-
Notifications
You must be signed in to change notification settings - Fork 241
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Google Chrome 115.0.5790.102 produces incorrect SHA-256 hashes #40
Comments
I have a similar problem with Google Chrome 116.0.0.0, it will produce incorrect hashes for a while and then after a certain number of hashes are computed, all future hash outputs will be correct. |
Can you give a sample code? |
I can reproduce it in Chrome 116.0.5845.110 using this code:
After 33 iterations it starts returning a different value. |
An input of "b" is even more interesting. Then it produces more than two different values. |
We're experiencing slowly increasing error rate based some Chrome version rollout. For now, we changed to import { Sha256 } from '@aws-crypto/sha256-js';
export const sha256 = (s: string): string => {
const hash = new Sha256();
hash.update(s);
const hashUint8Array = hash.digestSync();
return Buffer.from(hashUint8Array).toString('hex');
}; |
Replaced it js-sha256 with @aws-crypto/sha256-js. Also added consistency checks on server and client side to ensure both side compute the same hash value. see emn178/js-sha256#40
Replaced it js-sha256 with @aws-crypto/sha256-js. Also added consistency checks on server and client side to ensure both side compute the same hash value. see emn178/js-sha256#40
|
I had the same problem and needed to open a traceless browser to solve it.my Chrome 116.0.5845.96 |
I'm having the same issue with Chrome 116.0.5845.110 on x86-64 Linux. The JIT is doing some weird optimizations to the As a workaround, using the |
Same problem, could you help how to fixe that in angular 16 pls, do i need to go to the file js-sha256? is it possible to explain how we do it thanks |
We've replaced this library with @aws-crypto/sha256-browser as a solution |
I use @slisson 's sample code and tried on many versions and devices. I still can't reproduce this issue. Can you guys reproduce by the sample code? |
https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Mac/1160321/ The link is located using https://www.chromium.org/getting-involved/download-chromium/ If you run this Chromium 116.0.5845.96 on Macbook x86 version, you will get a different hash after 132 tries. And this behavior is not stable if you run the sample code another time |
FWIW, even though the above debugger behavior was reproducible on my computer, the simple repro case above does not repro for me, but does repro for my coworker consistently. I haven't run into this general problem happening in production, but he does very consistently. IIRC we use the same model of computer (m1 pro macbook pro 16") |
@hanzheliva I can reproduce by download old version. And I use @NicolasFlamel1 's workaround but change to an assignment {
//...
e = a + t1 << 0;
a = t1 + t2 << 0;
this.chromeBugWorkAround = true;
} This seems work and won't lose performance too much. I will use this change to fix this issue in next version. But I can't sign in my npm account to publish. still working on it... |
workaround in v0.10.0. Please check if it fixed. |
Thanks Sir but i have this erros with npm install js-sha256@0.10.0
How do i can fixe this Thanks again |
This version remove eval, so webpack detects "require" and causes this. Please check |
@djouf007 I found that I can disable polyfills in my package. use v0.10.1 should work. |
Thank you so much; it's all working perfectly @emn178 |
Has anyone opened an issue on crbug.com for this? |
I don't think this is a bug in this code but opening this issue to maybe help out someone else trying to debug this in the future:
When this library is used with Google Chrome 115.0.5790.102 (released on July 20 2023), it will produce correct hashes for a while and then after a certain number of hashes are computed, all future hash outputs will be incorrect.
This was seen on x86 and ARM machines running Linux and macOS.
Presumably this is a JIT bug in this particular version of Chrome. It is apparently fixed in 115.0.5790.110 which was released to stable channel 5 days later.
The text was updated successfully, but these errors were encountered: