-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stack overflow #4
Comments
pcmacdon
pushed a commit
that referenced
this issue
Apr 13, 2020
FossilOrigin-Name: 6c7f0c37027d7f890b57cb38f776af39b8f81f03e60ceeb0a231a1d21e24b5de
Should be fixed in "3.0.7". Issue only appeared when not in strict mode. ie. did not see this when the test file ends in ".jsi". |
This was referenced May 11, 2020
This was referenced Oct 20, 2020
This was referenced Oct 31, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Enviroment
poc:
vulnerability description:
~ _num
as a parameter, that is, precision. _num is an undefined variable, jsish thinks it is 0 by default, then the negation will become 0x7fffffff. In the analysis of the functionNumberToPrecisionCmd
(src/jsiNumber.c ),Jsi_GetIntFromValue
is used to obtain the precision, which is the prec variable. But buf is a buffer on the stack of only 100 bytes. When prec exceeds 100, it causes a buffer overflow.The text was updated successfully, but these errors were encountered: