New function to modify the maximum call stack size limit
GoogleCodeExporter opened this issue · comments
Hi!
I
started using PyV8 in my tool peepdf
(https://code.google.com/p/peepdf/). I found an error while I was trying to
analyze a new
PDF exploit
(http://www.fireeye.com/blog/technical/cyber-exploits/2013/12/cve-2013-33465065-
technical-analysis.html).
It contains Javascript code encoded with jjencode
(http://utf-8.jp/public/jjencode.html) and when I try to execute it with
PyV8 I have this error:
RangeError: Maximum call stack size exceeded
I have been reading about this error and it seems that it is due to the
fact that a high number of arguments are pushed to the stack, reaching
the limit. I have tested changing the stack limit with V8 as suggested
here (http://fw.hardijzer.nl/?p=97) and then it works like a charm. So I
think that the solution for this error could be creating a new function
(if it does not exist yet) to change that limit from the PyV8 code. I
have found this change that you added some time ago
(https://code.google.com/p/pyv8/source/detail?r=366) and I think that
this should be really similar to that, adding the missing function
set_stack_limit, because I think the others are already there:
> ResourceConstraints::ResourceConstraints()
> : max_young_space_size_(0),
> max_old_space_size_(0),
> max_executable_size_(0),
> stack_limit_(NULL) { }
With node.js is possible to do this
(https://code.google.com/p/v8/issues/detail?id=2896), so I was thinking
that maybe adding this to PyV8 could be useful.
I am attaching the malicious JS code which is causing the error
(password is "test", without quotes). This code should trigger the
exception:
>>>> import PyV8
>>>> context = PyV8.JSContext()
>>>> context.enter()
>>>> context.eval(open('3_oneline.js','r').read())
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> IndexError: RangeError: Maximum call stack size exceeded ( @ 0 : -1 ) ->
Thanks!
Original issue reported on code.google.com by josemigu...@gmail.com
on 19 Jan 2014 at 11:57
Attachments:
BTW, I cannot change the Type-Defect, but I consider this as a new
feature/function request, because I have already taken a look at other defect
issues related to this error.
Original comment by josemigu...@gmail.com
on 20 Jan 2014 at 12:00
I will woking on it later :)
Original comment by flier...@gmail.com
on 29 Jan 2014 at 6:36
- Changed state: Accepted
- Added labels: OpSys-All, Type-Enhancement
- Removed labels: Type-Defect
Please use JSEngine.setStackLimit with SVN trunk code after r574
https://code.google.com/p/pyv8/source/browse/trunk/PyV8.py#2241
Original comment by flier...@gmail.com
on 29 Jan 2014 at 8:42
- Changed state: Fixed
Thanks a lot for adding the function! :) You can add peepdf
(http://eternal-todo.com/tools/peepdf-pdf-analysis-tool) as another project
using PyV8 ;)
Original comment by josemigu...@gmail.com
on 2 Feb 2014 at 7:50