Home Java A simple and not very obvious way to hang chrome, firefox and nodejs inside a native function

A simple and not very obvious way to hang chrome, firefox and nodejs inside a native function

by admin

Here’s all the code : var x = []; x[0x7fffffff]=1; JSON.stringify(x);

For those wishing to try : jsfiddle

In this uncomplicated way, you can hang firefox, crash chrome tab and hang nodejs main thread.
The most remarkable thing about this is that the hangup happens at the level of the native code of the function JSON.stringify which prevents it from interrupting execution in the same firefox as it usually does with the simple while(true);
When executing inside WebWorker in chrome, the page keeps responding, but cannot terminate the thread.
Also, for obvious reasons, this code is not detected by jslint.

How it works

var x = [];x[0x7fffffff]=1; // the limit of a signed positive 32-bit integerJSON.stringify(x); // since x is an array, we get a lot of null...

How did the author come to this life

It was 2+ hours in the morning, I had been sleeping for a long time and not much, and I needed to work. I needed to implement a collection of objects in localStorage My brain was already thinking tightly, and at first a simple array with JSON storage was chosen for storage. After we understood that in this case IDs would be easier to use, the array was replaced by an object, and the following code was used to generate a random ID Math.random() * 0x7fffffff > > 0 , then the data were serialized and written to the repository. After that, random page hangs started, and debugging revealed that the collection was still being initialized as an array.

To summarize, to myself…

Actually, the note is not about JSON.stringify is bad, but that you should be more careful about what you send to it.

  1. We should sleep more
  2. Get more sleep
  3. You shouldn’t make numeric id if they are going to be random(easier to find an error if anything).
  4. Unstrict typing is sometimes evil.

I decided to write this note when it turned out that some programmers I knew had not figured out the code dumped by "asci".

You may also like