-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
17-03 ChakraCore servicing release #2697
Commits on Mar 16, 2017
-
[CVE-2017-0094] Type confusion in JavascriptProxy::SetPropertyTrap wh…
…en using a Symbol When setting a property trap with JavascriptProxy::SetPropertyTrap using a symbol as a property id, we incorrectly assume that JavascriptProxy::GetName returns a PropertyString. The case for a JavascriptSymbol is unhandled, and we do a static cast leading to type confusion. Fix is to handle any cases other than PropertyString by using nullptr, as is the convention elsewhere.
Configuration menu - View commit details
-
Copy full SHA for 7061486 - Browse repository at this point
Copy the full SHA 7061486View commit details -
Configuration menu - View commit details
-
Copy full SHA for c30253b - Browse repository at this point
Copy the full SHA c30253bView commit details -
[CVE-2017-0071] Handle conversion of src operand on store to a typed …
…array if the bailout kind tells us to bail out on helper calls.
Configuration menu - View commit details
-
Copy full SHA for ff21352 - Browse repository at this point
Copy the full SHA ff21352View commit details -
Check for post-lower opcodes earlier than normal.
This change promotes several asserts to failfasts, and adds two additional ones, in order to ensure that no post-lower opcodes are added earlier than the lowerer phase, either by being added to the incoming bytecode buffer, or by corrupting a part of the IR during the earlier phases of the JIT.
Configuration menu - View commit details
-
Copy full SHA for bf4ef6c - Browse repository at this point
Copy the full SHA bf4ef6cView commit details -
[CVE-2017-0067] prevent parser from getting into inconsistent state w…
…hen asm.js parse fails
Configuration menu - View commit details
-
Copy full SHA for 80cfdbb - Browse repository at this point
Copy the full SHA 80cfdbbView commit details -
Configuration menu - View commit details
-
Copy full SHA for f778167 - Browse repository at this point
Copy the full SHA f778167View commit details -
[CVE-2017-0134 CVE-2017-0137] add conversion checks after calls to Is…
…ConcatSpreadable Signed-off-by: Michael Holman <Michael.Holman@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for aba0507 - Browse repository at this point
Copy the full SHA aba0507View commit details -
Configuration menu - View commit details
-
Copy full SHA for dd61e04 - Browse repository at this point
Copy the full SHA dd61e04View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1750d47 - Browse repository at this point
Copy the full SHA 1750d47View commit details -
Configuration menu - View commit details
-
Copy full SHA for 94993f2 - Browse repository at this point
Copy the full SHA 94993f2View commit details -
Configuration menu - View commit details
-
Copy full SHA for e701fc7 - Browse repository at this point
Copy the full SHA e701fc7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 70e23dc - Browse repository at this point
Copy the full SHA 70e23dcView commit details -
Configuration menu - View commit details
-
Copy full SHA for f1a8c50 - Browse repository at this point
Copy the full SHA f1a8c50View commit details -
Configuration menu - View commit details
-
Copy full SHA for 720bacd - Browse repository at this point
Copy the full SHA 720bacdView commit details -
[CVE-2017-0035] Asm.Js: Assign function number in order using interna…
…l list instead of parse node index.
Configuration menu - View commit details
-
Copy full SHA for b7854cd - Browse repository at this point
Copy the full SHA b7854cdView commit details -
[CVE-2017-0028] Fix binding of 'async' identifier in the presence of …
…async arrow function.
Configuration menu - View commit details
-
Copy full SHA for 402f3d9 - Browse repository at this point
Copy the full SHA 402f3d9View commit details -
Configuration menu - View commit details
-
Copy full SHA for fb08c4d - Browse repository at this point
Copy the full SHA fb08c4dView commit details -
Configuration menu - View commit details
-
Copy full SHA for db504eb - Browse repository at this point
Copy the full SHA db504ebView commit details -
Configuration menu - View commit details
-
Copy full SHA for 05af363 - Browse repository at this point
Copy the full SHA 05af363View commit details -
[CVE-2017-0196] Fixing an heap overread during slice.
The MissingItem check is happening on the array in a loop. It is possible that we get called into script and that mutates the array. So the Array's head is newly created with length. However the loop is still performing over the old length. Fixed this by checking the length In IsMissingItem function. Added a unittest.
Configuration menu - View commit details
-
Copy full SHA for 065b797 - Browse repository at this point
Copy the full SHA 065b797View commit details -
Configuration menu - View commit details
-
Copy full SHA for b75b9e8 - Browse repository at this point
Copy the full SHA b75b9e8View commit details -
[CVE-2017-0152] MSFT: 10592731 : Issue with Function name capturing i…
…n param scope In a function expression with name, where the name is captured in one of the param scope functions, if there is a function or var declaration with the same name as the function expression name we were marking the function expression name as shadowed. In non-eval case this causes issue because the name symbol won't get added to the body. This change is to fix it in such a way if the name is captured in the param scope then we split the param and body scope such that the name symbol is added to the param scope not body scope.
Configuration menu - View commit details
-
Copy full SHA for 9da0194 - Browse repository at this point
Copy the full SHA 9da0194View commit details -
Configuration menu - View commit details
-
Copy full SHA for cd6f65b - Browse repository at this point
Copy the full SHA cd6f65bView commit details