一前言之前分析调试漏洞时,几乎都是对着别人的poc/exp调试,感觉对自己的提升不是很大,所以后面分析漏洞时尽可能全面分析,从漏洞产生原理、如何稳定触发进行探索,并尝试自己写poc/exp。二环境搭建git checkout 12.2.149gclient sync -Dgit apply diff.patchgn gen out/debug --args="symbol_level=2 blink_symbol_level=2 is_debug=true enable_nacl=false dcheck_always_on=false v8_enable_sandbox=false"ninja -C out/debug d8diff.patch如下:diff --git a/src/objects/map-updater.cc b/src/objects/map-updater.ccindex 7d04b064177..d5f3b169487 100644--- a/src/objects/map-updater.cc+++ b/src/objects/map-updater.cc@@ -1041,13 +1041,6 @@ MapUpdater::State MapUpdater::ConstructNewMap() { // the new descriptors to maintain descriptors sharing invariant. split_map->ReplaceDescriptors(isolate_, *new_descriptors); - // If the old descriptors had an enum cache, make sure the new ones do too.- if (old_descriptors_->enum_cache()->keys
………………………………