ChakraCore icon indicating copy to clipboard operation
ChakraCore copied to clipboard
verified publisher icon chakra-core

`JsGetModuleNamespace()` can segfault if passed an incomplete module record

Open fatcerberus opened this issue 3 years ago • 2 comments

When a ReportModuleCompletionCallback is set, the callback is called even for modules that fail to load due to a syntax error (an exception object is passed to the callback in this case). It seems that, while a valid JsModuleRecord is still passed in in this situation, subsequently calling JsGetModuleNamespace() on the same module record will cause a segfault, rather than simply setting the namespace to NULL.

There may be other module APIs affected by this (I assume the function can't deal with being passed an incomplete module record), but this is the only one I've encountered so far.

fatcerberus avatar Feb 15 '22 07:02 fatcerberus

Update on this: The segfault only seems to occur when calling JsGetModuleNamespace() on modules that fail loading due to an early error (e.g. syntax errors). If the module is still in the process of executing top-level code (e.g. paused at an await), the call correctly returns JsErrorModuleNotEvaluated without crashing.

fatcerberus avatar Feb 16 '22 05:02 fatcerberus

When a ReportModuleCompletionCallback is set, the callback is called even for modules that fail to load due to a syntax error (an exception object is passed to the callback in this case). It seems that, while a valid JsModuleRecord is still passed in in this situation, subsequently calling JsGetModuleNamespace() on the same module record will cause a segfault, rather than simply setting the namespace to NULL.

There may be other module APIs affected by this (I assume the function can't deal with being passed an incomplete module record), but this is the only one I've encountered so far.

ReportModuleCompletionCallback is meant to be called for a failed module - providing the error at that point; this behaviour is correct.

JsGetModuleNameSpace is not designed to be called for a failed module BUT it should indeed have a graceful error message rather than a segfault - needs an extra check in JsGetModuleNameSpace to return an error code if the module has an error.

In my mind this is a low-ish priority bug as correctly written Host code can evade the issue.

rhuanjl avatar Apr 18 '24 13:04 rhuanjl