Exploiting an accidentally discovered V8/Chrome RCEhttps://zon8.re/posts/exploiting-an-accidentally-discovered-v8-rce/ …
Type::Any() being the most generic type, using it obviously fixes the bad typing, however I'm unsure about the exact reason why the previously computed Union (of all the input's types coming from the MergeCache) is incorrect (Type::Union(phi_type, input_type, graph->zone())).
-
-
Any idea why? :)
-
Since the EscapeAnalysisPhase analysis IR graph from Start node to End node,and get the value from StoreElement or StoreField nodes, so it can deal with EffectPhi before visit the StoreElement introduced by "o.a = x;",and then the result of Type::Union is not complete.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.