[CVE-2018-8465] Chakra - Invalid stack read leads to type confusion -…

… Individual
chakra-core · Sep 11, 2018 · 7e235c9 · 7e235c9
1 parent a404dec
commit 7e235c9
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/lib/Backend/arm/LowerMD.cpp b/lib/Backend/arm/LowerMD.cpp
@@ -1108,6 +1108,11 @@ LowererMD::LowerEntryInstr(IR::EntryInstr * entryInstr)
         unwindInfo->SetHasCalls(true);
     }
 
+    if (Lowerer::IsArgSaveRequired(this->m_func))
+    {
+        unwindInfo->SetHasCalls(true);
+    }
+
     bool hasCalls = unwindInfo->GetHasCalls();
 
     // Home the params. This is done to enable on-the-fly creation of the arguments object,

diff --git a/lib/Backend/arm64/LowerMD.cpp b/lib/Backend/arm64/LowerMD.cpp
@@ -1129,7 +1129,8 @@ ARM64StackLayout::ARM64StackLayout(Func* func)
         // the worst case assumption (homing all NUM_INT_ARG_REGS).
         this->m_hasCalls = func->GetHasCalls() ||
             func->HasAnyStackNestedFunc() || 
-            !LowererMD::IsSmallStack(this->TotalStackSize() + NUM_INT_ARG_REGS * MachRegInt);
+            !LowererMD::IsSmallStack(this->TotalStackSize() + NUM_INT_ARG_REGS * MachRegInt) ||
+            Lowerer::IsArgSaveRequired(func);
 
         // Home the params. This is done to enable on-the-fly creation of the arguments object,
         // Dyno bailout code, etc. For non-global functions, that means homing all the param registers