Skip to content

17-07 ChakraCore servicing release#3341

Merged
chakrabot merged 12 commits into
release/1.5from
pr/akroshg/1707
Jul 13, 2017
Merged

17-07 ChakraCore servicing release#3341
chakrabot merged 12 commits into
release/1.5from
pr/akroshg/1707

Conversation

@akroshg

@akroshg akroshg commented Jul 13, 2017

Copy link
Copy Markdown
Contributor

akroshg and others added 9 commits July 10, 2017 16:43
@akroshg
[CVE-2017-8619] Put failfast error on the OOM exception on certain pl…
f780a11 
…aces in the array APIs
[CVE-2017-8606, CVE-2017-8608] DictionaryTypeHandler nextPropertyInde…
7c3214e 
…x++ overflow
[CVE-2017-8607] DictionaryTypeHandler property descriptor may contain…
e40a34f 
… invalid index

Pre-reserve potentially needed slots upfront.
@rajatd
[CVE-2017-8610] Prevent loading bad function object for inlinees
f979536
[CVE-2017-8598] Uninitialized 'this' register
3915540
@pleath
[CVE-2017-8601] Generate bailouts for cases of typed array stores whe…
9326bda 
…re conversion of the source value can cause implicit calls. For BailOutOnImplicitCalls, check implicit call bit on return from the conversion helper. For BailOutOnArrayAccessHelperCall, bail out instead of calling the conversion helper.
@pleath
[CVE-2017-8609] On object pointer copy prop, check for mismatch betwe…
2e514d7 
…en new pointer symbol and existing object type spec info. If there is a mismatch, then stale ObjTypeSpecFldInfo may lead to jitted code that accesses a bad address, so disable optimization of this load/store.
@Cellule
[CVE-2017-8604] Fix for stack allocation for asm.js/wasm
6999714
@Cellule
[CVE-2017-8603] Change how we handle return value for asm.js/wasm int…
8fafa37 
…erpreter

Prevents having to use the interpreterStackFrame outside of InterpreterHelper
@akroshg

akroshg commented Jul 13, 2017

Copy link
Copy Markdown
Contributor Author

@rajatd @suwc @Cellule @pleath @jianchun Please have a look

@akroshg

akroshg commented Jul 13, 2017

Copy link
Copy Markdown
Contributor Author

@Penguinwizzard @kfarnung FYI...

@suwc

suwc commented Jul 13, 2017

Copy link
Copy Markdown

LGTM. [CVE-2017-8598]

@jianchun

jianchun commented Jul 13, 2017

Copy link
Copy Markdown

LGTM (8606, 8607, 8608)

@Cellule

Cellule commented Jul 13, 2017

Copy link
Copy Markdown
Contributor

LGTM [CVE-2017-8603] [CVE-2017-8604]

@Cellule Cellule mentioned this pull request Jul 13, 2017
Closed
@rajatd

rajatd commented Jul 13, 2017

Copy link
Copy Markdown
Contributor

LGTM wrt CVE-2017-8610

@MSLaguana

MSLaguana commented Jul 13, 2017

Copy link
Copy Markdown
Contributor

Looks like there's an asmjs test failure on osx, and some prefast warnings on windows, in addition to copyright/line ending complaints.

@akroshg

akroshg commented Jul 13, 2017

Copy link
Copy Markdown
Contributor Author

@MSLaguana yes working on it.

@pleath

pleath commented Jul 13, 2017 via email

Copy link
Copy Markdown
Contributor

@akroshg

akroshg commented Jul 13, 2017

Copy link
Copy Markdown
Contributor Author

@pleath yes.
looking at OSX problem now.

@akroshg

akroshg commented Jul 13, 2017

Copy link
Copy Markdown
Contributor Author

For asmJs @Cellule can you take a look?

@Cellule

Cellule commented Jul 13, 2017

Copy link
Copy Markdown
Contributor

We should add exclude_xplat to my new asm.js test. It is hitting issue #2378

@chakrabot chakrabot merged commit 9940903 into release/1.5 Jul 13, 2017
chakrabot pushed a commit that referenced this pull request Jul 13, 2017
@akroshg
[MERGE #3341 @akroshg] 17-07 ChakraCore servicing release
bd1dba2 
Merge pull request #3341 from pr/akroshg/1707

Fixes the following CVEs impacting ChakraCore

CVE-2017-8598
CVE-2017-8601
CVE-2017-8603
CVE-2017-8604
CVE-2017-8606
CVE-2017-8607
CVE-2017-8608
CVE-2017-8609
CVE-2017-8610
CVE-2017-8619
@akroshg

akroshg commented Jul 13, 2017

Copy link
Copy Markdown
Contributor Author

Thanks guys!

chakrabot pushed a commit that referenced this pull request Jul 13, 2017
@akroshg
[1.5>1.6] [MERGE #3341 @akroshg] 17-07 ChakraCore servicing release
bf6ae64 
Merge pull request #3341 from pr/akroshg/1707

Fixes the following CVEs impacting ChakraCore

CVE-2017-8598
CVE-2017-8601
CVE-2017-8603
CVE-2017-8604
CVE-2017-8606
CVE-2017-8607
CVE-2017-8608
CVE-2017-8609
CVE-2017-8610
CVE-2017-8619
chakrabot pushed a commit that referenced this pull request Jul 13, 2017
@akroshg
[1.6>1.7] [1.5>1.6] [MERGE #3341 @akroshg] 17-07 ChakraCore servicing…
3790013 
… release

Merge pull request #3341 from pr/akroshg/1707

Fixes the following CVEs impacting ChakraCore

CVE-2017-8598
CVE-2017-8601
CVE-2017-8603
CVE-2017-8604
CVE-2017-8606
CVE-2017-8607
CVE-2017-8608
CVE-2017-8609
CVE-2017-8610
CVE-2017-8619
chakrabot pushed a commit that referenced this pull request Jul 13, 2017
@akroshg
[1.7>master] [1.6>1.7] [1.5>1.6] [MERGE #3341 @akroshg] 17-07 ChakraC…
cbaa019 
…ore servicing release

Merge pull request #3341 from pr/akroshg/1707

Fixes the following CVEs impacting ChakraCore

CVE-2017-8598
CVE-2017-8601
CVE-2017-8603
CVE-2017-8604
CVE-2017-8606
CVE-2017-8607
CVE-2017-8608
CVE-2017-8609
CVE-2017-8610
CVE-2017-8619
@rajatd rajatd mentioned this pull request Jul 14, 2017
Closed
@obastemur obastemur deleted the pr/akroshg/1707 branch January 30, 2018 22:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@pleath pleath pleath approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@akroshg @suwc @jianchun @Cellule @rajatd @MSLaguana @pleath @msftclas @chakrabot