perf_hooks: fix stack overflow error

aduh95 · targos · commit 526c011d898a · 2025-11-18T13:16:10.000+01:00
PR-URL: #60084 Fixes: #54768 Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
diff --git a/lib/internal/per_context/primordials.js b/lib/internal/per_context/primordials.js
@@ -270,6 +270,8 @@ const {
   Array: ArrayConstructor,
   ArrayPrototypeForEach,
   ArrayPrototypeMap,
+  ArrayPrototypePushApply,
+  ArrayPrototypeSlice,
   FinalizationRegistry,
   FunctionPrototypeCall,
   Map,
@@ -720,5 +722,26 @@ primordials.SafeStringPrototypeSearch = (str, regexp) => {
   return match ? match.index : -1;
 };
 
+/**
+ * Variadic functions with lots of arguments will cause stack overflow errors.
+ * Use this function when `items` can be arbitrarily large, this function splits
+ * it into chunks of size 2**16 making stack overflow less likely.
+ * @param {Array<unknown>} arr
+ * @param {Parameters<typeof Array.prototype.push>} items
+ * @returns {ReturnType<typeof Array.prototype.push>}
+ */
+primordials.SafeArrayPrototypePushApply = (arr, items) => {
+  let end = 0x10000;
+  if (end < items.length) {
+    let start = 0;
+    do {
+      ArrayPrototypePushApply(arr, ArrayPrototypeSlice(items, start, start = end));
+      end += 0x10000;
+    } while (end < items.length);
+    items = ArrayPrototypeSlice(items, start);
+  }
+  return ArrayPrototypePushApply(arr, items);
+};
+
 ObjectSetPrototypeOf(primordials, null);
 ObjectFreeze(primordials);
diff --git a/lib/internal/perf/observe.js b/lib/internal/perf/observe.js
@@ -6,7 +6,6 @@ const {
   ArrayPrototypeFilter,
   ArrayPrototypeIncludes,
   ArrayPrototypePush,
-  ArrayPrototypePushApply,
   ArrayPrototypeSlice,
   ArrayPrototypeSort,
   Error,
@@ -15,6 +14,7 @@ const {
   ObjectDefineProperties,
   ObjectFreeze,
   ObjectKeys,
+  SafeArrayPrototypePushApply,
   SafeMap,
   SafeSet,
   Symbol,
@@ -307,7 +307,7 @@ class PerformanceObserver {
       maybeIncrementObserverCount(type);
       if (buffered) {
         const entries = filterBufferMapByNameAndType(undefined, type);
-        ArrayPrototypePushApply(this.#buffer, entries);
+        SafeArrayPrototypePushApply(this.#buffer, entries);
         kPending.add(this);
         if (kPending.size)
           queuePending();
@@ -514,9 +514,9 @@ function filterBufferMapByNameAndType(name, type) {
     return [];
   } else {
     bufferList = [];
-    ArrayPrototypePushApply(bufferList, markEntryBuffer);
-    ArrayPrototypePushApply(bufferList, measureEntryBuffer);
-    ArrayPrototypePushApply(bufferList, resourceTimingBuffer);
+    SafeArrayPrototypePushApply(bufferList, markEntryBuffer);
+    SafeArrayPrototypePushApply(bufferList, measureEntryBuffer);
+    SafeArrayPrototypePushApply(bufferList, resourceTimingBuffer);
   }
   if (name !== undefined) {
     bufferList = ArrayPrototypeFilter(bufferList, (buffer) => buffer.name === name);
diff --git a/test/parallel/test-performance-many-marks.js b/test/parallel/test-performance-many-marks.js
@@ -0,0 +1,9 @@
+'use strict';
+require('../common');
+
+for (let i = 0; i < 1e6; i++) {
+  performance.mark(`mark-${i}`);
+}
+
+performance.getEntriesByName('mark-0');
+performance.clearMarks();
diff --git a/test/parallel/test-primordials-apply.js b/test/parallel/test-primordials-apply.js
@@ -10,6 +10,7 @@ const {
   ArrayPrototypeUnshiftApply,
   MathMaxApply,
   MathMinApply,
+  SafeArrayPrototypePushApply,
   StringPrototypeConcatApply,
   TypedArrayOfApply,
 } = require('internal/test/binding').primordials;
@@ -43,6 +44,26 @@ const {
   assert.deepStrictEqual(arr1, expected);
 }
 
+{
+  const arr1 = [1, 2, 3];
+  const arr2 = [4, 5, 6];
+
+  const expected = [...arr1, ...arr2];
+
+  assert.strictEqual(SafeArrayPrototypePushApply(arr1, arr2), expected.length);
+  assert.deepStrictEqual(arr1, expected);
+}
+
+{
+  const arr1 = [1, 2, 3];
+  const arr2 = Array.from({ length: 1e6 }, (_, i) => i);
+
+  const expected = [...arr1, ...arr2];
+
+  assert.strictEqual(SafeArrayPrototypePushApply(arr1, arr2), expected.length);
+  assert.deepStrictEqual(arr1, expected);
+}
+
 {
   const arr1 = [1, 2, 3];
   const arr2 = [4, 5, 6];
diff --git a/typings/primordials.d.ts b/typings/primordials.d.ts
@@ -374,6 +374,7 @@ declare namespace primordials {
   export const RegExpPrototypeGetUnicode: UncurryGetter<typeof RegExp.prototype, "unicode">;
   export const RegExpPrototypeSymbolReplace: UncurryMethod<typeof RegExp.prototype, typeof Symbol.replace>
   export const RegExpPrototypeSymbolSplit: UncurryMethod<typeof RegExp.prototype, typeof Symbol.split>
+  export const SafeArrayPrototypePushApply: typeof ArrayPrototypePushApply;
   export import Set = globalThis.Set;
   export const SetLength: typeof Set.length
   export const SetName: typeof Set.name
