Dev builds synced with nextgen source by github
Find a file
Nick Vatamaniuc 6b3bed1740
Fix stack overflow in CVE-2023-31922 (#157)
isArray and proxy isArray can call each other indefinitely in a mutually
recursive loop.

Add a stack overflow check in the js_proxy_isArray function before calling
`JS_isArray(ctx, s->target)`.

Original issue: https://github.com/bellard/quickjs/issues/178
CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-31922
2023-12-01 16:31:36 +01:00
.github/workflows Add Emscripten target to CI 2023-11-30 21:29:51 +01:00
doc Handle serialization endianness transparently (#152) 2023-11-28 22:49:01 +01:00
examples Make JS_NewClassID thread aware 2023-11-21 07:02:34 +01:00
test262@c1281dba45 Enable test262 on CI (#11) 2023-11-04 10:27:57 +01:00
tests Fix stack overflow in CVE-2023-31922 (#157) 2023-12-01 16:31:36 +01:00
.gitignore Update .gitignore 2023-11-17 23:01:40 +01:00
.gitmodules Enable test262 on CI (#11) 2023-11-04 10:27:57 +01:00
CMakeLists.txt Add Emscripten target to CI 2023-11-30 21:29:51 +01:00
cutils.c Add support for building with ClangCL on Windows 2023-11-30 01:23:09 +01:00
cutils.h Add support for building with ClangCL on Windows 2023-11-30 01:23:09 +01:00
dirent_compat.h Add support for building with ClangCL on Windows 2023-11-30 01:23:09 +01:00
getopt_compat.h Add support for building with ClangCL on Windows 2023-11-30 01:23:09 +01:00
libbf.c Remove dead code (#87) 2023-11-18 19:14:24 +01:00
libbf.h Add support for building with ClangCL on Windows 2023-11-30 01:23:09 +01:00
libregexp-opcode.h Optimize RegExp ASCII literal matching (#94) 2023-11-19 17:26:45 +01:00
libregexp.c Fix null pointer arithmetic UB in libregexp (#136) 2023-11-29 14:43:02 +01:00
libregexp.h Implement RegExp serialization (#153) 2023-11-29 08:50:53 +01:00
libunicode-table.h Drop CONFIG_ALL_UNICODE and enable it by default 2023-11-20 10:52:04 +01:00
libunicode.c Drop CONFIG_ALL_UNICODE and enable it by default 2023-11-20 10:52:04 +01:00
libunicode.h Drop CONFIG_ALL_UNICODE and enable it by default 2023-11-20 10:52:04 +01:00
LICENSE Add copyright notices (#51) 2023-11-12 22:42:07 +01:00
list.h Remove trailing whitespace (#46) 2023-11-12 10:01:40 +01:00
Makefile Simplify CMake invocation 2023-11-28 09:30:45 +01:00
qjs.c Add support for building with ClangCL on Windows 2023-11-30 01:23:09 +01:00
qjsc.c Add support for building with ClangCL on Windows 2023-11-30 01:23:09 +01:00
quickjs-atom.h Implement WeakRef 2023-11-28 13:26:33 +01:00
quickjs-c-atomics.h Enable support for GCC compler v < 4.9 2023-11-29 09:22:27 +01:00
quickjs-libc.c Re-enable stack depth checks under ASan (#161) 2023-11-30 22:18:23 +01:00
quickjs-libc.h Remove trailing whitespace (#46) 2023-11-12 10:01:40 +01:00
quickjs-opcode.h Implement polymorphic inline caches (#120) 2023-11-29 09:12:02 +01:00
quickjs.c Fix stack overflow in CVE-2023-31922 (#157) 2023-12-01 16:31:36 +01:00
quickjs.h Replace JS_NewFloat64() calls with js_float64() 2023-11-29 23:38:01 +01:00
README.md Remove old project files 2023-11-17 23:55:43 +01:00
repl.js Fix repl autocompletion for regexp with flags 2023-11-24 20:57:03 +01:00
run-test262.c Re-enable stack depth checks under ASan (#161) 2023-11-30 22:18:23 +01:00
test262.conf Implement WeakRef 2023-11-28 13:26:33 +01:00
test262_errors.txt Prohibit freezing/sealing module namespace objects (#160) 2023-11-30 00:42:36 +01:00
unicode_download.sh updated to Unicode 14.0.0 2022-03-06 19:00:24 +01:00
unicode_gen.c Drop CONFIG_ALL_UNICODE and enable it by default 2023-11-20 10:52:04 +01:00
unicode_gen_def.h Update to Unicode 15.0.0 (#89) 2023-11-18 22:29:53 +01:00

QuickJS - A mighty JavaScript engine

Friendly QuickJS fork focused on reigniting the project.

🚧 Work in progress.