Skip to content

Commit

Permalink
[CVE-2017-0015] Fix SpreadArgs uninitialized memory
Browse files Browse the repository at this point in the history
  • Loading branch information
@leirocks @MikeHolman
leirocks authored and MikeHolman committed Mar 16, 2017
1 parent f1a8c50 commit 720bacd
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions lib/Runtime/Language/InterpreterStackFrame.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6348,6 +6348,7 @@ const byte * InterpreterStackFrame::OP_ProfiledLoopBodyStart(const byte * ip)
PROBE_STACK(scriptContext, outArgs.Info.Count * sizeof(Var) + Js::Constants::MinStackDefault); // args + function call
outArgsSize = outArgs.Info.Count * sizeof(Var);
outArgs.Values = (Var*)_alloca(outArgsSize);
ZeroMemory(outArgs.Values, outArgsSize);
}
else
{
Expand Down
1 change: 1 addition & 0 deletions lib/Runtime/Language/ProfilingHelpers.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -487,6 +487,7 @@ namespace Js
PROBE_STACK(scriptContext, outArgs.Info.Count * sizeof(Var) + Js::Constants::MinStackDefault); // args + function call
outArgsSize = outArgs.Info.Count * sizeof(Var);
outArgs.Values = (Var*)_alloca(outArgsSize);
ZeroMemory(outArgs.Values, outArgsSize);
}
else
{
Expand Down
1 change: 1 addition & 0 deletions lib/Runtime/Library/JavascriptFunction.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1104,6 +1104,7 @@ namespace Js
PROBE_STACK(scriptContext, outArgs.Info.Count * sizeof(Var) + Js::Constants::MinStackDefault); // args + function call
outArgsSize = outArgs.Info.Count * sizeof(Var);
outArgs.Values = (Var*)_alloca(outArgsSize);
ZeroMemory(outArgs.Values, outArgsSize);
}
else
{
Expand Down

0 comments on commit 720bacd

Please sign in to comment.