Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check interpeter for potential long-running loops #466

Open
cpcallen opened this issue Mar 20, 2021 · 0 comments
Open

Check interpeter for potential long-running loops #466

cpcallen opened this issue Mar 20, 2021 · 0 comments
Labels
server Things related to the codecity server proper
Milestone

Comments

@cpcallen
Copy link
Collaborator

In NeilFraser/JS-Interpreter#207, @NeilFraser notes that many of the Array.prototype methods have potential long-running or infinite loops—e.g., Array.prototype.lastIndexOf.call({0: true, length: 'Infinity'}, true); takes forever to complete.

CodeCity's interpreter.js uses different implementations of most of these methods, but is vulnerable to the same issue.

The interpreter should be checked carefully for loops; every loop could potentially hang the interpreter of a malicious user found a way to cause it to run a large number of times. Every loop that is subject to user control over the number of iterations should be modified to check for thread timeouts. This includes almost all of the Array.prototype methods as well as things like Function.prototype.apply and even Interpreter.prototype.pseudoToNative. (Loops in places like Object.prototype.isPrototypeOf and Interpreter.PropertyIterator.prototype.next are probably OK, because in those case the number of iterations are bounded by the number of allocated objects in the database or the number of keys in an object.)

@cpcallen cpcallen added this to the Launch: Alpha milestone Mar 20, 2021
@cpcallen cpcallen added the server Things related to the codecity server proper label Mar 20, 2021
@cpcallen cpcallen changed the title Check native functions for potential infinite loops Check native functions for potential long-running loops Mar 20, 2021
@cpcallen cpcallen changed the title Check native functions for potential long-running loops Check interpeter for potential long-running loops Mar 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
server Things related to the codecity server proper
Projects
None yet
Development

No branches or pull requests

1 participant