Skip to content
Permalink
Browse files

[CVE-2019-1107] Chakra JIT Type Confusion FinishOptPropOp

  • Loading branch information...
pleath authored and atulkatti committed Jun 6, 2019
1 parent 7f0d390 commit 214dec9461f9acb9a4b9004368d2a81e0c125652
Showing with 8 additions and 0 deletions.
  1. +8 −0 lib/Backend/GlobOptFields.cpp
@@ -410,6 +410,14 @@ GlobOpt::ProcessFieldKills(IR::Instr *instr, BVSparse<JitArenaAllocator> *bv, bo
if (inGlobOpt)
{
KillObjectHeaderInlinedTypeSyms(this->currentBlock, false);
if (this->objectTypeSyms)
{
if (this->currentBlock->globOptData.maybeWrittenTypeSyms == nullptr)
{
this->currentBlock->globOptData.maybeWrittenTypeSyms = JitAnew(this->alloc, BVSparse<JitArenaAllocator>, this->alloc);
}
this->currentBlock->globOptData.maybeWrittenTypeSyms->Or(this->objectTypeSyms);
}
}

// fall through

0 comments on commit 214dec9

Please sign in to comment.
You can’t perform that action at this time.