mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-02-07 06:53:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update quickjs (#890)

Browse source 
Includes additional fixes from main repo's unmerged PRs:

 - quickjs#132: Fix undefined behavior: shift 32 bits for uint32_t in bf_set_ui
 - quickjs#171: Fix locale-aware representation of hours in Date class
 - quickjs#182: Fix stack overflow in CVE-2023-31922
This commit is contained in:
mataha 2023-11-30 19:51:16 +01:00 committed by GitHub
parent 4b7ba9a4c5
commit 879bb84244
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 2330 additions and 2182 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
third_party/quickjs/README.cosmo vendored
View file

@ -1,7 +1,16 @@
Source:
- https://bellard.org/quickjs/quickjs-2021-03-27.tar.xz
LOCAL CHANGES
Local Changes:
- Replace snprintf with xasprintf in find_unique_cname
- Squash uninitialized read of harnessbuf in run-test262.c
- Change run-test262.c to not rebase configured paths
- Replace snprintf with xasprintf in find_unique_cname
- Squash uninitialized read of harnessbuf in run-test262.c
- Change run-test262.c to not rebase configured paths
- https://github.com/bellard/quickjs/pull/132
- https://github.com/bellard/quickjs/pull/171
- https://github.com/bellard/quickjs/pull/182
SYNCHRONIZATION POINT (`--date=format:"%a %b %d %H:%M:%S %Y %z"`)
commit 2788d71e823b522b178db3b3660ce93689534e6d
Author: bellard <6490144+bellard@users.noreply.github.com>
Date: Sun Mar 06 19:00:24 2022 +0100
updated to Unicode 14.0.0

127
third_party/quickjs/array.c vendored
View file

@ -86,11 +86,19 @@ static int JS_CopySubArray(JSContext *ctx,
JSValueConst obj, int64_t to_pos,
int64_t from_pos, int64_t count, int dir)
{
int64_t i, from, to;
JSObject *p;
int64_t i, from, to, len;
JSValue val;
int fromPresent;
/* XXX: should special case fast arrays */
for (i = 0; i < count; i++) {
p = NULL;
if (JS_VALUE_GET_TAG(obj) == JS_TAG_OBJECT) {
p = JS_VALUE_GET_OBJ(obj);
if (p->class_id != JS_CLASS_ARRAY || !p->fast_array) {
p = NULL;
}
}
for(i = 0; i < count; ) {
if (dir < 0) {
from = from_pos + count - i - 1;
to = to_pos + count - i - 1;
@ -98,15 +106,43 @@ static int JS_CopySubArray(JSContext *ctx,
from = from_pos + i;
to = to_pos + i;
}
fromPresent = JS_TryGetPropertyInt64(ctx, obj, from, &val);
if (fromPresent < 0)
goto exception;
if (fromPresent) {
if (JS_SetPropertyInt64(ctx, obj, to, val) < 0)
goto exception;
if (p && p->fast_array &&
from >= 0 && from < (len = p->u.array.count) &&
to >= 0 && to < len) {
int64_t l, j;
/* Fast path for fast arrays. Since we don't look at the
prototype chain, we can optimize only the cases where
all the elements are present in the array. */
l = count - i;
if (dir < 0) {
l = min_int64(l, from + 1);
l = min_int64(l, to + 1);
for(j = 0; j < l; j++) {
set_value(ctx, &p->u.array.u.values[to - j],
JS_DupValue(ctx, p->u.array.u.values[from - j]));
}
} else {
l = min_int64(l, len - from);
l = min_int64(l, len - to);
for(j = 0; j < l; j++) {
set_value(ctx, &p->u.array.u.values[to + j],
JS_DupValue(ctx, p->u.array.u.values[from + j]));
}
}
i += l;
} else {
if (JS_DeletePropertyInt64(ctx, obj, to, JS_PROP_THROW) < 0)
fromPresent = JS_TryGetPropertyInt64(ctx, obj, from, &val);
if (fromPresent < 0)
goto exception;
if (fromPresent) {
if (JS_SetPropertyInt64(ctx, obj, to, val) < 0)
goto exception;
} else {
if (JS_DeletePropertyInt64(ctx, obj, to, JS_PROP_THROW) < 0)
goto exception;
}
i++;
}
}
return 0;
@ -1059,63 +1095,26 @@ JSValue js_array_push(JSContext *ctx, JSValueConst this_val, int argc, JSValueCo
int i;
int64_t len, from, newLen;
obj = JS_ToObject(ctx, this_val);
if (JS_VALUE_GET_TAG(obj) == JS_TAG_OBJECT) {
JSObject *p = JS_VALUE_GET_OBJ(obj);
if (p->class_id != JS_CLASS_ARRAY ||
!p->fast_array || !p->extensible)
goto generic_case;
/* length must be writable */
if (UNLIKELY(!(get_shape_prop(p->shape)->flags & JS_PROP_WRITABLE)))
goto generic_case;
/* check the length */
if (UNLIKELY(JS_VALUE_GET_TAG(p->prop[0].u.value) != JS_TAG_INT))
goto generic_case;
len = JS_VALUE_GET_INT(p->prop[0].u.value);
/* we don't support holes */
if (UNLIKELY(len != p->u.array.count))
goto generic_case;
newLen = len + argc;
if (UNLIKELY(newLen > INT32_MAX))
goto generic_case;
if (newLen > p->u.array.u1.size) {
if (expand_fast_array(ctx, p, newLen))
goto exception;
}
if (unshift && argc > 0) {
memmove(p->u.array.u.values + argc, p->u.array.u.values,
len * sizeof(p->u.array.u.values[0]));
from = 0;
} else {
from = len;
}
for(i = 0; i < argc; i++) {
p->u.array.u.values[from + i] = JS_DupValue(ctx, argv[i]);
}
p->u.array.count = newLen;
p->prop[0].u.value = JS_NewInt32(ctx, newLen);
} else {
generic_case:
if (js_get_length64(ctx, &len, obj))
if (js_get_length64(ctx, &len, obj))
goto exception;
newLen = len + argc;
if (newLen > MAX_SAFE_INTEGER) {
JS_ThrowTypeError(ctx, "Array loo long");
goto exception;
}
from = len;
if (unshift && argc > 0) {
if (JS_CopySubArray(ctx, obj, argc, 0, len, -1))
goto exception;
newLen = len + argc;
if (newLen > MAX_SAFE_INTEGER) {
JS_ThrowTypeError(ctx, "Array loo long");
goto exception;
}
from = len;
if (unshift && argc > 0) {
if (JS_CopySubArray(ctx, obj, argc, 0, len, -1))
goto exception;
from = 0;
}
for(i = 0; i < argc; i++) {
if (JS_SetPropertyInt64(ctx, obj, from + i,
JS_DupValue(ctx, argv[i])) < 0)
goto exception;
}
if (JS_SetProperty(ctx, obj, JS_ATOM_length, JS_NewInt64(ctx, newLen)) < 0)
from = 0;
}
for(i = 0; i < argc; i++) {
if (JS_SetPropertyInt64(ctx, obj, from + i, JS_DupValue(ctx, argv[i])) < 0)
goto exception;
}
if (JS_SetProperty(ctx, obj, JS_ATOM_length, JS_NewInt64(ctx, newLen)) < 0)
goto exception;
JS_FreeValue(ctx, obj);
return JS_NewInt64(ctx, newLen);
exception:

2
third_party/quickjs/date.c vendored
View file

@ -448,7 +448,7 @@ static JSValue get_date_string(JSContext *ctx, JSValueConst this_val,
break;
case 3:
pos += snprintf(buf + pos, sizeof(buf) - pos,
"%02d:%02d:%02d %cM", (h + 1) % 12 - 1, m, s,
"%02d:%02d:%02d %cM", (h + 11) % 12 + 1, m, s,
(h < 12) ? 'A' : 'P');
break;
}

6
third_party/quickjs/libbf.c vendored
View file

@ -240,8 +240,12 @@ int bf_set_ui(bf_t *r, uint64_t a)
a0 = a;
a1 = a >> 32;
shift = clz(a1);
/* shift < 32 because a > 0xffffffff */
r->tab[0] = a0 << shift;
r->tab[1] = (a1 << shift) | (a0 >> (LIMB_BITS - shift));
if (shift == 0)
r->tab[1] = a1;
else
r->tab[1] = (a1 << shift) | (a0 >> (LIMB_BITS - shift));
r->expn = 2 * LIMB_BITS - shift;
}
#endif

4289
third_party/quickjs/libunicode-table.inc vendored
View file

File diff suppressed because it is too large Load diff

26
third_party/quickjs/object.c vendored
View file

@ -652,6 +652,31 @@ static JSValue js_object_hasOwnProperty(JSContext *ctx, JSValueConst this_val,
return JS_NewBool(ctx, ret);
}
static JSValue js_object_hasOwn(JSContext *ctx, JSValueConst this_val,
int argc, JSValueConst *argv)
{
JSValue obj;
JSAtom atom;
JSObject *p;
BOOL ret;
obj = JS_ToObject(ctx, argv[0]);
if (JS_IsException(obj))
return obj;
atom = JS_ValueToAtom(ctx, argv[1]);
if (UNLIKELY(atom == JS_ATOM_NULL)) {
JS_FreeValue(ctx, obj);
return JS_EXCEPTION;
}
p = JS_VALUE_GET_OBJ(obj);
ret = JS_GetOwnPropertyInternal(ctx, NULL, p, atom);
JS_FreeAtom(ctx, atom);
JS_FreeValue(ctx, obj);
if (ret < 0)
return JS_EXCEPTION;
else
return JS_NewBool(ctx, ret);
}
static JSValue js_object_valueOf(JSContext *ctx, JSValueConst this_val,
int argc, JSValueConst *argv)
{
@ -1195,6 +1220,7 @@ static const JSCFunctionListEntry js_object_funcs[] = {
//JS_CFUNC_DEF("__getObjectData", 1, js_object___getObjectData ),
//JS_CFUNC_DEF("__setObjectData", 2, js_object___setObjectData ),
JS_CFUNC_DEF("fromEntries", 1, js_object_fromEntries ),
JS_CFUNC_DEF("hasOwn", 2, js_object_hasOwn ),
};
static const JSCFunctionListEntry js_object_proto_funcs[] = {

4
third_party/quickjs/proxy.c vendored
View file

@ -841,6 +841,10 @@ int js_proxy_isArray(JSContext *ctx, JSValueConst obj)
JSProxyData *s = JS_GetOpaque(obj, JS_CLASS_PROXY);
if (!s)
return FALSE;
if (js_check_stack_overflow(ctx->rt, 0)) {
JS_ThrowStackOverflow(ctx);
return -1;
}
if (s->is_revoked) {
JS_ThrowTypeErrorRevokedProxy(ctx);
return -1;

9
third_party/quickjs/quickjs.c vendored
View file

@ -4860,6 +4860,15 @@ BOOL JS_SetConstructorBit(JSContext *ctx, JSValueConst func_obj, BOOL val)
return TRUE;
}
BOOL JS_IsArrayBuffer(JSContext *ctx, JSValueConst val)
{
JSObject *p;
if (JS_VALUE_GET_TAG(val) != JS_TAG_OBJECT)
return FALSE;
p = JS_VALUE_GET_OBJ(val);
return (p->class_id == JS_CLASS_ARRAY_BUFFER || p->class_id == JS_CLASS_SHARED_ARRAY_BUFFER);
}
BOOL JS_IsError(JSContext *ctx, JSValueConst val)
{
JSObject *p;

1
third_party/quickjs/quickjs.h vendored
View file

@ -683,6 +683,7 @@ JSValue JS_NewObject(JSContext *ctx);
JS_BOOL JS_IsFunction(JSContext* ctx, JSValueConst val);
JS_BOOL JS_IsConstructor(JSContext* ctx, JSValueConst val);
JS_BOOL JS_SetConstructorBit(JSContext *ctx, JSValueConst func_obj, JS_BOOL val);
JS_BOOL JS_IsArrayBuffer(JSContext *ctx, JSValueConst val);
JSValue JS_NewArray(JSContext *ctx);
int JS_IsArray(JSContext *ctx, JSValueConst val);

10
third_party/quickjs/test262.conf vendored
View file

@ -51,6 +51,7 @@ testdir=/opt/test262/test
AggregateError
align-detached-buffer-semantics-with-web-reality
arbitrary-module-namespace-names=skip
array-find-from-last=skip
Array.prototype.at=skip
Array.prototype.flat
Array.prototype.flatMap
@ -66,8 +67,10 @@ BigInt
caller
class
class-fields-private
class-fields-private-in=skip
class-fields-public
class-methods-private
class-static-block=skip
class-static-fields-public
class-static-fields-private
class-static-methods-private
@ -89,6 +92,7 @@ default-parameters
destructuring-assignment
destructuring-binding
dynamic-import
error-cause=skip
export-star-as-namespace-from-module
FinalizationGroup=skip
FinalizationRegistry=skip
@ -102,10 +106,12 @@ globalThis
hashbang
host-gc-required=skip
import.meta
import-assertions=skip
Int16Array
Int32Array
Int8Array
IsHTMLDDA
json-modules=skip
json-superset
legacy-regexp=skip
let
@ -116,6 +122,7 @@ numeric-separator-literal
object-rest
object-spread
Object.fromEntries
Object.hasOwn
Object.is
optional-catch-binding
optional-chaining
@ -134,8 +141,10 @@ regexp-lookbehind
regexp-match-indices=skip
regexp-named-groups
regexp-unicode-property-escapes
resizable-arraybuffer=skip
rest-parameters
Set
ShadowRealm=skip
SharedArrayBuffer
string-trimming
String.fromCodePoint
@ -164,6 +173,7 @@ Symbol.toStringTag
Symbol.unscopables
tail-call-optimization=skip
template
Temporal=skip
top-level-await=skip
TypedArray
TypedArray.prototype.at=skip

12
third_party/quickjs/unicode_download.sh vendored
View file

@ -1,7 +1,7 @@
#!/bin/sh
set -e
url="ftp://ftp.unicode.org/Public/13.0.0/ucd"
url="ftp://ftp.unicode.org/Public/14.0.0/ucd"
emoji_url="${url}/emoji/emoji-data.txt"
files="CaseFolding.txt DerivedNormalizationProps.txt PropList.txt \
@ -11,9 +11,9 @@ PropertyValueAliases.txt"
mkdir -p unicode
#for f in $files; do
# g="${url}/${f}"
# wget $g -O unicode/$f
#done
for f in $files; do
g="${url}/${f}"
wget $g -O unicode/$f
done
wget $emoji_url -O unicode/emoji-data.txt

5
third_party/quickjs/unicode_gen_def.inc vendored
View file

@ -72,6 +72,7 @@ DEF(Coptic, "Copt,Qaac")
DEF(Cuneiform, "Xsux")
DEF(Cypriot, "Cprt")
DEF(Cyrillic, "Cyrl")
DEF(Cypro_Minoan, "Cpmn")
DEF(Deseret, "Dsrt")
DEF(Devanagari, "Deva")
DEF(Dives_Akuru, "Diak")
@ -154,6 +155,7 @@ DEF(Old_Persian, "Xpeo")
DEF(Old_Sogdian, "Sogo")
DEF(Old_South_Arabian, "Sarb")
DEF(Old_Turkic, "Orkh")
DEF(Old_Uyghur, "Ougr")
DEF(Oriya, "Orya")
DEF(Osage, "Osge")
DEF(Osmanya, "Osma")
@ -192,8 +194,11 @@ DEF(Thai, "Thai")
DEF(Tibetan, "Tibt")
DEF(Tifinagh, "Tfng")
DEF(Tirhuta, "Tirh")
DEF(Tangsa, "Tnsa")
DEF(Toto, "Toto")
DEF(Ugaritic, "Ugar")
DEF(Vai, "Vaii")
DEF(Vithkuqi, "Vith")
DEF(Wancho, "Wcho")
DEF(Warang_Citi, "Wara")
DEF(Yezidi, "Yezi")