-
Notifications
You must be signed in to change notification settings - Fork 236
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Type confusion vulnerability #351
Comments
@phoddie @mkellner @Moddable-OpenSource please check the issue |
Fix pushed. I looks like you are using some kind of fuzzer. Certainly the code doesn't look obviously useful. ;) Would you mind sharing how you generated this test? |
I implemented a tool for testing and I will publish a paper about it in the future. |
Very cool. The bug reports are much appreciated. Thank you. |
Enviroment
poc
vulnerability description:
The stack traceback is shown in the figure:
When processing js code, first fxParserTree will be called to generate a node tree, And when met:
It can cause errors in object references, which can cause type confusion. The specific vulnerability trigger point is on line xsCode.c: 1153, as shown in the figure
The current item is considered a temporary function type that has been declared, but in fact it is an undefined array type in poc.
PoC construction
Simply assign a value to an undefined array.
The text was updated successfully, but these errors were encountered: