You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In NeilFraser/JS-Interpreter#207, @NeilFraser notes that many of the Array.prototype methods have potential long-running or infinite loops—e.g., Array.prototype.lastIndexOf.call({0: true, length: 'Infinity'}, true); takes forever to complete.
CodeCity's interpreter.js uses different implementations of most of these methods, but is vulnerable to the same issue.
The interpreter should be checked carefully for loops; every loop could potentially hang the interpreter of a malicious user found a way to cause it to run a large number of times. Every loop that is subject to user control over the number of iterations should be modified to check for thread timeouts. This includes almost all of the Array.prototype methods as well as things like Function.prototype.apply and even Interpreter.prototype.pseudoToNative. (Loops in places like Object.prototype.isPrototypeOf and Interpreter.PropertyIterator.prototype.next are probably OK, because in those case the number of iterations are bounded by the number of allocated objects in the database or the number of keys in an object.)
The text was updated successfully, but these errors were encountered:
In NeilFraser/JS-Interpreter#207, @NeilFraser notes that many of the
Array.prototype
methods have potential long-running or infinite loops—e.g.,Array.prototype.lastIndexOf.call({0: true, length: 'Infinity'}, true);
takes forever to complete.CodeCity's
interpreter.js
uses different implementations of most of these methods, but is vulnerable to the same issue.The interpreter should be checked carefully for loops; every loop could potentially hang the interpreter of a malicious user found a way to cause it to run a large number of times. Every loop that is subject to user control over the number of iterations should be modified to check for thread timeouts. This includes almost all of the
Array.prototype
methods as well as things likeFunction.prototype.apply
and evenInterpreter.prototype.pseudoToNative
. (Loops in places likeObject.prototype.isPrototypeOf
andInterpreter.PropertyIterator.prototype.next
are probably OK, because in those case the number of iterations are bounded by the number of allocated objects in the database or the number of keys in an object.)The text was updated successfully, but these errors were encountered: