node
node copied to clipboard
Published
20 hours ago •
nodejs
nodejs
Parcel 2.12.0 malloc(): corrupted top size in Node 22.7.0
Version
22.7.0
Platform
Linux 6.8.0-40-generic #40~22.04.3-Ubuntu SMP PREEMPT_DYNAMIC Tue Jul 30 17:30:19 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Subsystem
No response
What steps will reproduce the bug?
Mirror of https://github.com/parcel-bundler/parcel/issues/9926 More information available in https://github.com/parcel-bundler/parcel/issues/9926
🐛 bug report
In Node 22.7.0 (not older versions), parcel now fails with this error
pnpm exec parcel build --target html ./src/browser/index.html
malloc(): corrupted top size
I get more info here: https://github.com/aminya/assemblyscript-template/actions/runs/10531888327/job/29184908856#step:7:51
(node:2304) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Building...
Bundling...
node: malloc.c:4302: _int_malloc: Assertion `(unsigned long) (size) >= (unsigned long) (nb)' failed.
Aborted (core dumped)
gdb stacktrace
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140736297170496) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=140736297170496) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=140736297170496, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3 0x00007ffff7a78476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007ffff7a5e7f3 in __GI_abort () at ./stdlib/abort.c:79
#5 0x00007ffff7abf676 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7c11b77 "%s\n")
at ../sysdeps/posix/libc_fatal.c:155
#6 0x00007ffff7ad6cfc in malloc_printerr (str=str@entry=0x7ffff7c14bc0 "malloc(): invalid size (unsorted)") at ./malloc/malloc.c:5664
#7 0x00007ffff7ada0dc in _int_malloc (av=av@entry=0x7fffb4000030, bytes=bytes@entry=32) at ./malloc/malloc.c:4002
#8 0x00007ffff7adb139 in __GI___libc_malloc (bytes=32) at ./malloc/malloc.c:3329
#9 0x00007ffff7e1998c in operator new(unsigned long) () from /lib/x86_64-linux-gnu/libstdc++.so.6
#10 0x000000000153c25a in void std::vector<v8::internal::Handle<v8::internal::Map>, std::allocator<v8::internal::Handle<v8::internal::Map> > >::_M_realloc_insert<v8::internal::Handle<v8::internal::Map> >(__gnu_cxx::__normal_iterator<v8::internal::Handle<v8::internal::Map>*, std::vector<v8::internal::Handle<v8::internal::Map>, std::allocator<v8::internal::Handle<v8::internal::Map> > > >, v8::internal::Handle<v8::internal::Map>&&) ()
#11 0x0000000001657468 in v8::internal::FeedbackNexus::ExtractMaps(std::vector<v8::internal::Handle<v8::internal::Map>, std::allocator<v8::internal::Handle<v8::internal::Map> > >*) const ()
#12 0x00000000015338ab in v8::internal::IC::ShouldRecomputeHandler(v8::internal::Handle<v8::internal::String>) ()
#13 0x0000000001533a6d in v8::internal::IC::UpdateState(v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>) ()
#14 0x0000000001542f82 in v8::internal::Runtime_LoadIC_Miss(int, unsigned long*, v8::internal::Isolate*) ()
#15 0x00007fffb3eac576 in ?? ()
#16 0x00000ce90ed0dce9 in ?? ()
#17 0x00007fffb8ff9870 in ?? ()
#18 0x0000000000000006 in ?? ()
#19 0x00007fffb8ff9910 in ?? ()
#20 0x00007fff94078390 in ?? ()
#21 0x0000033539ecf0f9 in ?? ()
#22 0x0000000000000016 in ?? ()
#23 0x0000199a69633c89 in ?? ()
#24 0x00002c28e4701669 in ?? ()
#25 0x000000649af40069 in ?? ()
#26 0x000039fef53b8f69 in ?? ()
#27 0x00000ff4c39d1739 in ?? ()
#28 0x000001f59ce09539 in ?? ()
#29 0x00002c28e4701669 in ?? ()
#30 0x0000033539ecf0f9 in ?? ()
#31 0x0000198fae9bec01 in ?? ()
#32 0x0000296284423d31 in ?? ()
#33 0x0000000000000002 in ?? ()
#34 0x000019efcfd8a149 in ?? ()
#35 0x00000ff4c39d1451 in ?? ()
#36 0x00007fffb8ff9978 in ?? ()
#37 0x00007fff9407810a in ?? ()
#38 0x000000649af40069 in ?? ()
#39 0x000039fef53b8e89 in ?? ()
#40 0x000019efcfd8a2a9 in ?? ()
#41 0x000019efcfd8a149 in ?? ()
#42 0x000000649af40069 in ?? ()
#43 0x0000033539ecefc9 in ?? ()
#44 0x0000198fae9bedd9 in ?? ()
#45 0x0000296284423c29 in ?? ()
#46 0x0000000000000002 in ?? ()
#47 0x000019efcfd8a361 in ?? ()
#48 0x000019efcfd8a1b1 in ?? ()
#49 0x00007fffb8ff9a00 in ?? ()
#50 0x00007fff940e2065 in ?? ()
#51 0x000000649af40069 in ?? ()
#52 0x000039fef53b8e89 in ?? ()
#53 0x000000649af40069 in ?? ()
#54 0x000000649af40069 in ?? ()
#55 0x000019efcfd8a361 in ?? ()
#56 0x000019efcfd8a181 in ?? ()
#57 0x00000ff4c39d1451 in ?? ()
#58 0x000000649af40069 in ?? ()
#59 0x000039fef53b8e89 in ?? ()
#60 0x00002292dbc81659 in ?? ()
#61 0x00003372a19e0339 in ?? ()
#62 0x0000296284423ad9 in ?? ()
#63 0x0000000000000003 in ?? ()
#64 0x00000ff4c39d1839 in ?? ()
#65 0x000019efcfd8a1b1 in ?? ()
#66 0x00007fffb8ff9a78 in ?? ()
#67 0x00007fff94113fdd in ?? ()
#68 0x000000649af40069 in ?? ()
#69 0x000039fef53b8e89 in ?? ()
#70 0x000019efcfd8a149 in ?? ()
#71 0x000000649af40069 in ?? ()
#72 0x000019efcfd8a149 in ?? ()
#73 0x000000649af40069 in ?? ()
#74 0x00000ff4c39d1839 in ?? ()
#75 0x00000cb215a4a059 in ?? ()
#76 0x00003372a19e0369 in ?? ()
#77 0x0000296284423a31 in ?? ()
#78 0x0000000000000002 in ?? ()
#79 0x00000ff4c39d18b9 in ?? ()
#80 0x00000ff4c39d1451 in ?? ()
#81 0x00007fffb8ff9ae0 in ?? ()
#82 0x00007fffb3e0d8de in ?? ()
#83 0x000000649af40069 in ?? ()
#84 0x000039fef53b8e89 in ?? ()
#85 0x00000ff4c39d1701 in ?? ()
#86 0x00000ff4c39d18b9 in ?? ()
#87 0x000039fef53b8e89 in ?? ()
#88 0x000000649af40069 in ?? ()
#89 0x0000004f00000000 in ?? ()
#90 0x00002a8d5a8248d9 in ?? ()
#91 0x0000000000000002 in ?? ()
#92 0x00000ff4c39d1959 in ?? ()
#93 0x00000ff4c39d1451 in ?? ()
#94 0x00007fffb8ff9c30 in ?? ()
#95 0x00007fffb3e0d8de in ?? ()
#96 0x000000649af40069 in ?? ()
#97 0x000039fef53b8d81 in ?? ()
#98 0x000000649af40069 in ?? ()
#99 0x000000649af40069 in ?? ()
#100 0x000000649af40069 in ?? ()
#101 0x000039fef53b8711 in ?? ()
#102 0x000039fef53b8169 in ?? ()
#103 0x000000649af40c69 in ?? ()
#104 0xffffffff00000000 in ?? ()
#105 0xffffffff00000000 in ?? ()
#106 0x000000649af400d9 in ?? ()
#107 0x000023964e0c19c9 in ?? ()
#108 0x000039fef53b8d81 in ?? ()
#109 0x00000ff4c39d1959 in ?? ()
#110 0x000039fef53b8711 in ?? ()
#111 0x00000cb215a67cf1 in ?? ()
#112 0x000000649af40069 in ?? ()
#113 0x000000649af40069 in ?? ()
#114 0x000000649af40069 in ?? ()
#115 0x000000649af40069 in ?? ()
#116 0x000000649af40069 in ?? ()
#117 0x000000649af40069 in ?? ()
#118 0x000039fef53b8169 in ?? ()
#119 0x0000000200000000 in ?? ()
#120 0x000000649af40069 in ?? ()
#121 0x000000649af40069 in ?? ()
#122 0x000000649af40069 in ?? ()
#123 0x000000649af40069 in ?? ()
#124 0x000039fef53b8919 in ?? ()
#125 0x000039fef53b88e1 in ?? ()
#126 0x000000649af40069 in ?? ()
#127 0x000039fef53b8149 in ?? ()
#128 0x000039fef53b8101 in ?? ()
#129 0x000039fef53b8889 in ?? ()
#130 0x000000649af40069 in ?? ()
#131 0x000004a700000000 in ?? ()
#132 0x0000296284424a51 in ?? ()
#133 0x0000000000000002 in ?? ()
#134 0x00000f524b10a5c1 in ?? ()
#135 0x000039fef53b8711 in ?? ()
#136 0x00007fffb8ff9c88 in ?? ()
#137 0x00007fffb3e0d8de in ?? ()
#138 0x00002292dbc9b329 in ?? ()
#139 0x000039fef53b7ff1 in ?? ()
#140 0x00000f524b10a5c1 in ?? ()
#141 0x000000649af40069 in ?? ()
#142 0x0000006700000000 in ?? ()
#143 0x00002962844246a1 in ?? ()
#144 0x0000000000000002 in ?? ()
#145 0x00000f524b10a519 in ?? ()
#146 0x00000cb215a67cf1 in ?? ()
#147 0x00007fffb8ff9ce8 in ?? ()
#148 0x00007fffb3e0d8de in ?? ()
#149 0x00002292dbc9b329 in ?? ()
#150 0x000039fef53b7ff1 in ?? ()
#151 0x00002292dbc9b329 in ?? ()
#152 0x00000f524b10a519 in ?? ()
#153 0x000000649af40069 in ?? ()
#154 0x0000004700000000 in ?? ()
#155 0x00002962844245f9 in ?? ()
#156 0x0000000000000002 in ?? ()
#157 0x00003d11bf0eab99 in ?? ()
#158 0x00003d11bf0eb0e9 in ?? ()
#159 0x00007fffb8ff9d58 in ?? ()
#160 0x00007fffb3e0d8de in ?? ()
#161 0x00003d11bf0e9d51 in ?? ()
#162 0x000039fef53b7ff1 in ?? ()
#163 0x00001d7decf7e341 in ?? ()
#164 0x000039fef53b7ff1 in ?? ()
#165 0x000000649af40069 in ?? ()
#166 0x00003d11bf0eab99 in ?? ()
#167 0x000000649af40069 in ?? ()
#168 0x0000005500000000 in ?? ()
#169 0x0000296284423859 in ?? ()
#170 0x0000000000000002 in ?? ()
#171 0x000015cdba928f41 in ?? ()
#172 0x00000cb215a6a5d1 in ?? ()
#173 0x00007fffb8ff9db8 in ?? ()
#174 0x00007fffb3e0d8de in ?? ()
#175 0x00003d11bf0e9d51 in ?? ()
#176 0x000039fef53b7ff1 in ?? ()
#177 0x00003d11bf0e9d51 in ?? ()
#178 0x000015cdba928f41 in ?? ()
#179 0x000000649af40069 in ?? ()
#180 0x0000004700000000 in ?? ()
#181 0x00002962844237c9 in ?? ()
#182 0x0000000000000002 in ?? ()
#183 0x00003d11bf0eb0b1 in ?? ()
#184 0x00003d11bf0ecc19 in ?? ()
#185 0x00007fffb8ff9e80 in ?? ()
#186 0x00007fff9408662e in ?? ()
#187 0x00000cb215a6b139 in ?? ()
#188 0x000039fef53b7ff1 in ?? ()
#189 0x000000649af40069 in ?? ()
#190 0x000039fef53b7ff1 in ?? ()
#191 0x00000cb215a6b139 in ?? ()
#192 0x00003d11bf0eb0b1 in ?? ()
#193 0x000001f59ce1b8f9 in ?? ()
#194 0x000039fef53b8219 in ?? ()
#195 0x00000cb215a6b291 in ?? ()
#196 0x000000649af40069 in ?? ()
#197 0x000000649af40069 in ?? ()
#198 0x000000649af40069 in ?? ()
#199 0x00003d11bf0eb0b1 in ?? ()
#200 0x000039fef53b7ff1 in ?? ()
#201 0x000039fef53b82a1 in ?? ()
#202 0x000000649af40069 in ?? ()
#203 0x000039fef53b8269 in ?? ()
#204 0x000022c20de14ce1 in ?? ()
#205 0x00002bfc6ece6d29 in ?? ()
#206 0x000008c202f8e109 in ?? ()
#207 0x0000000000000004 in ?? ()
#208 0x00000cb215a6b329 in ?? ()
#209 0x000039fef53b8219 in ?? ()
#210 0x00007fffb8ff9f28 in ?? ()
#211 0x00007fffb3e0d8de in ?? ()
#212 0x00000cb215a6b139 in ?? ()
#213 0x000039fef53b7ff1 in ?? ()
#214 0x000000649af47c21 in ?? ()
#215 0x000000649af40069 in ?? ()
#216 0x000000649af40069 in ?? ()
#217 0x000000649af47c21 in ?? ()
#218 0x000039fef53b7ff1 in ?? ()
#219 0x00000cb215a6b139 in ?? ()
#220 0x00000cb215a6b329 in ?? ()
#221 0x000001f59ce2a8c9 in ?? ()
#222 0x000028972d731ec9 in ?? ()
#223 0x000000649af40069 in ?? ()
#224 0x000000649af40069 in ?? ()
#225 0x000000649af40069 in ?? ()
#226 0x0000006900000000 in ?? ()
#227 0x000017362fc04a19 in ?? ()
#228 0x0000000000000004 in ?? ()
#229 0x000001f59ce2a889 in ?? ()
#230 0x000001f59ce2a8c9 in ?? ()
#231 0x00007fffb8ff9f68 in ?? ()
#232 0x00007fffb3e0b4dc in ?? ()
#233 0x00000cb215a6b139 in ?? ()
#234 0x000039fef53b7ff1 in ?? ()
#235 0x000000649af40069 in ?? ()
#236 0x000000649af47c21 in ?? ()
#237 0x000001f59ce2a889 in ?? ()
#238 0x000000000000002c in ?? ()
#239 0x00007fffb8ff9fd0 in ?? ()
#240 0x00007fffb3e0b203 in ?? ()
#241 0x0000000000000000 in ?? ()
🎛 Configuration (.babelrc, package.json, cli command)
https://github.com/aminya/assemblyscript-template/tree/453edd38314835246c692319b6ae53c430a8010f
"html": "./dist/index.html",
"targets": {
"html": {
"context": "browser",
"engines": {
"browsers": "Chrome 76"
}
}
}
💻 Code Sample
https://github.com/aminya/assemblyscript-template/tree/453edd38314835246c692319b6ae53c430a8010f
🌍 Your Environment
| Software | Version(s) |
|---|---|
| Parcel | 2.12.0 |
| Node | 22.7.0 |
| npm/Yarn | pnpm 9.7 |
| Operating System | KDE Ubuntu 22.04 |
How often does it reproduce? Is there a required condition?
Always
What is the expected behavior? Why is that the expected behavior?
There should not be a difference between Node 22.6.0 and 22.7.0
What do you see instead?
Segfault in 22.7.0
Additional information
No response
I found the function that triggers this error in Nodejs. It seems it was changed last week in a commit to update V8:
nodejs/node@
4f1c27a/deps/v8/src/ic/ic.cc#L251 (blame)This is where the error actually happens: nodejs/node@
4f1c27a/deps/v8/src/objects/feedback-vector.cc#L1125 (blame)Reported it upstream: nodejs/node#54573
Quote from @aminya in the other thread. CC @nodejs/v8
While we wait for them to respond, do you happen to have a reproduction without the use of dependencies like parcel?
If not, could you run the same code with the NODE_DEBUG=* environment variable, and provide the output?
No, I don't have a simpler reproduction. Parcel also uses Nodejs Add-on API, so @devongovett should be able to help add a reproduction with a debug build of Parcel
No worries!
A few things to help narrow this down:
NODE_DEBUG=*will enable debug logging in Node.js, could you try running the same command with that in your environment?- If parcel has a debug logging system, It'd really help to narrow down where this is coming from.
Here's the log with NODE_DEBUG=*
node ./node_modules/parcel/bin/parcel.js
Looks like Parcel's caching code triggers this.
@[email protected]_@[email protected]_@[email protected]_/node_modules/@parcel/cache/lib/FSCache.js]
https://github.com/parcel-bundler/parcel/blob/0e08d8c69243e104aaba52c2393d528bb6872450/packages/core/cache/src/FSCache.js
I get errors in v8::internal::StringTable::OffHeapStringHashSet::KeyIsMatch. These occur in multiple different call stacks, e.g. in napi_set_named_property:
* thread #13, stop reason = EXC_BAD_ACCESS (code=1, address=0xa5fa)
* frame #0: 0x000000010077e3f4 node`bool v8::internal::StringTable::OffHeapStringHashSet::KeyIsMatch<v8::internal::Isolate, v8::internal::SequentialStringKey<unsigned char> >(v8::internal::Isolate*, v8::internal::SequentialStringKey<unsigned char>*, v8::internal::Tagged<v8::internal::Object>) + 32
frame #1: 0x000000010077b0ac node`v8::internal::Handle<v8::internal::String> v8::internal::StringTable::LookupKey<v8::internal::SequentialStringKey<unsigned char>, v8::internal::Isolate>(v8::internal::Isolate*, v8::internal::SequentialStringKey<unsigned char>*) + 128
frame #2: 0x000000010045f640 node`v8::internal::FactoryBase<v8::internal::Factory>::InternalizeString(v8::base::Vector<unsigned char const>, bool) + 176
frame #3: 0x000000010046fbdc node`v8::internal::Factory::InternalizeUtf8String(v8::base::Vector<char const>) + 76
frame #4: 0x00000001002dc950 node`v8::String::NewFromUtf8(v8::Isolate*, char const*, v8::NewStringType, int) + 128
frame #5: 0x0000000100094210 node`napi_set_named_property + 208
frame #6: 0x00000001194c5130 parcel-node-bindings.darwin-arm64.node`napi::js_values::_$LT$impl$u20$napi..js_values..object..JsObject$GT$::set_named_property::h5084994e2531749c + 88
frame #7: 0x00000001194d0e34 parcel-node-bindings.darwin-arm64.node`parcel_resolver::_::_$LT$impl$u20$serde..ser..Serialize$u20$for$u20$parcel_resolver..Resolution$GT$::serialize::h904a07a7bb6368f1 + 392
frame #8: 0x00000001194bccc4 parcel-node-bindings.darwin-arm64.node`parcel_node_bindings::resolver::Resolver::resolve_result_to_js::h68ad0611506b3f03 + 488
frame #9: 0x00000001194cb620 parcel-node-bindings.darwin-arm64.node`parcel_node_bindings::resolver::__napi_impl_helper__Resolver__1::__napi__resolve::h830643ec2ac2f150 + 648
Or in the v8.deserialize API:
* frame #0: 0x000000010077e308 node`bool v8::internal::StringTable::OffHeapStringHashSet::KeyIsMatch<v8::internal::Isolate, v8::internal::InternalizedStringKey>(v8::internal::Isolate*, v8::internal::InternalizedStringKey*, v8::internal::Tagged<v8::internal::Object>) + 28
frame #1: 0x000000010077d2f4 node`v8::internal::Handle<v8::internal::String> v8::internal::StringTable::LookupKey<v8::internal::InternalizedStringKey, v8::internal::Isolate>(v8::internal::Isolate*, v8::internal::InternalizedStringKey*) + 132
frame #2: 0x000000010077d0e8 node`v8::internal::StringTable::LookupString(v8::internal::Isolate*, v8::internal::Handle<v8::internal::String>) + 324
frame #3: 0x000000010079c148 node`v8::internal::ValueDeserializer::ReadJSObjectProperties(v8::internal::Handle<v8::internal::JSObject>, v8::internal::SerializationTag, bool) + 604
frame #4: 0x000000010079894c node`v8::internal::ValueDeserializer::ReadJSObject() + 268
frame #5: 0x0000000100797674 node`v8::internal::ValueDeserializer::ReadObjectInternal() + 820
frame #6: 0x000000010079725c node`v8::internal::ValueDeserializer::ReadObject() + 64
frame #7: 0x000000010079c440 node`v8::internal::ValueDeserializer::ReadJSObjectProperties(v8::internal::Handle<v8::internal::JSObject>, v8::internal::SerializationTag, bool) + 1364
frame #8: 0x000000010079894c node`v8::internal::ValueDeserializer::ReadJSObject() + 268
frame #9: 0x0000000100797674 node`v8::internal::ValueDeserializer::ReadObjectInternal() + 820
frame #10: 0x000000010079725c node`v8::internal::ValueDeserializer::ReadObject() + 64
frame #11: 0x000000010079c1f8 node`v8::internal::ValueDeserializer::ReadJSObjectProperties(v8::internal::Handle<v8::internal::JSObject>, v8::internal::SerializationTag, bool) + 780
frame #12: 0x000000010079894c node`v8::internal::ValueDeserializer::ReadJSObject() + 268
frame #13: 0x0000000100797674 node`v8::internal::ValueDeserializer::ReadObjectInternal() + 820
frame #14: 0x000000010079725c node`v8::internal::ValueDeserializer::ReadObject() + 64
frame #15: 0x000000010079c440 node`v8::internal::ValueDeserializer::ReadJSObjectProperties(v8::internal::Handle<v8::internal::JSObject>, v8::internal::SerializationTag, bool) + 1364
frame #16: 0x000000010079894c node`v8::internal::ValueDeserializer::ReadJSObject() + 268
frame #17: 0x0000000100797674 node`v8::internal::ValueDeserializer::ReadObjectInternal() + 820
frame #18: 0x000000010079725c node`v8::internal::ValueDeserializer::ReadObject() + 64
frame #19: 0x000000010079718c node`v8::internal::ValueDeserializer::ReadObjectWrapper() + 32
frame #20: 0x00000001002cc358 node`v8::ValueDeserializer::ReadValue(v8::Local<v8::Context>) + 268
frame #21: 0x0000000100172e70 node`node::serdes::DeserializerContext::ReadValue(v8::FunctionCallbackInfo<v8::Value> const&) + 100
frame #22: 0x0000000100d4f118 node`Builtins_CallApiCallbackGeneric + 184
Or just in the parser:
* frame #0: 0x000000010077caf8 node`v8::internal::OffHeapHashTableBase<v8::internal::StringTable::OffHeapStringHashSet>::RehashInto(v8::internal::PtrComprCageBase, v8::internal::StringTable::OffHeapStringHashSet*) + 124
frame #1: 0x000000010077b340 node`v8::internal::StringTable::EnsureCapacity(v8::internal::PtrComprCageBase, int) + 268
frame #2: 0x000000010077b104 node`v8::internal::Handle<v8::internal::String> v8::internal::StringTable::LookupKey<v8::internal::SequentialStringKey<unsigned char>, v8::internal::Isolate>(v8::internal::Isolate*, v8::internal::SequentialStringKey<unsigned char>*) + 216
frame #3: 0x00000001002f07fc node`void v8::internal::AstValueFactory::Internalize<v8::internal::Isolate>(v8::internal::Isolate*) + 152
frame #4: 0x00000001007a468c node`v8::internal::Parser::ParseFunction(v8::internal::Isolate*, v8::internal::ParseInfo*, v8::internal::Handle<v8::internal::SharedFunctionInfo>) + 1688
frame #5: 0x00000001007c51c0 node`v8::internal::parsing::ParseFunction(v8::internal::ParseInfo*, v8::internal::Handle<v8::internal::SharedFunctionInfo>, v8::internal::Isolate*, v8::internal::parsing::ReportStatisticsMode) + 276
frame #6: 0x000000010035c14c node`v8::internal::Compiler::Compile(v8::internal::Isolate*, v8::internal::Handle<v8::internal::SharedFunctionInfo>, v8::internal::Compiler::ClearExceptionFlag, v8::internal::IsCompiledScope*, v8::internal::CreateSourcePositions) + 828
frame #7: 0x000000010035ca88 node`v8::internal::Compiler::Compile(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSFunction>, v8::internal::Compiler::ClearExceptionFlag, v8::internal::IsCompiledScope*) + 236
frame #8: 0x000000010085b230 node`v8::internal::Runtime_CompileLazy(int, unsigned long*, v8::internal::Isolate*) + 136
Could this be a v8 bug? The stack traces above make me think it isn't specific Parcel's native addons.
It appears that worker_threads may also be involved here. I cannot reproduce when I disable multi-threading in Parcel. Haven't managed to produce a smaller reproduction yet unfortunately...
I have same error while building project made with npx create-instantsearch-app
$ npm start
> [email protected] start
> parcel index.html --port 3000
(node:57375) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Server running at http://localhost:3000
⠸ Building favicon.png...
malloc(): invalid size (unsorted)
Aborted (core dumped)
It still works at 22.6
👋 Hey, v22.8.0 was just released, is this reproducible in that version?
Yes, the parcel builds still fail on Node 22.8.0
Haven't managed to produce a smaller reproduction yet unfortunately...
Hey, does anyone happen to have a smaller reproduction?
I just got a similar error message with Parcel but on Node 20.17 on macOS:
node(2214,0x7ff8463907c0) malloc: Incorrect checksum for freed object 0x7fee87078e00: probably modified after being freed.
Corrupt value: 0x5b00000000000002
node(2214,0x7ff8463907c0) malloc: *** set a breakpoint in malloc_error_break to debug
/bin/sh: line 1: 2214 Abort trap: 6 parcel build src/index.html --public-url ./ --dist-dir build
The stacktraces in https://github.com/nodejs/node/issues/54573#issuecomment-2323042402 seems to suggest that it might be a more generic bug - maybe some kind of memory corruption - but it is difficult to tell what's going on without a minimal reproduction that doesn't use third-party dependencies.
I've reduced at least one of these cases down to a simple reproduction. It requires two typed arrays which are serialized using v8.serialize, and it crashes during v8.deserialize.
let v8 = require('v8');
let data = {
nodes: new Uint32Array(451),
edges: new Uint32Array(1155)
};
v8.deserialize(v8.serialize(data));
On macOS with Node v22.9.0 I get:
node(28671,0x1ef3ff240) malloc: Incorrect checksum for freed object 0x134848210: probably modified after being freed.
Corrupt value: 0x0
node(28671,0x1ef3ff240) malloc: *** set a breakpoint in malloc_error_break to debug
Abort trap: 6
Output from lldb:
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
* frame #0: 0x000000018ac8a600 libsystem_kernel.dylib`__pthread_kill + 8
frame #1: 0x000000018acc2f70 libsystem_pthread.dylib`pthread_kill + 288
frame #2: 0x000000018abcf908 libsystem_c.dylib`abort + 128
frame #3: 0x000000018aad967c libsystem_malloc.dylib`malloc_vreport + 896
frame #4: 0x000000018ab014a8 libsystem_malloc.dylib`malloc_zone_error + 100
frame #5: 0x000000018aae5f90 libsystem_malloc.dylib`free_list_checksum_botch + 40
frame #6: 0x000000018aad2874 libsystem_malloc.dylib`small_free_list_remove_ptr_no_clear + 960
frame #7: 0x000000018aacfe68 libsystem_malloc.dylib`free_small + 580
frame #8: 0x00000001005b80f8 node`v8::internal::BackingStore::~BackingStore() + 328
frame #9: 0x00000001002f142c node`std::__1::__shared_ptr_pointer<v8::internal::BackingStore*, std::__1::default_delete<v8::internal::BackingStore>, std::__1::allocator<v8::internal::BackingStore>>::__on_zero_shared() + 20
frame #10: 0x00000001004321a8 node`v8::internal::ArrayBufferSweeper::~ArrayBufferSweeper() + 200
frame #11: 0x00000001004a5948 node`v8::internal::Heap::TearDown() + 480
frame #12: 0x000000010040a4b4 node`v8::internal::Isolate::Deinit() + 892
frame #13: 0x000000010040a060 node`v8::internal::Isolate::Delete(v8::internal::Isolate*) + 168
frame #14: 0x000000010012ad24 node`node::NodeMainInstance::~NodeMainInstance() + 76
frame #15: 0x00000001000ac0bc node`node::Start(int, char**) + 724
Looks like a legit bug. With v22.9.0 under valgrind on linux:
==1208870== Invalid write of size 1
==1208870== at 0x6A94A13: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==1208870== by 0xF3C7D5: node::Buffer::(anonymous namespace)::SlowCopy(v8::FunctionCallbackInfo<v8::Value> const&) (in /home/bnoordhuis/bin/node)
==1208870== by 0x1D4F5E1: Builtins_CallApiCallbackGeneric (in /home/bnoordhuis/bin/node)
==1208870== by 0x1D4D8DD: Builtins_InterpreterEntryTrampoline (in /home/bnoordhuis/bin/node)
==1208870== by 0x1D4B4DB: Builtins_JSEntryTrampoline (in /home/bnoordhuis/bin/node)
==1208870== by 0x1D4B202: Builtins_JSEntry (in /home/bnoordhuis/bin/node)
==1208870== by 0x139F142: v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) (in /home/bnoordhuis/bin/node)
==1208870== by 0x13A00B4: v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) (in /home/bnoordhuis/bin/node)
==1208870== by 0x12505A5: v8::Object::CallAsFunction(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) (in /home/bnoordhuis/bin/node)
==1208870== by 0x1035357: node::serdes::DeserializerContext::ReadHostObject(v8::Isolate*) (in /home/bnoordhuis/bin/node)
==1208870== by 0x178890F: v8::internal::ValueDeserializer::ReadHostObject() (in /home/bnoordhuis/bin/node)
==1208870== by 0x17912E3: v8::internal::ValueDeserializer::ReadObjectInternal() (in /home/bnoordhuis/bin/node)
==1208870== Address 0x2a37d26c is 0 bytes after a block of size 4,620 alloc'd
==1208870== at 0x6A8A899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==1208870== by 0xE73905: node::NodeArrayBufferAllocator::Allocate(unsigned long) (in /home/bnoordhuis/bin/node)
==1208870== by 0x1484424: v8::internal::Heap::AllocateExternalBackingStore(std::function<void* (unsigned long)> const&, unsigned long) (in /home/bnoordhuis/bin/node)
==1208870== by 0x15D2C2E: v8::internal::BackingStore::Allocate(v8::internal::Isolate*, unsigned long, v8::internal::SharedFlag, v8::internal::InitializedFlag) (in /home/bnoordhuis/bin/node)
==1208870== by 0x1299AC6: v8::internal::(anonymous namespace)::ConstructBuffer(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSFunction>, v8::internal::Handle<v8::internal::JSReceiver>, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, v8::internal::InitializedFlag) (in /home/bnoordhuis/bin/node)
==1208870== by 0x129B23E: v8::internal::Builtin_ArrayBufferConstructor(int, unsigned long*, v8::internal::Isolate*) (in /home/bnoordhuis/bin/node)
==1208870== by 0x1DEC3B5: Builtins_CEntry_Return1_ArgvOnStack_BuiltinExit (in /home/bnoordhuis/bin/node)
==1208870== by 0x1D4A88E: Builtins_JSBuiltinsConstructStub (in /home/bnoordhuis/bin/node)
==1208870== by 0x1EA2A1C: Builtins_CreateTypedArray (in /home/bnoordhuis/bin/node)
==1208870== by 0x1DD877A: Builtins_TypedArrayConstructor (in /home/bnoordhuis/bin/node)
==1208870== by 0x1D4E3BB: Builtins_InterpreterPushArgsThenFastConstructFunction (in /home/bnoordhuis/bin/node)
==1208870== by 0x1EE22A8: Builtins_ConstructHandler (in /home/bnoordhuis/bin/node)
...
==1208870== Address 0x2a341f62 is 1 bytes after a block of size 6,513 alloc'd
==1208870== at 0x6A8FCD3: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==1208870== by 0x1787590: v8::internal::ValueSerializer::ExpandBuffer(unsigned long) (in /home/bnoordhuis/bin/node)
==1208870== by 0x1787717: v8::internal::ValueSerializer::WriteRawBytes(void const*, unsigned long) (in /home/bnoordhuis/bin/node)
==1208870== by 0x103646C: node::serdes::SerializerContext::WriteRawBytes(v8::FunctionCallbackInfo<v8::Value> const&) (in /home/bnoordhuis/bin/node)
==1208870== by 0x1D4F5E1: Builtins_CallApiCallbackGeneric (in /home/bnoordhuis/bin/node)
==1208870== by 0x1D4D8DD: Builtins_InterpreterEntryTrampoline (in /home/bnoordhuis/bin/node)
==1208870== by 0x1D4B4DB: Builtins_JSEntryTrampoline (in /home/bnoordhuis/bin/node)
==1208870== by 0x1D4B202: Builtins_JSEntry (in /home/bnoordhuis/bin/node)
==1208870== by 0x139F142: v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) (in /home/bnoordhuis/bin/node)
==1208870== by 0x13A00B4: v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) (in /home/bnoordhuis/bin/node)
==1208870== by 0x12505A5: v8::Object::CallAsFunction(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) (in /home/bnoordhuis/bin/node)
==1208870== by 0x10351DB: node::serdes::SerializerContext::WriteHostObject(v8::Isolate*, v8::Local<v8::Object>) (in /home/bnoordhuis/bin/node)
I did a git bisect and found that https://github.com/nodejs/node/commit/9f8f26eb2ff36f9352dd85643073af876b9d6b46 (#54087) is the first faulty commit
Asan log
Compiled with ./configure --debug --enable-asan --v8-lite-mode --ninja.
=================================================================
==940543==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x523000014e71 at pc 0x5c456d061247 bp 0x7ffea8486770 sp 0x7ffea8485f30
READ of size 6449 at 0x523000014e71 thread T0
#0 0x5c456d061246 in __asan_memmove (/git/nodejs/node/out/Debug/node+0x6461246) (BuildId: 78039db21b075505da13c25549fe81d89b95ea50)
#1 0x5c456d4b8386 in node::Buffer::(anonymous namespace)::SlowCopy(v8::FunctionCallbackInfo<v8::Value> const&) /git/nodejs/node/out/Debug/../../src/node_buffer.cc:590:3
#2 0x5c4570440aa1 in Builtins_CallApiCallbackGeneric snapshot.cc
0x523000014e71 is located 0 bytes after 6513-byte region [0x523000013500,0x523000014e71)
allocated by thread T0 here:
#0 0x5c456d063290 in realloc (/git/nodejs/node/out/Debug/node+0x6463290) (BuildId: 78039db21b075505da13c25549fe81d89b95ea50)
#1 0x5c456f3bfc84 in v8::internal::ValueSerializer::ExpandBuffer(unsigned long) /git/nodejs/node/out/Debug/../../deps/v8/src/objects/value-serializer.cc:415:29
#2 0x5c456f3bec0d in v8::internal::ValueSerializer::ReserveRawBytes(unsigned long) /git/nodejs/node/out/Debug/../../deps/v8/src/objects/value-serializer.cc:400:10
#3 0x5c456f3bec0d in v8::internal::ValueSerializer::WriteRawBytes(void const*, unsigned long) /git/nodejs/node/out/Debug/../../deps/v8/src/objects/value-serializer.cc:390:7
#4 0x5c456d82af08 in node::serdes::SerializerContext::WriteRawBytes(v8::FunctionCallbackInfo<v8::Value> const&) /git/nodejs/node/out/Debug/../../src/node_serdes.cc:282:20
#5 0x5c4570440aa1 in Builtins_CallApiCallbackGeneric snapshot.cc
#6 0x5c457043ecdd in Builtins_InterpreterEntryTrampoline snapshot.cc
#7 0x5c457043bfdb in Builtins_JSEntryTrampoline snapshot.cc
#8 0x5c457043bd02 in Builtins_JSEntry snapshot.cc
#9 0x5c456e469f41 in v8::internal::GeneratedCode<unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, long, unsigned long**>::Call(unsigned long, unsigned long, unsigned long, unsigned long, long, unsigned long**) /git/nodejs/node/out/Debug/../../deps/v8/src/execution/simulator.h:178:12
#10 0x5c456e469f41 in v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) /git/nodejs/node/out/Debug/../../deps/v8/src/execution/execution.cc:418:22
#11 0x5c456e4686f4 in v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) /git/nodejs/node/out/Debug/../../deps/v8/src/execution/execution.cc:504:10
#12 0x5c456de6de00 in v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) /git/nodejs/node/out/Debug/../../deps/v8/src/api/api.cc:5485:7
#13 0x5c456d829726 in node::serdes::SerializerContext::WriteHostObject(v8::Isolate*, v8::Local<v8::Object>) /git/nodejs/node/out/Debug/../../src/node_serdes.cc:160:43
#14 0x5c456d829878 in non-virtual thunk to node::serdes::SerializerContext::WriteHostObject(v8::Isolate*, v8::Local<v8::Object>) /git/nodejs/node/out/Debug/../../src/node_serdes.cc
#15 0x5c456f3c6057 in v8::internal::ValueSerializer::WriteHostObject(v8::internal::Handle<v8::internal::JSObject>) /git/nodejs/node/out/Debug/../../deps/v8/src/objects/value-serializer.cc:1200:18
#16 0x5c456f3cb359 in v8::internal::ValueSerializer::WriteJSArrayBufferView(v8::internal::Tagged<v8::internal::JSArrayBufferView>) /git/nodejs/node/out/Debug/../../deps/v8/src/objects/value-serializer.cc:1006:12
#17 0x5c456f3c23cc in v8::internal::ValueSerializer::WriteJSReceiver(v8::internal::Handle<v8::internal::JSReceiver>) /git/nodejs/node/out/Debug/../../deps/v8/src/objects/value-serializer.cc:645:14
#18 0x5c456f3c0e6b in v8::internal::ValueSerializer::WriteObject(v8::internal::Handle<v8::internal::Object>) /git/nodejs/node/out/Debug/../../deps/v8/src/objects/value-serializer.cc:502:14
#19 0x5c456f3c69bf in v8::internal::ValueSerializer::WriteJSObject(v8::internal::Handle<v8::internal::JSObject>) /git/nodejs/node/out/Debug/../../deps/v8/src/objects/value-serializer.cc:706:10
#20 0x5c456f3c2146 in v8::internal::ValueSerializer::WriteJSReceiver(v8::internal::Handle<v8::internal::JSReceiver>) /git/nodejs/node/out/Debug/../../deps/v8/src/objects/value-serializer.cc:622:16
#21 0x5c456f3c0dc3 in v8::internal::ValueSerializer::WriteObject(v8::internal::Handle<v8::internal::Object>) /git/nodejs/node/out/Debug/../../deps/v8/src/objects/value-serializer.cc:509:16
#22 0x5c456de451cf in v8::ValueSerializer::WriteValue(v8::Local<v8::Context>, v8::Local<v8::Value>) /git/nodejs/node/out/Debug/../../deps/v8/src/api/api.cc:3527:45
#23 0x5c456d829c28 in node::serdes::SerializerContext::WriteValue(v8::FunctionCallbackInfo<v8::Value> const&) /git/nodejs/node/out/Debug/../../src/node_serdes.cc:191:24
#24 0x5c4570440aa1 in Builtins_CallApiCallbackGeneric snapshot.cc
#25 0x5c457043ecdd in Builtins_InterpreterEntryTrampoline snapshot.cc
#26 0x5c457043ecdd in Builtins_InterpreterEntryTrampoline snapshot.cc
#27 0x5c457043ecdd in Builtins_InterpreterEntryTrampoline snapshot.cc
#28 0x5c457043ecdd in Builtins_InterpreterEntryTrampoline snapshot.cc
#29 0x5c457043ecdd in Builtins_InterpreterEntryTrampoline snapshot.cc
#30 0x5c457043ecdd in Builtins_InterpreterEntryTrampoline snapshot.cc
#31 0x5c457043ecdd in Builtins_InterpreterEntryTrampoline snapshot.cc
SUMMARY: AddressSanitizer: heap-buffer-overflow (/git/nodejs/node/out/Debug/node+0x6461246) (BuildId: 78039db21b075505da13c25549fe81d89b95ea50) in __asan_memmove
Shadow bytes around the buggy address:
0x523000014b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x523000014c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x523000014c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x523000014d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x523000014d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x523000014e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[01]fa
0x523000014e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x523000014f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x523000014f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x523000015000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x523000015080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==940543==ABORTING
Who exactly is calling SlowCopy? It seems to me that there is a invalid assumption made that the caller to SlowCopy validates the range. But I guess that only applies if called from JS?
Can someone who can reproduce check if the following fixes the issue?
diff --git a/src/node_buffer.cc b/src/node_buffer.cc
index ad6b794cf5d..6b2551c72fe 100644
--- a/src/node_buffer.cc
+++ b/src/node_buffer.cc
@@ -568,6 +568,9 @@ void StringSlice(const FunctionCallbackInfo<Value>& args) {
void SlowCopy(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);
+ THROW_AND_RETURN_UNLESS_BUFFER(env, args[0]);
+ THROW_AND_RETURN_UNLESS_BUFFER(env, args[1]);
+
ArrayBufferViewContents<char> source(args[0]);
SPREAD_BUFFER_ARG(args[1].As<Object>(), target);
@@ -575,6 +578,11 @@ void SlowCopy(const FunctionCallbackInfo<Value>& args) {
const auto source_start = args[3]->Uint32Value(env->context()).ToChecked();
const auto to_copy = args[4]->Uint32Value(env->context()).ToChecked();
+ THROW_AND_RETURN_IF_OOB(ParseArrayIndex(env, args[2], 0, &target_start));
+ THROW_AND_RETURN_IF_OOB(ParseArrayIndex(env, args[3], 0, &source_start));
+ THROW_AND_RETURN_IF_OOB(ParseArrayIndex(env, args[4], source.length(),
+ &source_end));
+
memmove(target_data + target_start, source.data() + source_start, to_copy);
args.GetReturnValue().Set(to_copy);
}
I found this reproduction example interesting. Here are some other reproductions, any lower number than these work fine. Higher are crashes.
v8.deserialize(v8.serialize({a: new Int32Array(1024)}))
v8.deserialize(v8.serialize({b: new Int16Array(8192)}))
v8.deserialize(v8.serialize({c: new Uint32Array(1024)}))
v8.deserialize(v8.serialize({d: new Uint16Array(8192)}))
no bug with (Ui|I)nt8Arrays, only multibytes, from what I can tell.
@ronag The changes in SlowCopy didn't compile (from current HEAD or that first failing commit). I've never coded in here before, but I tried changing the patch to:
diff --git a/src/node_buffer.cc b/src/node_buffer.cc
index cd51d9acf9..77fb90e0e3 100644
--- a/src/node_buffer.cc
+++ b/src/node_buffer.cc
@@ -569,12 +569,20 @@ void StringSlice(const FunctionCallbackInfo<Value>& args) {
void SlowCopy(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);
+ THROW_AND_RETURN_UNLESS_BUFFER(env, args[0]);
+ THROW_AND_RETURN_UNLESS_BUFFER(env, args[1]);
+
ArrayBufferViewContents<char> source(args[0]);
SPREAD_BUFFER_ARG(args[1].As<Object>(), target);
- const auto target_start = args[2]->Uint32Value(env->context()).ToChecked();
- const auto source_start = args[3]->Uint32Value(env->context()).ToChecked();
- const auto to_copy = args[4]->Uint32Value(env->context()).ToChecked();
+ size_t target_start = args[2]->Uint32Value(env->context()).ToChecked();
+ size_t source_start = args[3]->Uint32Value(env->context()).ToChecked();
+ size_t to_copy = args[4]->Uint32Value(env->context()).ToChecked();
+
+ THROW_AND_RETURN_IF_OOB(ParseArrayIndex(env, args[2], 0, &target_start));
+ THROW_AND_RETURN_IF_OOB(ParseArrayIndex(env, args[3], 0, &source_start));
+ THROW_AND_RETURN_IF_OOB(ParseArrayIndex(env, args[4], source.length(),
+ &to_copy));
memmove(target_data + target_start, source.data() + source_start, to_copy);
args.GetReturnValue().Set(to_copy);
but it still causes a crash in the same place.
@joyeecheung any insights? I don't understand how Buffer even comes into the picture here... e.g. v8.deserialize(v8.serialize({a: new Int32Array(1024)}))
Yes. Maybe it's because memmove is being passed the end offset and not the length?
Found it. copy comes from internalBinding('buffer').
https://github.com/nodejs/node/blob/b2161d3a137e5a2582c71c798e140d2ba8f7c1d4/lib/v8.js#L370-L374
diff --git a/lib/v8.js b/lib/v8.js
index b687d8709c..a0145d0588 100644
--- a/lib/v8.js
+++ b/lib/v8.js
@@ -368,7 +368,7 @@ class DefaultDeserializer extends Deserializer {
}
// Copy to an aligned buffer first.
const buffer_copy = Buffer.allocUnsafe(byteLength);
- copy(this.buffer, buffer_copy, 0, byteOffset, byteOffset + byteLength);
+ this.buffer.copy(buffer_copy, 0, byteOffset, byteOffset + byteLength);
return new ctor(buffer_copy.buffer,
buffer_copy.byteOffset,
byteLength / BYTES_PER_ELEMENT);
this seems like enough to stop it from crashing??