Skip to content

Fix crash in UTF8ToString with resizable ArrayBuffers#27242

Open
heyparth1 wants to merge 2 commits into
emscripten-core:mainfrom
heyparth1:brutus/issue-27241
Open

Fix crash in UTF8ToString with resizable ArrayBuffers#27242
heyparth1 wants to merge 2 commits into
emscripten-core:mainfrom
heyparth1:brutus/issue-27241

Conversation

@heyparth1

Copy link
Copy Markdown

This fixes a crash in UTF8ToString (and related functions) that occurs when the heap is backed by a resizable ArrayBuffer. The TextDecoder.decode() API throws a TypeError when passed a view of a resizable ArrayBuffer, which previously caused a crash in builds with ALLOW_MEMORY_GROWTH and GROWABLE_ARRAYBUFFERS enabled.

The getUnsharedTextDecoderView function in src/parseTools.mjs is updated to detect when the heap might be resizable and generate code that copies the data using .slice() if the buffer is resizable, ensuring TextDecoder only receives non-resizable views. A test is added to verify this behavior by emulating the browser's strict TextDecoder implementation.

Closes #27241

@sbc100 sbc100 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@guybedford this is the kind of thing you warned me about in our last meeting I think.

The fix does seems reasonable. I do wonder if its worth reverting the GROWABLE_ARRAYBUFFERS defaulting to 1 change (#27212) though (in addition to landing this change).

pavelsavara added a commit to pavelsavara/emscripten that referenced this pull request Jul 3, 2026
…rayBuffers

getUnsharedTextDecoderView now copies data when the heap buffer is resizable
(GROWABLE_ARRAYBUFFERS), and the GROWABLE_ARRAYBUFFERS default is reverted to 0
(as in the upstream 6.0.3 fix), so TextDecoder.decode() no longer rejects the view.

@guybedford guybedford left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense. In the mean time I'd encourage anyone interested in this space to tackle the spec changes to add resizable support to APIs. There's no technical reason not to support resizable buffers short of doing the spec and implementer reach out with regards to ensuring the right security review.

Comment thread src/settings.js
// This settings does nothing unless ALLOW_MEMORY_GROWTH is set.
// [link]
var GROWABLE_ARRAYBUFFERS = 1;
var GROWABLE_ARRAYBUFFERS = 0;

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets make this a separate PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

JS exception/crash in emsdk 6.0.2 when calling UTF8ToString

3 participants