-pick 4ab70f6 from V8 upstream
f2dc43a 
    [Compiler] Remove untrusted code mitigations.

    These are no longer enabled, so remove the code mitigation logic from
    the codebase.

    BUG=chromium:1003890

    Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704
    Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
    Reviewed-by: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: Clemens Backes <clemensb@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#76256}

Refs: v8/v8@4ab70f6
Fixes: #43296

PR-URL: #43328
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
danielleadams pushed a commit that referenced this issue Jul 7, 2022
@XadillaX @danielleadams
deps: cherry-pick 4ab70f6 from V8 upstream
01e7d1f 
    [Compiler] Remove untrusted code mitigations.

    These are no longer enabled, so remove the code mitigation logic from
    the codebase.

    BUG=chromium:1003890

    Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704
    Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
    Reviewed-by: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: Clemens Backes <clemensb@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#76256}

Refs: v8/v8@4ab70f6
Fixes: #43296

PR-URL: #43328
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
@targos
Copy link
Member

targos commented Jul 18, 2022

Fixed in #43328

@targos targos closed this as completed Jul 18, 2022
guangwong pushed a commit to noslate-project/node that referenced this issue Oct 10, 2022
@XadillaX @guangwong
deps: cherry-pick 4ab70f6 from V8 upstream
3f88e57 
    [Compiler] Remove untrusted code mitigations.

    These are no longer enabled, so remove the code mitigation logic from
    the codebase.

    BUG=chromium:1003890

    Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704
    Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
    Reviewed-by: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: Clemens Backes <clemensb@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#76256}

Refs: v8/v8@4ab70f6
Fixes: nodejs/node#43296

PR-URL: nodejs/node#43328
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
davidjb added a commit to davidjb/isolated-vm that referenced this issue Mar 7, 2024
@davidjb
Remove mention of --untrusted-code-mitigations in README.md
663673e 
This functionality was removed in Node 16.17.0 and 17.0.0.  Comments on the relevant issues suggest this mitigations may never have worked:

nodejs/node#43296
nodejs/node#43328
@davidjb davidjb mentioned this issue Mar 7, 2024
Merged
laverdet pushed a commit to laverdet/isolated-vm that referenced this issue Mar 7, 2024
@davidjb
Remove mention of --untrusted-code-mitigations in README.md (#458)
e65b6b7 
This functionality was removed in Node 16.17.0 and 17.0.0.  Comments on the relevant issues suggest this mitigations may never have worked:

nodejs/node#43296
nodejs/node#43328
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
v8 engine Issues and PRs related to the V8 dependency.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@targos @XadillaX