From b67808c729a43e0da295fe0efcaa589340d4acfe Mon Sep 17 00:00:00 2001 From: Michael Holman Date: Mon, 7 Oct 2019 16:29:12 -0700 Subject: [PATCH 1/4] [CVE-2019-1427] --- lib/Backend/GlobOptIntBounds.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Backend/GlobOptIntBounds.cpp b/lib/Backend/GlobOptIntBounds.cpp index 8e5edc30508..490ac1519d5 100644 --- a/lib/Backend/GlobOptIntBounds.cpp +++ b/lib/Backend/GlobOptIntBounds.cpp @@ -803,7 +803,7 @@ void GlobOpt::TrackIntSpecializedAddSubConstant( // Ensure that the sym is live in the landing pad, and that its value has not changed in an unknown way yet Value *const landingPadValue = currentBlock->loop->landingPad->globOptData.FindValue(sym); - if(!landingPadValue || srcValueNumber != landingPadValue->GetValueNumber()) + if(!landingPadValue || srcValueNumber != landingPadValue->GetValueNumber() || currentBlock->loop->symsDefInLoop->Test(sym->m_id)) { updateInductionVariableValueNumber = false; break; From d2de5fecf783a07a3c7cde0d8fc58091d91bb272 Mon Sep 17 00:00:00 2001 From: Taylor Woll Date: Tue, 8 Oct 2019 18:17:53 -0700 Subject: [PATCH 2/4] [CVE-2019-1428] --- lib/Parser/Parse.cpp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lib/Parser/Parse.cpp b/lib/Parser/Parse.cpp index 518457b8e6d..8d045e2635a 100644 --- a/lib/Parser/Parse.cpp +++ b/lib/Parser/Parse.cpp @@ -9506,6 +9506,15 @@ ParseNodeCatch * Parser::ParseCatch() GetCurrentBlock()->SetChildCallsEval(true); } + if (pnodeCatchScope->GetCallsEval()) + { + pnodeBody->AsParseNodeBlock()->SetCallsEval(true); + } + if (pnodeCatchScope->GetChildCallsEval()) + { + pnodeBody->AsParseNodeBlock()->SetChildCallsEval(true); + } + if (buildAST) { PopStmt(&stmt); From fd5d5cf004758b315952c5c1e3dc81c4bee6c27b Mon Sep 17 00:00:00 2001 From: Paul Leathers Date: Mon, 9 Sep 2019 16:55:11 -0700 Subject: [PATCH 3/4] [CVE-2019-1426] --- lib/Backend/GlobOptFields.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/Backend/GlobOptFields.cpp b/lib/Backend/GlobOptFields.cpp index e91c89f995e..56d000fac9b 100644 --- a/lib/Backend/GlobOptFields.cpp +++ b/lib/Backend/GlobOptFields.cpp @@ -250,7 +250,8 @@ GlobOpt::KillLiveElems(IR::IndirOpnd * indirOpnd, IR::Opnd * valueOpnd, BVSparse IR::RegOpnd *baseOpnd = indirOpnd->GetBaseOpnd(); Value * baseValue = baseOpnd ? this->currentBlock->globOptData.FindValue(baseOpnd->m_sym) : nullptr; ValueInfo * baseValueInfo = baseValue ? baseValue->GetValueInfo() : nullptr; - if (!baseValueInfo || !baseValueInfo->IsNotNativeArray()) + if (!baseValueInfo || !baseValueInfo->IsNotNativeArray() || + (this->IsLoopPrePass() && !this->IsSafeToTransferInPrepass(baseOpnd->m_sym, baseValueInfo))) { if (this->currentBlock->globOptData.maybeWrittenTypeSyms == nullptr) { From ab9165a19c338227182065db6f170c5d03b458ff Mon Sep 17 00:00:00 2001 From: Taylor Woll Date: Wed, 9 Oct 2019 11:47:53 -0700 Subject: [PATCH 4/4] Update version to 1.11.15 --- Build/NuGet/.pack-version | 2 +- lib/Common/ChakraCoreVersion.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Build/NuGet/.pack-version b/Build/NuGet/.pack-version index 3c3b474f3fc..97ba4c9069f 100644 --- a/Build/NuGet/.pack-version +++ b/Build/NuGet/.pack-version @@ -1 +1 @@ -1.11.14 +1.11.15 diff --git a/lib/Common/ChakraCoreVersion.h b/lib/Common/ChakraCoreVersion.h index 3acf93ea50d..3cb11ff51ad 100644 --- a/lib/Common/ChakraCoreVersion.h +++ b/lib/Common/ChakraCoreVersion.h @@ -17,7 +17,7 @@ // ChakraCore version number definitions (used in ChakraCore binary metadata) #define CHAKRA_CORE_MAJOR_VERSION 1 #define CHAKRA_CORE_MINOR_VERSION 11 -#define CHAKRA_CORE_PATCH_VERSION 14 +#define CHAKRA_CORE_PATCH_VERSION 15 #define CHAKRA_CORE_VERSION_RELEASE_QFE 0 // Redundant with PATCH_VERSION. Keep this value set to 0. // -------------