Permalink
Browse files

[CVE-2018-8456] Edge - Chakra JIT Loop LandingPad ImplicitCall Bypass…

… - Qihoo 360
  • Loading branch information...
meg-gupta authored and MikeHolman committed Aug 6, 2018
1 parent f12d847 commit 98360625854f84262ce8de59a7f57496393281f3
Showing with 12 additions and 2 deletions.
  1. +12 −2 lib/Backend/GlobOpt.cpp
// Replace above will free srcOpnd, so reassign it
*srcOpndPtr = srcOpnd = reinterpret_cast<IR::Opnd *>(strOpnd);

if (loop->bailOutInfo->bailOutInstr)
if (IsImplicitCallBailOutCurrentlyNeeded(convPrimStrInstr, opndValueInLandingPad, nullptr, landingPad, landingPad->globOptData.liveFields->IsEmpty(), true, true))
{
EnsureBailTarget(loop);
loop->bailOutInfo->bailOutInstr->InsertBefore(convPrimStrInstr);
convPrimStrInstr = convPrimStrInstr->ConvertToBailOutInstr(convPrimStrInstr, IR::BailOutOnImplicitCallsPreOp, loop->bailOutInfo->bailOutOffset);
convPrimStrInstr->ReplaceBailOutInfo(loop->bailOutInfo);
}
else
{
landingPad->InsertAfter(convPrimStrInstr);
if (loop->bailOutInfo->bailOutInstr)
{
loop->bailOutInfo->bailOutInstr->InsertBefore(convPrimStrInstr);
}
else
{
landingPad->InsertAfter(convPrimStrInstr);
}
}

// If we came here opndSym can't be PropertySym

0 comments on commit 9836062

Please sign in to comment.