watcher icon indicating copy to clipboard operation
watcher copied to clipboard

Published 20 hours ago • verified publisher icon parcel-bundler

Linux: crash with `std::bad_alloc` in this case

Open bpasero opened this issue 3 years ago • 1 comments

(steps found by @deepak1556 in https://github.com/microsoft/vscode/issues/160904#issuecomment-1253196500, copying over here)

As for the crash, it is triggered in the following function https://github.com/parcel-bundler/watcher/blob/478a1ad66d44663cb24f3f73428ff2b52a244098/src/linux/InotifyBackend.cc#L149 on L152

149     bool InotifyBackend::handleSubscription(struct inotify_event *event, std::shared_ptr<InotifySubscription> sub) {
150       // Build full path and check if its in our ignore list.
151       Watcher *watcher = sub->watcher;
152       std::string path = std::string(sub->entry->path);
153       if (event->len > 0) {
154         path += "/" + std::string(event->name);
155       }

Basically sub->entry is pointing to invalid memory causing an allocation failure for std::string. But the root issue is the corrupted value of sub->entry. Following is a minimal repro,

// Following contents are from file test.js created under the root of parcel-bundler/watcher
// Make changes to the require call depending on were you place the file

const watcher = require('./');

async function start() {
  const subscription = await watcher.subscribe('<path>/test-dir', () => {}, { backend: 'inotify' });
}

start()

// In terminal
* Create <path>/test-dir with a large directory, for my testing I copied `vscode/build` folder into this path
* git init // we need a certain git action to trigger this crash
* node test.js // start the test file


// In a different terminal

* cd <path>/test-dir
* mv build build1
* git checkout -q -- build
* rm -rf build1
* mv build build2
* git checkout -q -- build
* rm -rf build2 // CRASH

sub-entry points to an entry from DirTree which is held by sub->tree, the crash would be from the fact that watcher is deleting entries from the tree without invalidating sub->entry which then would be pointing to invalid memory regions and this is somehow getting used for subsequent notifications. Possible location https://github.com/parcel-bundler/watcher/blob/478a1ad66d44663cb24f3f73428ff2b52a244098/src/linux/InotifyBackend.cc#L175 and https://github.com/parcel-bundler/watcher/blob/478a1ad66d44663cb24f3f73428ff2b52a244098/src/linux/InotifyBackend.cc#L203.

bpasero avatar Sep 22 '22 04:09 bpasero

I believe https://github.com/parcel-bundler/watcher/pull/103 might fix this? @DeMoorJasper @devongovett

bpasero avatar Sep 22 '22 04:09 bpasero

Released that fix in v2.0.6. Let me know if it still happens for you.

devongovett avatar Nov 02 '22 02:11 devongovett

Thanks a ton!

bpasero avatar Nov 07 '22 06:11 bpasero