Oxlint crashes, due stack overflow and panics

[qarmin]

Oxlint version - 0f02608

command

oxlint file -D all -D nursery --fix

thread '<unknown>' has overflowed its stack
fatal runtime error: stack overflow
timeout: the monitored command dumped core

folder may contain also other crashes like

2024-07-08T09:04:58.1425461Z thread 'main' panicked at crates/oxc_diagnostics/src/reporter/graphical.rs:28:65:
2024-07-08T09:04:58.1427255Z called `Result::unwrap()` on an `Err` value: Error
2024-07-08T09:04:58.1430402Z note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
2024-07-08T09:04:58.1435215Z timeout: the monitored command dumped core

2024-07-08T09:41:20.0318660Z thread '<unnamed>' panicked at crates/oxc_linter/src/rules/eslint/array_callback_return/mod.rs:160:69:
2024-07-08T09:41:20.0320174Z called `Option::unwrap()` on a `None` value
2024-07-08T09:41:20.0321273Z note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
2024-07-08T09:41:20.0322577Z timeout: the monitored command dumped core

2024-07-08T07:34:13.8760591Z thread '<unnamed>' panicked at crates/oxc_linter/src/rules/unicorn/prefer_dom_node_dataset.rs:117:36:
2024-07-08T07:34:13.8762530Z byte index 5 is not a char boundary; it is inside '\u{8d}' (bytes 4..6) of `cont�nteditable`
2024-07-08T07:34:13.8767065Z note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
2024-07-08T07:34:13.8767997Z timeout: the monitored command dumped core

7zip file(needs to remove .zip extension) - zzz.7z.zip

Files with crash output in each file - A.zip

[rzvxa]

It is probably related to oxc-project/backlog#58

[qarmin]

It crashes even with simple

function load() {
  load();
}
load();

[rzvxa]

@qarmin I'd like to investigate this issue.
Is it possible for you to upload the archive as a plain zip with no passwords so we can check it for malware before downloading it? I personally have a phobia of downloading unknown files and *.7z.zip goes unchecked in online scanners and you can't look into the content without downloading it.
I know I'm overreacting and I hope it doesn't come out as rude to you, I truly appreciate your report but this fear has been totally out of my control in recent years.

[Boshen]

qarmin is the fuzzer guy who is building a commercial fuzzer (my guess), he reported numerous crashes before.

I checked the files, it's safe to open the zip, there's 8779 js files in there.

[qarmin]

This is .7z archive renamed as .zip, to be able to bypass github attachment limit(github not allows to put here 7z archives)

Of course I understand that it is better to be online too careful than not careful enough.

Files.zip - (have removed some big ~1MB js files, to be able to pack it to zip)

[rzvxa]

@qarmin Thanks I really appreciate it❤️

[Boshen]

I tested zzz.7z.zip with v0.6.0 oxlint -D all -D nursery --fix --silent:

Finished in 1.2s on 8779 files with 258 rules using 8 threads.
Found 0 warnings and 263994 errors

Feel free to create more fuzzing issues @qarmin. For extra challenges, you may also fuzz rolldown 😁