On 2/7/2014, 4:55 PM, Nicholas Nethercote wrote:
On Fri, Feb 7, 2014 at 1:40 PM, Kannan Vijayan <[email protected]> wrote:
Not hashing the entire string sounds like a collision attack vector. Any
app or page coded in such a way as to enable an attacker to create interned
strings would open the browser to a DoS attack.
Can we just skip big strings? What's the point in interning them? Identity
operations are rare on big strings - we typically only care about their
content.
Atomization != interning. I believe only a small fraction of strings
that are atomized are interned, though I haven't measured. I don't
think DoS is possible; the only bad behaviour you could get by
ignoring some of the chars in a string when atomizing is an increase
in the collision rate in the atoms table.
My apologies, I was confused about the specific meaning of 'intern' in
spidermonkey. Did not realize it meant they were gc-pinned. I was
referring to them being kept in a hash table.
The collision rate control is the bad behaviour I'm referring to. If a
webapp is written so as to allow a user to generate atoms (not too hard
since they get created in a bunch of places, esp. property-access
related operations), the user can take advantage of it to pollute the
atoms table with arbitrarily many entries that are trivially constructed
to have the same hash code. This can arbitrarily affect the performance
of code using names that map onto the polluted hash codes.
Kannan
_______________________________________________
dev-tech-js-engine-internals mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-js-engine-internals
