Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[CVE-2020-0712] An uninitialized memory usage error in the latest Mic…
…rosoft Edge 44.18362.387.0 may be exploited to execute arbitrary code. - Individual ```javascript class child extends Object { constructor(){ let f = () => { super()++ }; f(); } } ``` In above snippet, we attempt to emit a load for the target of the super call. This causes us to acquire a tmp register for the target of the super call node out-of-order relative to how the tmp registers are typically acquired in `EmitSuperCall`. Then later when we release the call target location we notice that the tmp registers are being released out-of-order. Fix is to skip emitting the call target when emitting a load of a super call node - this is already handled by `EmitSuperCall` so it isn't necessary anyway.
- Loading branch information
Showing
2 changed files
with
50 additions
and
42 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters