Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: avoid stack overflow with spread operator #43

Merged
merged 1 commit into from
Oct 24, 2019
Merged

fix: avoid stack overflow with spread operator #43

merged 1 commit into from
Oct 24, 2019

Conversation

ivanstanev
Copy link
Contributor

A customer cannot scan their project with a supposedly very large dependency graph because as soon as it reaches our back-end, we get a stack overflow error. It was identified that the error is due to the combination of Array.push() and the spread operator.

For reference: nodejs/node#16870

To reproduce, create an array of size 2^17 then do [].push(...myArray);.

This fix replaces all uses of push() and spread with a simple loop.

  • Ready for review
  • Follows CONTRIBUTING rules
  • Reviewed by Snyk internal team

How should this be manually tested?

node
> const example = [];
undefined
> for (let i = 0; i < 2 ** 23; i++) {
...     example.push('o');
... }
8388608
> [].push(...example);
Thrown:
RangeError: Maximum call stack size exceeded
>

What are the relevant tickets?

Zendesk Ticket 2194

@ivanstanev ivanstanev requested a review from a team as a code owner October 23, 2019 09:21
@ivanstanev ivanstanev self-assigned this Oct 23, 2019
@ivanstanev

This comment has been minimized.

Sign in to view
@ivanstanev ivanstanev force-pushed the fix/avoid-spread-stack-overflow branch from 4be7c30 to 84a9efc Compare October 24, 2019 10:26
@ivanstanev @darscan
fix: avoid stack overflow with spread operator
0bd6afb 
A customer cannot scan their project with a supposedly very large
dependency graph because as soon as it reaches our back-end,
we get a stack overflow error. It was identified that the error is
due to the combination of Array.push() and the spread operator.

For reference: nodejs/node#16870

To reproduce, create an array of size 2^17 then do [].push(...myArray);

This fix replaces all uses of push() and spread with a simple loop.
@darscan darscan force-pushed the fix/avoid-spread-stack-overflow branch from 84a9efc to 0bd6afb Compare October 24, 2019 11:08
@darscan darscan merged commit 9a1b18d into master Oct 24, 2019
@darscan darscan deleted the fix/avoid-spread-stack-overflow branch October 24, 2019 11:12
@snyksec
Copy link

snyksec commented Oct 24, 2019

🎉 This PR is included in version 1.13.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darscan darscan darscan approved these changes

Assignees

@ivanstanev ivanstanev

Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ivanstanev @snyksec @darscan