New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

new BN(null).toString() causes an infinite loop (cashes the browser) #186

Open
adipascu opened this Issue Jun 7, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@adipascu
Copy link

adipascu commented Jun 7, 2018

new BN(null).toString() causes an infinite loop (cashes the browser)

It looks like

  • new BN(null) creates an empty BN
  • .toString() causes the VM interpreter to go into a loop

I think the solution is to make .toString() crash on empty instances.
A better fix could be to no longer accept new BN(null), remove empty instance feature or make it accessible with a different api (0 param constructor or something else).

@bem7

This comment has been minimized.

Copy link

bem7 commented Sep 25, 2018

Also bumped into this. Running

> (new BN(null)).imuln(0).toString(10)

Crashes Node with

#
# Fatal error in , line 0
# API fatal error handler returned after process out of memory
#
Illegal instruction: 4

bpierre added a commit to aragon/aragon that referenced this issue Oct 31, 2018

Fix an onboarding crash happening with specific web3 provider setups
When calling getBalance(), it was possible to sometimes get another
value than an big integer as a string.

Having `null` as a result, and passing it to the BN.js constructor,
could lead to an infinit loop [1].

To prevent this issue to happen again:

- In the app, `balance` is now always represented by a BN.js instance.
To represent an unknown balance, `new BN(-1)` is now used rather than `null`.

- The result of getbalance() is now filtered to ensure that we are
passing an integer to BN.js. Otherwise, we pass "-1".

[1] indutny/bn.js#186

bpierre added a commit to aragon/aragon that referenced this issue Nov 1, 2018

Fix an onboarding crash happening with some web3 provider setups (#442)
When calling getBalance(), it was possible to sometimes get another value than an big integer as a string.

Having `null` as a result, and passing it to the BN.js constructor, could lead to an infinit loop [1].

To prevent this issue to happen again:

- In the app, `balance` is now always represented by a BN.js instance. To represent an unknown balance, `new BN(-1)` is now used rather than `null`.

- The result of getbalance() is now filtered to ensure that we are passing an integer to BN.js. Otherwise, we pass "-1".

[1] indutny/bn.js#186
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment