WebKit JSC JIT Use-After-Free

Posted by deepcore on January 17, 2019 – 9:24 am

The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it is missing some cases such as StringCharAt, StringCharCodeAt and GetByVal that might cause a garbage collection via rope strings. As a result, it can lead to a use-after-free condition.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Streamworks Job Scheduler Release 7 Authentication Weakness ownDMS 4.7 SQL Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

WebKit JSC JIT Use-After-Free

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL