tiny-js icon indicating copy to clipboard operation
tiny-js copied to clipboard

Published 20 hours ago verified publisher icon gfwilliams

Null pointer dereference

Open bird8693 opened this issue 4 years ago • 0 comments

Enviroment

operating system: ubuntu18.04
compile command: make
test command: ./run_tests  poc

poc:

https://drive.google.com/open?id=1jhNSWmb-SeA6K4xDWQCEhaJFts7E3iOa

vulnerability description:

CTinyJS :: expression has a problem. On the TinyJS.cpp + 1754 line, a null pointer reference is triggered, as shown in the figure: image The reason for the vulnerability is that when a temporary assignment variable a is generated, it is not verified whether a is empty, and then a-> var refers to a, which causes the vulnerability.

PoC construction

During the variable declaration, write 0. image

bird8693 avatar Apr 17 '20 15:04 bird8693