Issue 595626 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	----
Closed:	Jun 2016
Cc:	yangguo@chromium.org verwa...@chromium.org
Components:	Blink>JavaScript>Runtime
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	3
Type:	----
Performance-Memory Stability-Hang

hangs and crash in JSON.stringify with slightly possible ads usage

Reported by abnes...@gmail.com, Mar 17 2016

Issue description

Chrome Version: Version 50.0.2661.26 unknown (64-bit) + nodejs 4
OS: (linux openSuSE)

It's not a bug, but i see as problem.

var x = []; x[0x7fffffff]=1; JSON.stringify(x);
Page hangs and crash.

Article about problem on Russian.

Worst usage exmaple https://jsfiddle.net/8hkr3orv/2/ that slow close on windows.

https://translate.google.ru/translate?sl=ru&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fhabrahabr.ru%2Fpost%2F279439%2F&edit-text=

Sorry for my english.

Comment 1 by rsch...@chromium.org, Mar 24 2016

Components: Blink>JavaScript>Stability
Labels: Stability-Hang OS-Linux

Is there a reasonable use of this code? Or is it just a demo that can hang a page?

Comment 2 by abnes...@gmail.com, Mar 24 2016

Just demo, originally i get random(if random IDs too big) hangs after using localStorage serialization, used arrays for orders and rewrite code to object store by numerical IDs, but forget about initialization with array.

Comment 3 by hablich@chromium.org, Apr 21 2016

Cc: yangguo@chromium.org
Components: -Blink>JavaScript>Stability Blink>JavaScript>Runtime
Labels: -Pri-2 Pri-3
Status: Available (was: Unconfirmed)

Comment 4 by yangguo@chromium.org, Apr 21 2016

What's the difference of this to, say, "for(;;);"?

Comment 5 by abnes...@gmail.com, Apr 21 2016

for(;;) hangs in js, and can handle. Like old interrupt dialog. Also it's can be interrupted in sandbox like nodejs or webworker.

In json.stringify system hangs by native code...

Also problem, is't linux specific.

Comment 6 by yangguo@chromium.org, Apr 21 2016

I see. We will need a place inside stringify to check for interrupts.

Project Member

Comment 7 by bugdroid1@chromium.org, Jun 7 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/2963b5bd40b11211c42ed7388af24cc5994c8e22

commit 2963b5bd40b11211c42ed7388af24cc5994c8e22
Author: yangguo <yangguo@chromium.org>
Date: Tue Jun 07 11:43:41 2016

[json] check and handle interrupts.

R=jkummerow@chromium.org
BUG= chromium:595626 

Review-Url: https://codereview.chromium.org/2037363002
Cr-Commit-Position: refs/heads/master@{#36785}

[modify] https://crrev.com/2963b5bd40b11211c42ed7388af24cc5994c8e22/src/json-parser.cc
[modify] https://crrev.com/2963b5bd40b11211c42ed7388af24cc5994c8e22/src/json-stringifier.cc
[modify] https://crrev.com/2963b5bd40b11211c42ed7388af24cc5994c8e22/test/cctest/test-thread-termination.cc

Comment 8 by yangguo@chromium.org, Jun 7 2016

Status: Fixed (was: Available)

►

Issue 595626 link

Issue metadata

hangs and crash in JSON.stringify with slightly possible ads usage

Issue description

Comment 1 by rsch...@chromium.org, Mar 24 2016

Comment 1 Deleted

Comment 2 by abnes...@gmail.com, Mar 24 2016

Comment 2 Deleted

Comment 3 by hablich@chromium.org, Apr 21 2016

Comment 3 Deleted

Comment 4 by yangguo@chromium.org, Apr 21 2016

Comment 4 Deleted

Comment 5 by abnes...@gmail.com, Apr 21 2016

Comment 5 Deleted

Comment 6 by yangguo@chromium.org, Apr 21 2016

Comment 6 Deleted

Comment 7 by bugdroid1@chromium.org, Jun 7 2016

Comment 7 Deleted

Comment 8 by yangguo@chromium.org, Jun 7 2016

Comment 8 Deleted

Sign in to add a comment