Trying to crash server running jint

[emilmuller]

I'm offering users of my website to run scripts, but I don't want to let them be able to crash my server (or make it unresponsive).
So I've been actively trying to make jint unresponsive.
I'm running the following code to attempt to use up all the memory:

new Engine(o => o.MaxStatements(1000)).Evaluate("for (let a = [1, 2, 3];; a = a.concat(a)) ;");

Interestingly, it doesn't use up all the memory, but it freezes (even though I set a maximum number of statements). No exceptions are thrown.

3.0.0-beta-2032

[lahma]

I think it's really hard to make everything bulletproof so please keep that in mind. I think we can fix this particular case but there might always be other ways to cause havoc, unfortunately.

[emilmuller]

Thanks for replying! Just out of curiosity, why doesn't it run out of memory? :)

[lahma]

It actually halts because array changes logic to use dictionary for large array (it expects it to have holes). I've addressed this in #923 and there's new constraint that can be set for max allowed array size. So in your case CPU is burning in array handling and cannot reach the statement count limit.