Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Null pointer dereference #23

Open
bird8693 opened this issue Apr 17, 2020 · 0 comments
Open

Null pointer dereference #23

bird8693 opened this issue Apr 17, 2020 · 0 comments

Comments

@bird8693
Copy link

bird8693 commented Apr 17, 2020

Enviroment

operating system: ubuntu18.04
compile command: make
test command: ./run_tests  poc

poc:

https://drive.google.com/open?id=1pgFKnPb7wJKqKTCfBKp7S6swKPvwBU2L

vulnerability description:

First observe the stack traceback, as shown in the figure:
image
There is a problem with CTinyJS :: factor. In the TinyJS.cpp: 1642 line, a 0 pointer reference is sent, as shown in the figure:
image
The reason for the vulnerability is that when a temporary assignment variable a is generated, it is not verified whether a is empty, and then a-> var refers to a, which causes the vulnerability.
image
There is a '\ x00' character after the "x:" here, during the parsing process, tiny-js thinks that "x:" is empty, so the base parsing function returns 0, but "a-> var" does not have before the reference Check it, and the vulnerability is generated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant