Microsoft Edge Chakra JavascriptFunction::ReparseAsmJsModule Parsing Issue

Microsoft Edge: Chakra: JavascriptFunction::ReparseAsmJsModule incorrectly re-parses CVE-2017-8755 This is similar to the issue 1271 . Here's the method used to re-parse asmjs modules. void JavascriptFunction::ReparseAsmJsModuleScriptFunction functionRef ParseableFunctionInfo functionInfo =...

Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrectly Re-parses

GetOriginalEntryPoint : nullptr; if this-pCurrentFunction && this-pCurrentFunction-IsFunctionParsed Assertthis-pCurrentFunction-StartInDocument == pnode-ichMin; pCurrentFunction" is the consturctor, but "pnode" refers to the method "f". PoC: -- class MyClass fa printa; constructor 'use asm';...

Microsoft Edge: Chakra: Incorrect usage of PushPopFrameHelper in InterpreterStackFrame::ProcessLinkFailedAsmJsModule(CVE-2017-8646)

PushPopFrameHelper is a class that pushes the current stack frame object in its constructor and pops it in the destructor. So it should be used like "PushPopFrameHelper holder...", but InterpreterStackFrame::ProcessLinkFailedAsmJsModule uses it like a function. Var...

Microsoft Edge Chakra PushPopFrameHelper Incorrect Usage Exploit

Microsoft Edge Chakra suffers from an incorrect usage of PushPopFrameHelper in InterpreterStackFrame::ProcessLinkFailedAsmJsModule. Microsoft Edge: Chakra: Incorrect usage of PushPopFrameHelper in InterpreterStackFrame::ProcessLinkFailedAsmJsModule CVE-2017-8646 PushPopFrameHelper is a class that...

Microsoft Edge Chakra PushPopFrameHelper Incorrect Usage

Microsoft Edge: Chakra: Incorrect usage of PushPopFrameHelper in InterpreterStackFrame::ProcessLinkFailedAsmJsModule CVE-2017-8646 PushPopFrameHelper is a class that pushes the current stack frame object in its constructor and pops it in the destructor. So it should be used like "PushPopFrameHelp...