Skip to content

Commit beba75a

Browse files
MikeHolmanMikeHolman
committed
[CVE-2019-0649] Microsoft Chakra JIT server construct Caches array out-of-bounds
1 parent fe64d93 commit beba75a

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

lib/Backend/Func.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1673,14 +1673,14 @@ Func::LinkCtorCacheToPropertyId(Js::PropertyId propertyId, JITTimeConstructorCac
16731673

16741674
JITTimeConstructorCache* Func::GetConstructorCache(const Js::ProfileId profiledCallSiteId)
16751675
{
1676-
Assert(profiledCallSiteId < GetJITFunctionBody()->GetProfiledCallSiteCount());
1676+
AssertOrFailFast(profiledCallSiteId < GetJITFunctionBody()->GetProfiledCallSiteCount());
16771677
Assert(this->constructorCaches != nullptr);
16781678
return this->constructorCaches[profiledCallSiteId];
16791679
}
16801680

16811681
void Func::SetConstructorCache(const Js::ProfileId profiledCallSiteId, JITTimeConstructorCache* constructorCache)
16821682
{
1683-
Assert(profiledCallSiteId < GetJITFunctionBody()->GetProfiledCallSiteCount());
1683+
AssertOrFailFast(profiledCallSiteId < GetJITFunctionBody()->GetProfiledCallSiteCount());
16841684
Assert(constructorCache != nullptr);
16851685
Assert(this->constructorCaches != nullptr);
16861686
Assert(this->constructorCaches[profiledCallSiteId] == nullptr);

0 commit comments

Comments
 (0)