Implicit valueOf() calls on custom Object cause a lock up.

Fixed Issue #5553123

Details

Created
Nov 23, 2015
Privacy
This issue is public.
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

URL:

Repro Steps:

The following HTML document showcases the error, locking up the browser when the button is pressed:
<html>
<body>
<div id="testAX">
You don’t have ActiveX controls allowed! Please stop IE blocking ActiveX for this page, the script on the button won’t run otherwise.
</div>
<input type="button" onClick="javascript:crash(this);" value="Click me to crash IE!"/>
<script>
var testAXS = document.getElementById(“testAX”).style;
testAXS.visibility="hidden";
testAXS.display="none";
var ObjectV = function ObjectV(v){
this.val = v;
}
ObjectV.prototype = {
valueOf : function(){
if(this.val!=0){
return this.val;
}else{
return null;
}
}
};
function crash(button){
var x = new ObjectV(0);
if(x<1){
button.value="It’s fixed! (or you’re not using IE)";
}
}
</script>
</body>
</html>

However, it should trigger with any code that includes an instance of a custom class with an overridden valueOf() that returns null in some contexts. The comparison does not need to be to a number.

Expected Results:

When an object with a valueOf method that returns null in the given context is compared to a non-null value, the comparison should return true if < and false if >.

Actual Results:

Dev Channel specific:

No

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Kamen M.”

      Changed Assigned To to “ChakraTriage”

      Changed Assigned To from “ChakraTriage” to “Suwei C.”

      Changed Assigned To from “Suwei C.” to “IE S.”

      Changed Status to “Fixed”

    • Our app is running into this issue and is completely unusable on Edge. We have had to tell customers to not use Edge as a work around.

      Confirmed that repro case in this bug is still valid and causing hard crash on Edge 25.10586.0.0 EdgeHTML 13.10586

    • Hello,

      Thank you for providing this information about the issue. We are pleased to report this feature is fixed in Edge 15063 and is available in our latest Creator’s Update build.

      Best Wishes,
      The MS Edge Team

    You need to sign in to your Microsoft account to add a comment.

    Sign in