Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ChakraCore servicing fixes for Feb release #6375

Merged
merged 7 commits into from
Feb 11, 2020
Merged

ChakraCore servicing fixes for Feb release #6375

merged 7 commits into from
Feb 11, 2020

Conversation

akroshg
Copy link
Contributor

@akroshg akroshg commented Feb 11, 2020

Chakra Automation and others added 7 commits February 10, 2020 12:02
@akroshg
[CVE-2020-0767]
161c895
@akroshg
[CVE-2020-0710] Prevent Yield/Await in parameter scope
d898026
@atulkatti @akroshg
[CVE-2020-0713] Chakra - incorrect offset for homeObj on cross-site o…
c7999d9 
…bjects.
@boingoing @akroshg
[CVE-2020-0712] An uninitialized memory usage error in the latest Mic…
2e33d82 
…rosoft Edge 44.18362.387.0 may be exploited to execute arbitrary code. - Individual

```javascript
class child extends Object {
    constructor(){
        let f = () => {
            super()++
        };
        f();
    }
}
```

In above snippet, we attempt to emit a load for the target of the super call. This causes us to acquire a tmp register for the target of the super call node out-of-order relative to how the tmp registers are typically acquired in `EmitSuperCall`. Then later when we release the call target location we notice that the tmp registers are being released out-of-order. Fix is to skip emitting the call target when emitting a load of a super call node - this is already handled by `EmitSuperCall` so it isn't necessary anyway.
@boingoing @akroshg
[CVE-2020-0711]
a9aee51
@akroshg
Update version to 1.11.16
d5e7c97
@akroshg
Fixing an error of using inline in explicit instantiation
23eca47
chakrabot pushed a commit that referenced this pull request Feb 11, 2020
@akroshg
[MERGE #6375 @akroshg] ChakraCore servicing fixes for Feb release
42485b9 
Merge pull request #6375 from akroshg:servicing/2002

Fixes following CVEs
[CVE-2020-0710]
[CVE-2020-0711]
[CVE-2020-0712]
[CVE-2020-0713]
[CVE-2020-0767]
@chakrabot chakrabot merged commit 23eca47 into chakra-core:release/1.11 Feb 11, 2020
chakrabot pushed a commit that referenced this pull request Feb 14, 2020
@akroshg
[1.11>master] [MERGE #6375 @akroshg] ChakraCore servicing fixes for F…
ca5d5f3 
…eb release

Merge pull request #6375 from akroshg:servicing/2002

Fixes following CVEs
[CVE-2020-0710]
[CVE-2020-0711]
[CVE-2020-0712]
[CVE-2020-0713]
[CVE-2020-0767]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pleath pleath pleath approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@akroshg @pleath @chakrabot @atulkatti @boingoing