Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

ChakraCore servicing fixes for Feb release #6375

Merged
merged 7 commits into from
Feb 11, 2020
Merged

ChakraCore servicing fixes for Feb release #6375

merged 7 commits into from
Feb 11, 2020

Conversation

akroshg
Copy link
Contributor

@akroshg akroshg commented Feb 11, 2020

Chakra Automation and others added 7 commits February 10, 2020 12:02
@akroshg
[CVE-2020-0767]
161c895
@akroshg
[CVE-2020-0710] Prevent Yield/Await in parameter scope
d898026
@atulkatti @akroshg
[CVE-2020-0713] Chakra - incorrect offset for homeObj on cross-site o…
c7999d9 
…bjects.
@boingoing @akroshg
[CVE-2020-0712] An uninitialized memory usage error in the latest Mic…
2e33d82 
…rosoft Edge 44.18362.387.0 may be exploited to execute arbitrary code. - Individual

```javascript
class child extends Object {
    constructor(){
        let f = () => {
            super()++
        };
        f();
    }
}
```

In above snippet, we attempt to emit a load for the target of the super call. This causes us to acquire a tmp register for the target of the super call node out-of-order relative to how the tmp registers are typically acquired in `EmitSuperCall`. Then later when we release the call target location we notice that the tmp registers are being released out-of-order. Fix is to skip emitting the call target when emitting a load of a super call node - this is already handled by `EmitSuperCall` so it isn't necessary anyway.
@boingoing @akroshg
[CVE-2020-0711]
a9aee51
@akroshg
Update version to 1.11.16
d5e7c97
@akroshg
Fixing an error of using inline in explicit instantiation
23eca47
chakrabot pushed a commit that referenced this pull request Feb 11, 2020
@akroshg
[MERGE #6375 @akroshg] ChakraCore servicing fixes for Feb release
42485b9 
Merge pull request #6375 from akroshg:servicing/2002

Fixes following CVEs
[CVE-2020-0710]
[CVE-2020-0711]
[CVE-2020-0712]
[CVE-2020-0713]
[CVE-2020-0767]
@chakrabot chakrabot merged commit 23eca47 into chakra-core:release/1.11 Feb 11, 2020
chakrabot pushed a commit that referenced this pull request Feb 14, 2020
@akroshg
[1.11>master] [MERGE #6375 @akroshg] ChakraCore servicing fixes for F…
ca5d5f3 
…eb release

Merge pull request #6375 from akroshg:servicing/2002

Fixes following CVEs
[CVE-2020-0710]
[CVE-2020-0711]
[CVE-2020-0712]
[CVE-2020-0713]
[CVE-2020-0767]
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@pleath pleath pleath approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@akroshg @pleath @chakrabot @atulkatti @boingoing