fix: prevent panic on dynamic import with non-string error name (#32498)

kajukitli · bartlomieju · commit de1d41360f62 · 2026-03-05T15:22:07.000+01:00
Fixes a panic where a dynamic import rejecting
with an Error whose `name` property is a non-string type (Number,
Object, Symbol) would panic and terminate the Deno process.

---------

Co-authored-by: kaju &lt;kajukitli@users.noreply.github.com&gt;
diff --git a/libs/core/error.rs b/libs/core/error.rs
@@ -996,10 +996,14 @@ impl JsError {
         let mut out = Vec::with_capacity(arr.length() as usize);
 
         for i in 0..arr.length() {
-          let key = arr.get_index(scope, i).unwrap();
+          let Some(key) = arr.get_index(scope, i) else {
+            continue;
+          };
           let key_name = key.to_rust_string_lossy(scope);
 
-          let val = exception.get(scope, key).unwrap();
+          let Some(val) = exception.get(scope, key) else {
+            continue;
+          };
           let val_str = val.to_rust_string_lossy(scope);
           out.push((key_name, val_str));
         }
diff --git a/libs/core/runtime/bindings.rs b/libs/core/runtime/bindings.rs
@@ -958,7 +958,8 @@ fn catch_dynamic_import_promise_error<'s, 'i>(
 ) {
   let arg = args.get(0);
   if is_instance_of_error(scope, arg) {
-    let e: crate::error::NativeJsError = serde_v8::from_v8(scope, arg).unwrap();
+    let e: crate::error::NativeJsError =
+      serde_v8::from_v8(scope, arg).unwrap_or_default();
     let name = e.name.unwrap_or_else(|| {
       deno_error::builtin_classes::GENERIC_ERROR.to_string()
     });
diff --git a/tests/specs/run/dynamic_import_error_non_string_name/__test__.jsonc b/tests/specs/run/dynamic_import_error_non_string_name/__test__.jsonc
@@ -0,0 +1,4 @@
+{
+  "args": "run main.ts",
+  "output": "main.out"
+}
diff --git a/tests/specs/run/dynamic_import_error_non_string_name/main.out b/tests/specs/run/dynamic_import_error_non_string_name/main.out
@@ -0,0 +1,2 @@
+caught error
+done
diff --git a/tests/specs/run/dynamic_import_error_non_string_name/main.ts b/tests/specs/run/dynamic_import_error_non_string_name/main.ts
@@ -0,0 +1,14 @@
+// Regression test for GHSA-2f8r-ppr9-ff8f
+// Dynamic import with non-string error name should not panic
+
+try {
+  await import(`data:application/javascript,
+    const e = new Error("test error");
+    Object.defineProperty(e, "name", { value: 42 });
+    throw e;
+  `);
+} catch (e) {
+  console.log("caught error");
+}
+
+console.log("done");
diff --git a/tests/specs/run/error_additional_property_keys_panic/__test__.jsonc b/tests/specs/run/error_additional_property_keys_panic/__test__.jsonc
@@ -0,0 +1,4 @@
+{
+  "args": "run main.ts",
+  "output": "main.out"
+}
diff --git a/tests/specs/run/error_additional_property_keys_panic/main.out b/tests/specs/run/error_additional_property_keys_panic/main.out
@@ -0,0 +1,2 @@
+caught error
+done
diff --git a/tests/specs/run/error_additional_property_keys_panic/main.ts b/tests/specs/run/error_additional_property_keys_panic/main.ts
@@ -0,0 +1,20 @@
+// Regression test: Error with throwing getter in errorAdditionalPropertyKeys
+// should not panic the runtime
+
+const err = new Error("test");
+Object.defineProperty(err, Symbol.for("errorAdditionalPropertyKeys"), {
+  value: ["badProp"],
+});
+Object.defineProperty(err, "badProp", {
+  get() {
+    throw new Error("getter throws");
+  },
+});
+
+try {
+  throw err;
+} catch (e) {
+  console.log("caught error");
+}
+
+console.log("done");

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +  "args": "run main.ts",
 +  "output": "main.out"
 +}