Geekly Articles each Day
📜 ⬆️ ⬇️

A simple and not very obvious way to hang chrome, firefox and nodejs inside a native function

Here is all the code: var x = []; x[0x7fffffff]=1; JSON.stringify(x); var x = []; x[0x7fffffff]=1; JSON.stringify(x);


For those who want to try: jsfiddle


In this straightforward way, you can hang firefox tightly, bring the chrome tab to fall and hang the main nodejs thread.

The most remarkable thing about this is that the hang occurs at the level of the native code of the JSON.stringify function, which does not allow interrupting the execution in the same firefox, as it usually happens with a simple while(true); .

When running inside the WebWorker in chrome, the page continues to respond, but terminate cannot terminate the stream.
')
Also for obvious reasons, such code is not detected by jslint.


How it works


 var x = []; x[0x7fffffff]=1; //    32   JSON.stringify(x); //  x ,    null...

As the author has come to such a life


It was more than 2 o'clock in the morning, I slept a long time ago and little, but I had to work. It was necessary to implement a collection of objects in localStorage . The brain was already thinking tight, and at the beginning a simple array was stored for storage with saving as JSON. After realizing that it would be more convenient to work with ID in this case, the array was replaced with an object, and to generate a random ID, the following code Math.random() * 0x7fffffff >> 0 , then the data was serialized and recorded in the repository. After that, random page hangs began, and during debugging it was discovered that the collection was still initialized as an array.

Summarizing, to myself ...


In fact, the note is not about the fact that JSON.stringify bad, but about the fact that you need to be more attentive to what you send to it.

  1. Need to sleep more
  2. Need to sleep more
  3. You should not make numeric id if they are random (it is easier to find an error in which case).
  4. Unstable typing is sometimes evil.

I decided to write a note when it turned out that several familiar programmers did not understand the code that had been dropped in ICQ.

Source: https://habr.com/ru/post/279439/

More articles:


All Articles