[CVE-2017-11870] Edge - Exploitable write-AV when writing to a slot o…

…f a javascript null scope object. - Internal
chakra-core · Nov 12, 2017 · b44ee83 · b44ee83
1 parent 38a37ac
commit b44ee83
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/Parser/Parse.cpp b/lib/Parser/Parse.cpp
@@ -5194,6 +5194,10 @@ ParseNodePtr Parser::ParseFncDecl(ushort flags, LPCOLESTR pNameHint, const bool
             bool isRedecl = false;
             ParseNodePtr vardecl = CreateVarDeclNode(pnodeFnc->sxFnc.pnodeName->sxVar.pid, STVariable, false, nullptr, false, &isRedecl);
             vardecl->sxVar.isBlockScopeFncDeclVar = true;
+            if (vardecl->sxVar.sym->GetIsFormal())
+            {
+                GetCurrentFunctionNode()->sxFnc.SetHasAnyWriteToFormals(true);
+            }
             if (isRedecl)
             {
                 vardecl->sxVar.sym->SetHasBlockFncVarRedecl();