tiny-js icon indicating copy to clipboard operation
tiny-js copied to clipboard

Published 20 hours ago verified publisher icon gfwilliams

Null pointer dereference

Open bird8693 opened this issue 4 years ago • 0 comments

Enviroment

operating system: ubuntu18.04
compile command: ./configure && make
test command: ./run_tests poc

poc:

https://drive.google.com/open?id=1LDDlXy5TT1GcVikKCdYtbCjBKtBGGhJ_

vulnerability description:

It is a problem with CTinyJS :: factor. On the TinyJS.cpp + 1663 line, a null pointer reference is triggered, as shown in the figure: image The reason for the vulnerability is that when a temporary assignment variable a is generated, it is not verified whether a is empty, and then a-> var refers to a, which causes the vulnerability.

poc construction

In the process of declaring a variable, a null pointer can be caused by adding a null character.

image That is, an empty character is added after an element of the array.

bird8693 avatar Apr 17 '20 05:04 bird8693