tiny-js icon indicating copy to clipboard operation
tiny-js copied to clipboard

Published 20 hours ago verified publisher icon gfwilliams

Null pointer dereference

Open bird8693 opened this issue 4 years ago • 0 comments

Enviroment

operating system: ubuntu18.04
compile command: ./configure && make
test command: ./run_tests poc

poc:

https://drive.google.com/open?id=1S3o5dJNvjp19QdkdgZsg2YRAb6G_2Wfy

vulnerability description:

It is a problem with CTinyJS :: term. In the TinyJS.cpp: 1813 line, a null pointer reference is triggered, as shown in the figure: image The reason for the vulnerability is that when the temporary assignment variable b is generated, it is not verified whether b is empty, and then b-> var refers to b, which causes the vulnerability.

PoC construction

In the process of declaring a variable, a null pointer can be caused by adding a null character after "*". image That is, a null character is added after the multiplication symbol.

bird8693 avatar Apr 17 '20 05:04 bird8693