[inspector] Check for null pointer after creating a stack trace

Currently, we assume that stack trace creation always succeeds while filling in the `exceptionDetails` structure. Stack trace creation can fail under some circumstances so this CL introduces a null check. R=clemensb@chromium.org Bug: chromium:1147552 Change-Id: I4055d5276bbb7bf178b648bfc7bd84a288626c09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2532310 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71169}

[inspector] Check for null pointer after creating a stack trace
Currently, we assume that stack trace creation always succeeds while filling in the `exceptionDetails` structure. Stack trace creation can fail under some circumstances so this CL introduces a null check. R=clemensb@chromium.org Bug: chromium:1147552 Change-Id: I4055d5276bbb7bf178b648bfc7bd84a288626c09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2532310 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71169}
0625c066 · Simon Zünd · Commit Bot · 7969ec5e · 0625c066 · 0625c066
Commit 0625c066 authored Nov 13, 2020 by Simon Zünd Committed by Commit Bot Nov 13, 2020
3 changed files
--- a/src/inspector/injected-script.cc
+++ b/src/inspector/injected-script.cc
@@ -803,12 +803,14 @@ Response InjectedScript::createExceptionDetails(
    exceptionDetails->setScriptId(String16::fromInteger(
        static_cast<int>(message->GetScriptOrigin().ScriptID()->Value())));
    v8::Local<v8::StackTrace> stackTrace = message->GetStackTrace();
-    if (!stackTrace.IsEmpty() && stackTrace->GetFrameCount() > 0)
-      exceptionDetails->setStackTrace(
-          m_context->inspector()
-              ->debugger()
-              ->createStackTrace(stackTrace)
-              ->buildInspectorObjectImpl(m_context->inspector()->debugger()));
+    if (!stackTrace.IsEmpty() && stackTrace->GetFrameCount() > 0) {
+      std::unique_ptr<V8StackTraceImpl> v8StackTrace =
+          m_context->inspector()->debugger()->createStackTrace(stackTrace);
+      if (v8StackTrace) {
+        exceptionDetails->setStackTrace(v8StackTrace->buildInspectorObjectImpl(
+            m_context->inspector()->debugger()));
+      }
+    }
  }
  Response response =
      addExceptionToDetails(exception, exceptionDetails.get(), objectGroup);

--- a/test/inspector/regress/regress-crbug-1147552-expected.txt
+++ b/test/inspector/regress/regress-crbug-1147552-expected.txt
+Regression test for crbug.com/1147552. Found by Clusterfuzz.
+Test must not have crashed.
--- a/test/inspector/regress/regress-crbug-1147552.js
+++ b/test/inspector/regress/regress-crbug-1147552.js
+// Copyright 2020 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+const {session, Protocol} = InspectorTest.start('Regression test for crbug.com/1147552. Found by Clusterfuzz.');
+
+Protocol.Runtime.enable();
+
+Protocol.Runtime.setAsyncCallStackDepth({maxDepth: 10});
+(async function test() {
+  await Protocol.Runtime.setMaxCallStackSizeToCapture({size: 0});
+  await Protocol.Runtime.evaluate({ expression: 'foo'});
+
+  InspectorTest.log('Test must not have crashed.')
+  InspectorTest.completeTest();
+})();