Microsoft Edge Chakra JIT - Lowerer::LowerSetConcatStrMultiItem Missing Integer Overflow Check

Exploit for windows platform in category dos / poc / The method "Lowerer::LowerSetConcatStrMultiItem" is used to generate machine code to concatenate strings. Here's a snippet of the method. void Lowerer::LowerSetConcatStrMultiItemIR::Instr instr ... IR::IndirOpnd dstLength =...

Microsoft Edge Chakra JIT - Lowerer::LowerSetConcatStrMultiItem Missing Integer Overflow Check

Microsoft Edge Chakra JIT - Lowerer::LowerSetConcatStrMultiItem Missing Integer Overflow Check / The method "Lowerer::LowerSetConcatStrMultiItem" is used to generate machine code to concatenate strings. Here's a snippet of the method. void Lowerer::LowerSetConcatStrMultiItemIR::Instr instr...

Microsoft Edge Chakra JIT - 'Lowerer::LowerSetConcatStrMultiItem' Missing Integer Overflow Check

/ The method "Lowerer::LowerSetConcatStrMultiItem" is used to generate machine code to concatenate strings. Here's a snippet of the method. void Lowerer::LowerSetConcatStrMultiItemIR::Instr instr ... IR::IndirOpnd dstLength = IR::IndirOpnd::NewconcatStrOpnd,...

Microsoft Edge: Chakra: JIT: Incorrect integer overflow check in Lowerer::LowerBoundCheck(CVE-2017-11861)

Here's a snippet of the method. void Lowerer::LowerBoundCheckIR::Instr const instr ... ifrightOpnd-IsIntConstOpnd IntConstType newOffset; if!IntConstMath::Addoffset, rightOpnd-AsIntConstOpnd-GetValue, &newOffset --- a offset = newOffset; rightOpnd = nullptr; offsetOpnd = nullptr; ... if!rightOpnd...

Microsoft Edge Chakra JIT Incorrect GenerateBailOut Calling Patterns Exploit

Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: JIT: Incorrect GenerateBailOut calling patterns CVE-2017-11799 Bailout: "ChakraCoreas background JIT compiler generates highly optimized JITaed code based upon the data and infers likely usage patterns based on the profile...