Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix infinite recursion bug causing “Maximum call stack size exceeded” error #1775

Closed
wants to merge 2 commits into from
Closed

Fix infinite recursion bug causing “Maximum call stack size exceeded” error #1775

wants to merge 2 commits into from

Conversation

samhocevar
Copy link

When calling e.g. npm install, failedDependency() has a potential unchecked infinite recursive call, causing npm to crash in some situations, when circular dependencies are involved.

I believe this PR fixes the bug, let me know of anything I can do to improve it if necessary.

References

As a Google search indicates, dozens if not hundreds of users have reported issues related to this overflow, it even appears to cause BSODs. The underlying bug has never been really investigated and some of these issues have been closed due to inactivity, or due to users clearing their npm cache, or managing to install packages through a slightly different invocation.

@samhocevar samhocevar requested a review from a team as a code owner September 7, 2020 15:53
@darcyclarke darcyclarke added Bug thing that needs fixing Release 6.x work is associated with a specific npm 6 release semver:patch semver patch level for changes labels Sep 11, 2020
Fadoli
Fadoli reviewed Oct 7, 2020
View reviewed changes
lib/install/deps.js Outdated
let anyFailed = false
for (var ii = 0; ii < tree.requiredBy.length; ++ii) {
var requireParent = tree.requiredBy[ii]
if (failedDependency(requireParent, moduleName(tree), tree)) {
if (!doneList[requireParent] && failedDependency(requireParent, moduleName(tree), tree, done)) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should be

if (!doneList[requireParent] && failedDependency(requireParent, moduleName(tree), tree, doneList)) {

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I fixed this by using done everywhere, to match the coding style of loadRequestedDeps() or getAllMetadata in the same file.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done is actually a keyword used for callback in most js program so it was better with the older variable name.

I'm not a maintainer of this project, and it doesn't seems like one of them is looking at this PR anyway

@darcyclarke darcyclarke added Needs Review pr: needs tests requires tests before merging labels Jan 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Fadoli Fadoli Fadoli left review comments

Assignees
No one assigned
Labels
Bug thing that needs fixing pr: needs tests requires tests before merging Release 6.x work is associated with a specific npm 6 release semver:patch semver patch level for changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@samhocevar @Fadoli @darcyclarke