First observe the stack traceback, as shown in the figure:
There is a problem with CTinyJS :: factor. In the TinyJS.cpp: 1642 line, a 0 pointer reference is sent, as shown in the figure:
The reason for the vulnerability is that when a temporary assignment variable a is generated, it is not verified whether a is empty, and then a-> var refers to a, which causes the vulnerability.
There is a '\ x00' character after the "x:" here, during the parsing process, tiny-js thinks that "x:" is empty, so the base parsing function returns 0, but "a-> var" does not have before the reference Check it, and the vulnerability is generated
Enviroment
poc:
vulnerability description:
First observe the stack traceback, as shown in the figure:
There is a problem with CTinyJS :: factor. In the TinyJS.cpp: 1642 line, a 0 pointer reference is sent, as shown in the figure:
The reason for the vulnerability is that when a temporary assignment variable a is generated, it is not verified whether a is empty, and then a-> var refers to a, which causes the vulnerability.
There is a '\ x00' character after the "x:" here, during the parsing process, tiny-js thinks that "x:" is empty, so the base parsing function returns 0, but "a-> var" does not have before the reference Check it, and the vulnerability is generated