Skip to content

Commit

Permalink
[CVE-2019-1107] Chakra JIT Type Confusion FinishOptPropOp
Browse files Browse the repository at this point in the history
  • Loading branch information
@pleath @atulkatti
pleath authored and atulkatti committed Jul 1, 2019
1 parent 7f0d390 commit 214dec9
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions lib/Backend/GlobOptFields.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -410,6 +410,14 @@ GlobOpt::ProcessFieldKills(IR::Instr *instr, BVSparse<JitArenaAllocator> *bv, bo
if (inGlobOpt)
{
KillObjectHeaderInlinedTypeSyms(this->currentBlock, false);
if (this->objectTypeSyms)
{
if (this->currentBlock->globOptData.maybeWrittenTypeSyms == nullptr)
{
this->currentBlock->globOptData.maybeWrittenTypeSyms = JitAnew(this->alloc, BVSparse<JitArenaAllocator>, this->alloc);
}
this->currentBlock->globOptData.maybeWrittenTypeSyms->Or(this->objectTypeSyms);
}
}

// fall through
Expand Down

0 comments on commit 214dec9

Please # to comment.