We repair online banking

The other day, I stopped working online banking of my bank. No, it’s not that I’ve stopped completely - it’s possible to go in and even do something, but one of the most important things (viewing the archive of payments) ñ just tightly refused to work (and it was just very necessary). It looks like this: when you open a page with a list of payments, the browser eats up all available RAM and drops. In Chrome, only the current tab is dropped, but Firefox and IE die completely. The bug is played on three different PCs, the iPad, Safari under Mac OS and Firefox under Linux. Well, I'm just telling you this, in order to show the naivety of the technical support advice “put antivirus” and “reboot and log in again”. Let's think - can we do something in this situation?

Who is guilty?

The first thing you need to understand who is to blame for memory absorption - the browser or some third-party component. Go to the settings of Chrome and disable all installed extensions. Open the chrome: // plugins / page and disable Java, Flash, Silverlight, and everything else there. We restart the browser just in case, go back to the payment archive page - and again crash due to eating up all the available memory.



This means that none of the disabled components is not guilty and you can safely turn them back on. The case is most likely in the Javascript code that loads and executes the browser when opening this page.
')

So who is to blame?

Developer Tools (Ctrl + Shift + I) in Chrome showed that the page loads about a dozen js-files. At the same time, after the download of all files is completed and until the tab crash, 3-4 seconds pass. The first thing that comes to mind is that with such speed memory can only be an infinite loop in which memory is continuously allocated for something. It is only necessary to find and neutralize it. It's good that Chrome has a built-in debugger and the ability to interrupt the execution of Javascript code by seeing the call stack and the values ​​of variables at the time of stopping. It's bad that all those 3-4 seconds before the tab crash are there - after that the debugger is no longer useful. After two or three workouts, I finally manage to stop the code in time. And I see that we are in a function that has the following code:

function(b,d) { var val=""; var a=b-this.count*2; while(a--) {val+="*"} ... } 

There are about 40 calls of other functions in the call stack, but in general we are in a file whose code is compressed and even in this form takes up too much space to parse it all. But we remember that even at the very beginning there were suspicions - “an endless cycle, within which memory is allocated”. The while (a--) loop has all the chances to be. Well, if a is a small positive number. And if it is a couple equal to a couple of billions? And if it is negative? Maybe you see somewhere checking for this? And I do not see. Most likely, here it is a mistake.

What to do?

First, let's try to just skip this cycle. I have no idea what this may lead to, but it is unlikely that on the page with the archive of payments I will suddenly perform some kind of irreparable operation (especially since all irreparable operations require confirmation). The minimum code change seemed to me to replace while (a--) with while (0) . Now we need to somehow slip the corrected script into the browser. At this point, it's time to admit that I have never been a web developer, and therefore I have no idea how they are there, in the web-maiden it is customary to do it. But I know a little bit about all the useful tools and one of the most useful in studying / modifying HTTP traffic is Fiddler2 . Firstly, it is a proxy server, passing all traffic from the server to the browser through itself, and secondly, it allows you to send predefined text or a file in response to certain requests. Next - a matter of technology. Save the important script to disk, run the loop, turn on Fiddler2 and configure redirection rules in it.

Voila!

Open the browser, go to the payments page and here is a surprise - everything works fine! I don’t know that this function was supposed to decorate with stars, but everything is fine without it, and most importantly, it’s no longer infinite. The moral of this story - never give up, you can always think of something and find a way out.

PS The addresses of the pages and the names of the variables are changed just in case (without changing the essence). The bank has been notified of the bug.