about summary refs log tree commit diff stats
path: root/README.md
diff options
context:
space:
mode:
authorNick Vatamaniuc <vatamane@gmail.com>2023-05-28 01:50:46 -0400
committerbptato <nincsnevem662@gmail.com>2023-09-23 13:45:39 +0200
commit43c01994f48b1452f32c3e4269167634b23fb601 (patch)
tree4bdceda5ff8083e0265b48cc1dd6303dccc72997 /README.md
parent821693c4374d9895f462fa29644905c61dbb241d (diff)
downloadchawan-43c01994f48b1452f32c3e4269167634b23fb601.tar.gz
Fix stack overflow in CVE-2023-31922
isArray and proxy isArray can call each other indefinitely in a mutually
recursive loop.

Add a stack overflow check in the js_proxy_isArray function before calling
JS_isArray(ctx, s->target).

With ASAN the the poc.js from issue 178:

```
./qjs ./poc.js
InternalError: stack overflow
  at isArray (native)
  at <eval> (./poc.js:4)
```

Fix: https://github.com/bellard/quickjs/issues/178
Diffstat (limited to 'README.md')
0 files changed, 0 insertions, 0 deletions