Microsoft Edge Chakra JIT Escape Analysis Bug

Microsoft Edge: Chakra: JIT: Escape analysis bug 2 CVE-2018-0860 Let's consider the following example code. function opt let arr = ; return arr'x'; // Optimize the "opt" function. for let i = 0; i inline Js::Var ExecuteImplicitCallJs::RecyclableObject function, Js::ImplicitCallFlags flags, Fn...