CARVIEW |
Select Language
HTTP/2 301
date: Tue, 22 Jul 2025 07:40:36 GMT
content-length: 0
location: https://github.com/chakra-core/ChakraCore/pull/3729
server-timing: nginx;desc="NGINX";dur=1.620115,glb;desc="GLB";dur=101.824996
x-voltron-version: fd8fbbc
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
set-cookie: _gh_sess=3oTQqxHHx8rPtkV%2Bz9vmztbKmiOeyrSP%2Fq7FVwybzSIr4RlhSiIr%2BvLbTyZmLV4oWfMw0m0m0TIvv7mFX94l4ZPAva0XWtMgE5O9tWsv4jgM5j91YpbSAH1HKfmcXUFtQDfToKeOP5q6Re1Id6smZ1XRkobyPgLj58gYWVMD5KIhBxFT3mr6Ue4fmyPP%2B50ufSZE%2F%2FF7yBmWI9qaSo3YuY800zGxLGzykIhswfFVlGRanpMT%2FcyroCA57TYyE7HDU5IR8F2lbDldH3dCmIfUeg%3D%3D--OEbjKo8FcYmuQ9i6--pIxNKwpGS5kZ8zGB95aTng%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.704195549.1753170036; Path=/; Domain=github.com; Expires=Wed, 22 Jul 2026 07:40:36 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Wed, 22 Jul 2026 07:40:36 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: A8D6:3CA19F:2B9794:308E8A:687F4074
HTTP/2 200
date: Tue, 22 Jul 2025 07:40:37 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
referrer-policy: no-referrer-when-downgrade
server-timing: pull_request_layout-fragment;desc="pull_request_layout fragment";dur=310.91499,conversation_content-fragment;desc="conversation_content fragment";dur=630.426064,conversation_sidebar-fragment;desc="conversation_sidebar fragment";dur=336.933532,nginx;desc="NGINX";dur=1.281871,glb;desc="GLB";dur=102.167941
strict-transport-security: max-age=31536000; includeSubdomains; preload
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
x-content-type-options: nosniff
x-frame-options: deny
x-voltron-version: fd8fbbc
x-xss-protection: 0
server: github.com
content-encoding: gzip
accept-ranges: bytes
x-github-request-id: A8D6:3CA19F:2B97F8:308EE4:687F4074
17-09 ChakraCore servicing release by suwc · Pull Request #3729 · chakra-core/ChakraCore · GitHub
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
17-09 ChakraCore servicing release #3729
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
chakrabot
merged 15 commits into
chakra-core:release/1.7
from
suwc:build/suwc/1709B_1.7
Sep 14, 2017
Merged
17-09 ChakraCore servicing release #3729
chakrabot
merged 15 commits into
chakra-core:release/1.7
from
suwc:build/suwc/1709B_1.7
Sep 14, 2017
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rvative) fix for this issue relied on marking scopes as containing 'with'. But because block scopes are created lazily, we can miss the opportunity to mark a scope. Instead, implementing a more accurate fix that marks symbols that are referenced from within 'with' statements as needing scope objects if they are closure-captured.
…bjectDictionary type
This is the case where array's length is bigger than head segment's length. Fixed that by putting proper check.
We are incorrectly assuming an object literal to be a pattern. Because we have one local variable when we are parsing the member short we have changed the state. Fixed that by restoring it back.
In ReverseHelper call to ReallocateNonLeafLastSegmentIfLeaf can throw which leaves the lastUsedSegment wrongly pointed to the unlinked segment. Fixed that by putting AutoFailFast error.
The peephole optimizer fails to invalidate both arguments to XCHG instructions, which can lead subsequent passes (notably copy propagation) to refer to the XCHG op's second arg, assuming it will get that register's original value. Fixed that by invalidating both arguments. # Conflicts: # test/Bugs/rlexe.xml
…expression symbol is captured If a split scope happens because of the function expression being captured then the param scope may not have any locals in closure as the function expression symbol belongs to the function expression scope. In this case we don't have to instantiate the param scope in split scope.
We used this memcpy to put the references on the stack so that the GC wouldn't free them; the compiler figured out that it could take the memcpy and the stack buffer out completely (by spec). Actually passing it around fixes this issue.
CustomExternalObjects can override the enumeration operations to have side effects. In such a case, an object can be passed to an invocation of JSON::Stringify, leading to stack values being used inappropriately.
chakrabot
pushed a commit
that referenced
this pull request
Sep 14, 2017
Merge pull request #3729 from suwc:build/suwc/1709B_1.7 [CVE-2017-8741]: Limit JSON Stringify Loop to Initialized Portion [CVE-2017-8748] Fix UAF caused by GC during bailout [CVE-2017-11767] Do not instantiate param scope if only the function expression symbol is captured [CVE-2017-8756] JIT peephole optimization error [CVE-2017-8753] Array Reverse OOM RCE [CVE-2017-8729] incorrect object pattern. [CVE-2017-8739] buffer overread IsMissingItem. [CVE-2017-8751]Type confusion casting undefined with TypeOfPrototypeObjectDictionary type [CVE-2017-8757]RCE on Windows Insider Preview [CVE-2017-11764]Parser::ParseCatch doesn't handle "eval" [CVE-2017-8660] Uninitialized local variables [CVE-2017-8755] Fail fast if we can't reparse asm.js module after linking failure [CVE-2017-8649] Bytecode tempering mitigation code accidently turned off - Internal [CVE-2017-8740] Fix bad byte code gen for 'with'. [CVE-2017-8752]fix missing bound check in asm.js in case of constant negative index
chakrabot
pushed a commit
that referenced
this pull request
Sep 14, 2017
Merge pull request #3729 from suwc:build/suwc/1709B_1.7 [CVE-2017-8741]: Limit JSON Stringify Loop to Initialized Portion [CVE-2017-8748] Fix UAF caused by GC during bailout [CVE-2017-11767] Do not instantiate param scope if only the function expression symbol is captured [CVE-2017-8756] JIT peephole optimization error [CVE-2017-8753] Array Reverse OOM RCE [CVE-2017-8729] incorrect object pattern. [CVE-2017-8739] buffer overread IsMissingItem. [CVE-2017-8751]Type confusion casting undefined with TypeOfPrototypeObjectDictionary type [CVE-2017-8757]RCE on Windows Insider Preview [CVE-2017-11764]Parser::ParseCatch doesn't handle "eval" [CVE-2017-8660] Uninitialized local variables [CVE-2017-8755] Fail fast if we can't reparse asm.js module after linking failure [CVE-2017-8649] Bytecode tempering mitigation code accidently turned off - Internal [CVE-2017-8740] Fix bad byte code gen for 'with'. [CVE-2017-8752]fix missing bound check in asm.js in case of constant negative index
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
You can’t perform that action at this time.
[CVE-2017-8741]: Limit JSON Stringify Loop to Initialized Portion
[CVE-2017-8748] Fix UAF caused by GC during bailout
[CVE-2017-11767] Do not instantiate param scope if only the function expression symbol is captured
[CVE-2017-8756] JIT peephole optimization error
[CVE-2017-8753] Array Reverse OOM RCE
[CVE-2017-8729] incorrect object pattern.
[CVE-2017-8739] buffer overread IsMissingItem.
[CVE-2017-8751]Type confusion casting undefined with TypeOfPrototypeObjectDictionary type
[CVE-2017-8757]RCE on Windows Insider Preview
[CVE-2017-11764]Parser::ParseCatch doesn't handle "eval"
[CVE-2017-8660] Uninitialized local variables
[CVE-2017-8755] Fail fast if we can't reparse asm.js module after linking failure
[CVE-2017-8649] Bytecode tempering mitigation code accidently turned off - Internal
[CVE-2017-8740] Fix bad byte code gen for 'with'.
[CVE-2017-8752]fix missing bound check in asm.js in case of constant negative index