Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

node: crashes on CVE-2013-6668 test case #8070

Closed
thoger opened this issue Aug 4, 2014 · 1 comment
Closed

node: crashes on CVE-2013-6668 test case #8070

thoger opened this issue Aug 4, 2014 · 1 comment
Labels
V8

Comments

@thoger
Copy link

thoger commented Aug 4, 2014

One of the Chrome bugs under CVE-2013-6668 is:

https://codereview.chromium.org/172093002
https://code.google.com/p/chromium/issues/detail?id=344186

The test case from the upstream bug crashes the latest node v0.10.30.
@trevnorris trevnorris added the V8 label Aug 5, 2014
@indutny
Copy link
Member

indutny commented Aug 11, 2014

Looking...

richardlau added a commit to ibmruntimes/node that referenced this issue Aug 20, 2014
@richardlau
deps: backport 5f836c from v8 upstream
812a74c 
Original commit message:

    Fix Hydrogen bounds check elimination

    When combining bounds checks, they must all be moved before the first load/store
    that they are guarding.

    BUG=chromium:344186
    LOG=y
    R=svenpanne@chromium.org

    Review URL: https://codereview.chromium.org/172093002

    git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@19475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

fix nodejs#8070

Port fd80a31 to deps/v8ppc and deps/v8z
richardlau added a commit to ibmruntimes/node that referenced this issue Sep 17, 2014
@richardlau
deps: backport 5f836c from v8 upstream
fc67c5b 
Original commit message:

    Fix Hydrogen bounds check elimination

    When combining bounds checks, they must all be moved before the first load/store
    that they are guarding.

    BUG=chromium:344186
    LOG=y
    R=svenpanne@chromium.org

    Review URL: https://codereview.chromium.org/172093002

    git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@19475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

fix nodejs#8070

Port fd80a31 to deps/v8ppc and deps/v8z
richardlau added a commit to ibmruntimes/node that referenced this issue Oct 21, 2014
@richardlau
deps: backport 5f836c from v8 upstream
588369b 
Original commit message:

    Fix Hydrogen bounds check elimination

    When combining bounds checks, they must all be moved before the first load/store
    that they are guarding.

    BUG=chromium:344186
    LOG=y
    R=svenpanne@chromium.org

    Review URL: https://codereview.chromium.org/172093002

    git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@19475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

fix nodejs#8070

Port fd80a31 to deps/v8ppc and deps/v8z
mscdex pushed a commit to mscdex/node that referenced this issue Dec 25, 2014
@indutny @mscdex
deps: backport 5f836c from v8 upstream
794e9bf 
Original commit message:

    Fix Hydrogen bounds check elimination

    When combining bounds checks, they must all be moved before the first load/store
    that they are guarding.

    BUG=chromium:344186
    LOG=y
    R=svenpanne@chromium.org

    Review URL: https://codereview.chromium.org/172093002

    git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@19475 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

fix nodejs#8070
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
V8
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@indutny @trevnorris @thoger