Integer overflow @ swc/ecmascript/parser/src/lexer/number.rs

[mustakimur]

I am an independent researcher who was looking into deno (https://github.com/denoland/deno) project and find the library bug. The deno project although using an older version (0.57.3) but the latest code has the same version of code.

1. Source code
   The source code located at number.rs

fn digits(value: u64, radix: u64) -> impl Iterator<Item = u64> + Clone + 'static {
    debug_assert!(radix > 0);

    #[derive(Clone, Copy)]
    struct Digits {
        n: u64,
        divisor: u64,
    }

    impl Digits {
        fn new(n: u64, radix: u64) -> Self {
            let mut divisor = 1;
            while n >= divisor * radix {  // this line is causing integer overflow
                divisor *= radix;
            }

            Digits { n, divisor }
        }
    }

    ...

    Digits::new(value, radix)
}

2. .swcrc file
   The issue is also reported to deno

3. Error message gained from swc --sync <input.js>

thread 'main' panicked at 'attempt to multiply with overflow', /home/mustakimur/.cargo/registry/src/github.com-1ecc6299db9ec823/swc_ecma_parser-0.54.4/src/lexer/number.rs:405:24

4. Backtrace

stack backtrace:
   0:     0x55555b788e10 - std::backtrace_rs::backtrace::libunwind::trace::h63b7a90188ab5fb3
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/std/src/../../backtrace/src/backtrace/libunwind.rs:90:5
   1:     0x55555b788e10 - std::backtrace_rs::backtrace::trace_unsynchronized::h80aefbf9b851eca7
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x55555b788e10 - std::sys_common::backtrace::_print_fmt::hbef05ae4237a4d72
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/std/src/sys_common/backtrace.rs:67:5
   3:     0x55555b788e10 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h28abce2fdb9884c2
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/std/src/sys_common/backtrace.rs:46:22
   4:     0x55555b7af31f - core::fmt::write::h3b84512577ca38a8
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/core/src/fmt/mod.rs:1092:17
   5:     0x55555b780492 - std::io::Write::write_fmt::h465f8feea02e2aa1
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/std/src/io/mod.rs:1572:15
   6:     0x55555b78b5d5 - std::sys_common::backtrace::_print::h525280ee0d29bdde
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/std/src/sys_common/backtrace.rs:49:5
   7:     0x55555b78b5d5 - std::sys_common::backtrace::print::h1f0f5b9f3ef8fb78
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/std/src/sys_common/backtrace.rs:36:9
   8:     0x55555b78b5d5 - std::panicking::default_hook::{{closure}}::ha5838f6faa4a5a8f
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/std/src/panicking.rs:208:50
   9:     0x55555b78b083 - std::panicking::default_hook::hfb9fe98acb0dcb3b
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/std/src/panicking.rs:225:9
  10:     0x55555b78bbfd - std::panicking::rust_panic_with_hook::hb89f5f19036e6af8
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/std/src/panicking.rs:591:17
  11:     0x55555b78b757 - std::panicking::begin_panic_handler::{{closure}}::h119e7951427f41da
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/std/src/panicking.rs:495:13
  12:     0x55555b7892cc - std::sys_common::backtrace::__rust_end_short_backtrace::hce386c44bf47a128
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/std/src/sys_common/backtrace.rs:141:18
  13:     0x55555b78b6e9 - rust_begin_unwind
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/std/src/panicking.rs:493:5
  14:     0x555555e6e0a1 - core::panicking::panic_fmt::h2242888e8769cd33
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/core/src/panicking.rs:92:14
  15:     0x555555e6dfed - core::panicking::panic::h10ab123a4b13cc79
                               at /rustc/9bc8c42bb2f19e745a63f3445f1ac248fb015e53/library/core/src/panicking.rs:50:5
  16:     0x5555596b67fb - swc_ecma_parser::lexer::number::digits::Digits::new::hf16177658a965245
                               at /home/mustakimur/.cargo/registry/src/github.com-1ecc6299db9ec823/swc_ecma_parser-0.54.4/src/lexer/number.rs:405:24

[swc-bot]

This closed issue has been automatically locked because it had no new activity for a month. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you.