fix(citizen-scripting-v8): Crash when formatting an exception stack trace from a callback that's inside an eval() function.#3406
Merged
Conversation
… callback that's inside an eval() function. Causing an exception inside a callback, inside an eval() function crashes the FXServer, because the script name is null.
radium-cfx
approved these changes
May 19, 2025
radium-cfx
left a comment
Contributor
There was a problem hiding this comment.
Looks good, thank you!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Goal of this PR
Prevent the FXServer instance from crashing, due to the script name being null when an exception is thrown inside a callback, from inside an eval() function. Not all callbacks work, it might only happen for ones triggered from C++ code. For example the callback of https.get() causes the crash, while the callback from
setTimeout()doesn't.A simple reproduction for the issue:
A few people reported this crash as if it started happening today, without any changes from their side. Due to the weird nature of eval-ing remotely downloaded code, I have high suspicions (but no proof) that they were using leaked resources with backdoors and the payload was causing the crash. Despite that, the server shouldn't crash from scripts, so the issue should be fixed.
How is this PR achieving the goal
Default the script name to
(unknown)if the sourceStr value is nullBefore the fix:

After the fix: (no crash, just the stack trace is printed)

This PR applies to the following area(s)
FiveM, RedM, Server, ScRT: JS
Successfully tested on
FXServer with Node 16 and 22. Haven't tested on the client because I don't know how you could trigger this behavior - https.get isn't available.
Game builds: Tested on 3258, most likely irrelevant
Platforms: Windows
Checklist