From 4bd410bbbe2863da0baa36b9373d6b1491773102 Mon Sep 17 00:00:00 2001
From: Anna Henningsen <anna@addaleax.net>
Date: Fri, 20 May 2016 22:55:37 +0200
Subject: [PATCH] vm: don't abort process when stack space runs out

Make less assumptions about what objects will be available when
vm context creation or error message printing fail because V8
runs out of JS stack space.

Ref: https://github.com/nodejs/node/issues/6899
PR-URL: https://github.com/nodejs/node/pull/6907
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
---
 src/node.cc                              |  4 ++--
 src/node_contextify.cc                   | 14 +++++++++----
 test/parallel/test-vm-low-stack-space.js | 26 ++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 6 deletions(-)
 create mode 100644 test/parallel/test-vm-low-stack-space.js

diff --git a/src/node.cc b/src/node.cc
index e71c6a9f0a..cda2bac096 100644
--- a/src/node.cc
+++ b/src/node.cc
@@ -1521,8 +1521,8 @@ void AppendExceptionLine(Environment* env,
   // sourceline to 78 characters, and we end up not providing very much
   // useful debugging info to the user if we remove 62 characters.
 
-  int start = message->GetStartColumn(env->context()).FromJust();
-  int end = message->GetEndColumn(env->context()).FromJust();
+  int start = message->GetStartColumn(env->context()).FromMaybe(0);
+  int end = message->GetEndColumn(env->context()).FromMaybe(0);
 
   char arrow[1024];
   int max_off = sizeof(arrow) - 2;
diff --git a/src/node_contextify.cc b/src/node_contextify.cc
index db83660308..bef7168ada 100644
--- a/src/node_contextify.cc
+++ b/src/node_contextify.cc
@@ -205,7 +205,11 @@ class ContextifyContext {
 
     Local<Context> ctx = Context::New(env->isolate(), nullptr, object_template);
 
-    CHECK(!ctx.IsEmpty());
+    if (ctx.IsEmpty()) {
+      env->ThrowError("Could not instantiate context");
+      return Local<Context>();
+    }
+
     ctx->SetSecurityToken(env->context()->GetSecurityToken());
 
     // We need to tie the lifetime of the sandbox object with the lifetime of
@@ -632,9 +636,11 @@ class ContextifyScript : public BaseObject {
             env->arrow_message_private_symbol());
 
     Local<Value> arrow;
-    if (!(maybe_value.ToLocal(&arrow) &&
-          arrow->IsString() &&
-          stack->IsString())) {
+    if (!(maybe_value.ToLocal(&arrow) && arrow->IsString())) {
+      return;
+    }
+
+    if (stack.IsEmpty() || !stack->IsString()) {
       return;
     }
 
diff --git a/test/parallel/test-vm-low-stack-space.js b/test/parallel/test-vm-low-stack-space.js
new file mode 100644
index 0000000000..7c1313d47c
--- /dev/null
+++ b/test/parallel/test-vm-low-stack-space.js
@@ -0,0 +1,26 @@
+'use strict';
+require('../common');
+const assert = require('assert');
+const vm = require('vm');
+
+function a() {
+  try {
+    return a();
+  } catch (e) {
+    // Throw an exception as near to the recursion-based RangeError as possible.
+    return vm.runInThisContext('() => 42')();
+  }
+}
+
+assert.strictEqual(a(), 42);
+
+function b() {
+  try {
+    return b();
+  } catch (e) {
+    // This writes a lot of noise to stderr, but it still works.
+    return vm.runInNewContext('() => 42')();
+  }
+}
+
+assert.strictEqual(b(), 42);