Uncatched stack overflow

[msanft]

Describe the bug

Found by AFL++.

Evaluating the below expression, one can trigger a stack overflow that goes by Nix uncatched.

Steps To Reproduce

Evaluate

builtins.toXML [rec {x.e=x;}]

(Same also applies for other ways of trying to fully evaluate the expression though, e.g. builtins.toJSON,

Expected behavior

Nix should recognize and handle the infinite recursion, as it does in other places.

Metadata

nix (Nix) 2.24.10

Additional context

Stacktrace, the recursion being omitted for obvious reasons.

#0  0x00007ffff6ab0f88 in malloc () from /nix/store/87848rvrg5c7jmplpi0iapvbxyj9kfid-glibc-2.39-52/lib/libc.so.6
#1  0x00007ffff6cbc96c in operator new(unsigned long) () from /nix/store/40yjzm7r5ki59kkk9423dnwbm86x7pyd-gcc-13.2.0-lib/lib/libstdc++.so.6
#2  0x00007ffff7e182ea in nix::showAttrs(nix::EvalState&, bool, bool, nix::Bindings const&, nix::XMLWriter&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) () from /nix/store/hdy82qidsybc3fg561pqfwagv44vschb-nix-2.24.10/lib/libnixexpr.so
#3  0x00007ffff7e1778a in nix::printValueAsXML(nix::EvalState&, bool, bool, nix::Value&, nix::XMLWriter&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&, nix::PosIdx) () from /nix/store/hdy82qidsybc3fg561pqfwagv44vschb-nix-2.24.10/lib/libnixexpr.so
#4  0x00007ffff7e18b50 in nix::showAttrs(nix::EvalState&, bool, bool, nix::Bindings const&, nix::XMLWriter&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) () from /nix/store/hdy82qidsybc3fg561pqfwagv44vschb-nix-2.24.10/lib/libnixexpr.so
#5  0x00007ffff7e1778a in nix::printValueAsXML(nix::EvalState&, bool, bool, nix::Value&, nix::XMLWriter&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&, nix::PosIdx) () from /nix/store/hdy82qidsybc3fg561pqfwagv44vschb-nix-2.24.10/lib/libnixexpr.so
...

Checklist

• checked latest Nix manual (source)
• checked open bug issues and pull requests for possible duplicates

---

Add 👍 to issues you find important.