[MERGE #6328 @boingoing] ChakraCore servicing update for 19-11

Merge pull request #6328 from boingoing:servicing/1911 Addresses the following issues: CVE-2019-1426 CVE-2019-1427 CVE-2019-1428
chakra-core · Nov 12, 2019 · febc6a8 · febc6a8
2 parents 01215c5 + ab9165a
commit febc6a8
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 4 deletions.
diff --git a/Build/NuGet/.pack-version b/Build/NuGet/.pack-version
@@ -1 +1 @@
-1.11.14
+1.11.15
diff --git a/lib/Backend/GlobOptFields.cpp b/lib/Backend/GlobOptFields.cpp
@@ -250,7 +250,8 @@ GlobOpt::KillLiveElems(IR::IndirOpnd * indirOpnd, IR::Opnd * valueOpnd, BVSparse
             IR::RegOpnd *baseOpnd = indirOpnd->GetBaseOpnd();
             Value * baseValue = baseOpnd ? this->currentBlock->globOptData.FindValue(baseOpnd->m_sym) : nullptr;
             ValueInfo * baseValueInfo = baseValue ? baseValue->GetValueInfo() : nullptr;
-            if (!baseValueInfo || !baseValueInfo->IsNotNativeArray())
+            if (!baseValueInfo || !baseValueInfo->IsNotNativeArray() || 
+                (this->IsLoopPrePass() && !this->IsSafeToTransferInPrepass(baseOpnd->m_sym, baseValueInfo)))
             {
                 if (this->currentBlock->globOptData.maybeWrittenTypeSyms == nullptr)
                 {

diff --git a/lib/Backend/GlobOptIntBounds.cpp b/lib/Backend/GlobOptIntBounds.cpp
@@ -803,7 +803,7 @@ void GlobOpt::TrackIntSpecializedAddSubConstant(
 
                 // Ensure that the sym is live in the landing pad, and that its value has not changed in an unknown way yet
                 Value *const landingPadValue = currentBlock->loop->landingPad->globOptData.FindValue(sym);
-                if(!landingPadValue || srcValueNumber != landingPadValue->GetValueNumber())
+                if(!landingPadValue || srcValueNumber != landingPadValue->GetValueNumber() || currentBlock->loop->symsDefInLoop->Test(sym->m_id))
                 {
                     updateInductionVariableValueNumber = false;
                     break;

diff --git a/lib/Common/ChakraCoreVersion.h b/lib/Common/ChakraCoreVersion.h
@@ -17,7 +17,7 @@
 // ChakraCore version number definitions (used in ChakraCore binary metadata)
 #define CHAKRA_CORE_MAJOR_VERSION 1
 #define CHAKRA_CORE_MINOR_VERSION 11
-#define CHAKRA_CORE_PATCH_VERSION 14
+#define CHAKRA_CORE_PATCH_VERSION 15
 #define CHAKRA_CORE_VERSION_RELEASE_QFE 0 // Redundant with PATCH_VERSION. Keep this value set to 0.
 
 // -------------

diff --git a/lib/Parser/Parse.cpp b/lib/Parser/Parse.cpp
@@ -9506,6 +9506,15 @@ ParseNodeCatch * Parser::ParseCatch()
             GetCurrentBlock()->SetChildCallsEval(true);
         }
 
+        if (pnodeCatchScope->GetCallsEval())
+        {
+            pnodeBody->AsParseNodeBlock()->SetCallsEval(true);
+        }
+        if (pnodeCatchScope->GetChildCallsEval())
+        {
+            pnodeBody->AsParseNodeBlock()->SetChildCallsEval(true);
+        }
+
         if (buildAST)
         {
             PopStmt(&stmt);