diff options
author | Nick Vatamaniuc <vatamane@gmail.com> | 2023-05-28 01:50:46 -0400 |
---|---|---|
committer | bptato <nincsnevem662@gmail.com> | 2023-09-23 13:45:39 +0200 |
commit | 43c01994f48b1452f32c3e4269167634b23fb601 (patch) | |
tree | 4bdceda5ff8083e0265b48cc1dd6303dccc72997 /src/loader/about.nim | |
parent | 821693c4374d9895f462fa29644905c61dbb241d (diff) | |
download | chawan-43c01994f48b1452f32c3e4269167634b23fb601.tar.gz |
Fix stack overflow in CVE-2023-31922
isArray and proxy isArray can call each other indefinitely in a mutually recursive loop. Add a stack overflow check in the js_proxy_isArray function before calling JS_isArray(ctx, s->target). With ASAN the the poc.js from issue 178: ``` ./qjs ./poc.js InternalError: stack overflow at isArray (native) at <eval> (./poc.js:4) ``` Fix: https://github.com/bellard/quickjs/issues/178
Diffstat (limited to 'src/loader/about.nim')
0 files changed, 0 insertions, 0 deletions