4 matches found
WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales Exploit
Exploit for multiple platform in category dos / poc arrayStorage; storage-msparseMap.clear; storage-mindexBias = 0; storage-mnumValuesInVector = 0; return butterfly; It allocates a fixed sizeBASEARRAYSTORAGEVECTORLEN of memory without caring about |initialLength|. So a BOF occurs in the following...
WebKit JSC - Intl.getCanonicalLocales Heap Buffer Overflow
WebKit JSC - Intl.getCanonicalLocales Heap Buffer Overflow arrayStorage; storage-msparseMap.clear; storage-mindexBias = 0; storage-mnumValuesInVector = 0; return butterfly; It allocates a fixed sizeBASEARRAYSTORAGEVECTORLEN of memory without caring about |initialLength|. So a BOF occurs in the...
WebKit JSC - 'Intl.getCanonicalLocales' Heap Buffer Overflow
arrayStorage; storage-msparseMap.clear; storage-mindexBias = 0; storage-mnumValuesInVector = 0; return butterfly; It allocates a fixed sizeBASEARRAYSTORAGEVECTORLEN of memory without caring about |initialLength|. So a BOF occurs in the following iteration. EncodedJSValue JSCHOSTCALL...
WebKit JSC Intl.getCanonicalLocales Heap Buffer Overflow
WebKit: JSC: heap buffer overflow in Intl.getCanonicalLocales CVE-2017-6984 Here's tryCreateArrayButterfly which is invoked from intlObjectFuncGetCanonicalLocales to create a JSArray object. inline Butterfly tryCreateArrayButterflyVM& vm, JSCell intendedOwner, unsigned initialLength Butterfly...