August 2018 Security Update #5596
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…tion - Google, Inc
aneeshdk
requested review from
meg-gupta,
pleath,
digitalinfinity,
sethbrenith,
aruneshchandra,
akroshg,
rajatd,
atulkatti,
MikeHolman and
MSLaguana
|
LGTM |
sethbrenith
reviewed
Aug 14, 2018
| @@ -221,6 +244,20 @@ using namespace Js; | |||
| this->GetScriptFunctionType()->ChangeEntryPoint(entryPointInfo, entryPoint, isAsmJS); | |||
There was a problem hiding this comment.
We lost a bit here because it moved to a different file. No functional difference but we can avoid some duplication and prevent further merge conflicts when this payload goes to Windows: https://devdiv.visualstudio.com/DevDiv/Chakra/_git/ChakraCore/pullrequest/136749?_a=overview #Resolved
MSLaguana
reviewed
Aug 14, 2018
Build/NuGet/.pack-version
Outdated
| @@ -1 +1 @@ | |||
| 1.10.1 | |||
| 1.10.2-rc | |||
There was a problem hiding this comment.
Can you please rebase this commit to remove the -rc and update the commit message?
MikeHolman
approved these changes
Aug 14, 2018
meg-gupta
approved these changes
Aug 14, 2018
pleath
approved these changes
Aug 14, 2018
…lid pointer read - Internal When merging block data for loops, we may have data from one edge that a sym is non-temp, but from a different edge we know that there is a temp transfer dependency on that sym. This leads to an inconsistency between the sets where we can treat a non-temp sym as a temp. To solve this, I've changed so that when we merge data we check if any transfer dependency sets have a non-temp sym, and if so it should also be treated as non-temp.
When deciding if we can eliminate a bound check we check if the max value for the index is less than the min value for the length. If this is true, we can remove the bound check. In the code we were testing if indexUpperBound <= lengthLowerBound + (-1 - indexLowerBound). If the index lower bound is less than 0 (e.g. if it is INT_MIN because we don't know the range), we may incorrectly eliminate bound checks. This was essentially never kicking in, so I removed the condition altogether.
… OOB read/write - Internal
…e::SetAttributesHelper - Google, Inc.
…bjectSlotGetter Marshalling should not be re-entrant. But due to proxy in the prototype chain - we could have prototype trap invoked and things can get worse from there. We had put no-reentrancy macro in there but that protect us on RS3 and up. In order to fix this, we need to check if the current object is proxy or not - in that case break the chain.
aneeshdk
force-pushed
the
servicing/1808_1.10
branch
from
f4c79b0
to
1452676
Compare
aneeshdk
force-pushed
the
servicing/1808_1.10
branch
from
1452676
to
cd84156
Compare
chakrabot
pushed a commit
that referenced
this pull request
Aug 15, 2018
Merge pull request #5596 from aneeshdk:servicing/1808_1.10 This update address the following issues in ChakraCore.dll : CVE-2018-8380, CVE-2018-8359, CVE-2018-8385, CVE-2018-8390, CVE-2018-8266, CVE-2018-8384, CVE-2018-8372, CVE-2018-8355 and CVE-2018-8381
chakrabot
pushed a commit
that referenced
this pull request
Aug 15, 2018
Merge pull request #5596 from aneeshdk:servicing/1808_1.10 This update address the following issues in ChakraCore.dll : CVE-2018-8380, CVE-2018-8359, CVE-2018-8385, CVE-2018-8390, CVE-2018-8266, CVE-2018-8384, CVE-2018-8372, CVE-2018-8355 and CVE-2018-8381
This was referenced Nov 29, 2021
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This update address the following issues in ChakraCore.dll : CVE-2018-8380, CVE-2018-8359, CVE-2018-8385, CVE-2018-8390, CVE-2018-8266, CVE-2018-8384, CVE-2018-8372, CVE-2018-8355 and CVE-2018-8381