| commit | 5ed29856cf884af8dcefe9528162274a27c8da52 | [log] [tgz] | 
|---|---|---|
| author | Rajesh <62034265+rajeshpeter@users.noreply.github.com> | Tue May 12 21:39:27 2020 | 
| committer | Rajesh <62034265+rajeshpeter@users.noreply.github.com> | Tue May 12 21:39:27 2020 | 
| tree | b91072f001f4832358306a7f1a0296cfa8a3b288 | |
| parent | 473286e7e4cc1957aee6a57a630dbf1121d01567 [diff] | |
| parent | 7af2bf217b9c68799b5f5fb5a90dc389df72020c [diff] | 
[MERGE #6447 @rajeshpeter] ChakraCore Servicing Update for 2020.05B Merge pull request #6447 from rajeshpeter:servicing/2005 **Changes to address the following issues:** **[CVE-2020-1037]** Ensure JIT bails out when there is an object marked as temporary during an implicit call, to prevent objects stored on the stack to be used outside of the function. This is done by preventing removal of the Bailout instruction for that case during the DeadStore pass of GlobOpt. **[CVE-2020-1065]** A previous MSRC fix removes the body scope of an enclosing function when a nested function is declared in the param scope of that enclosing function. This an result in us calculating incorrect envIndex for any symbols captured from enclosing scopes if this skipped body scope appears in the frameDisplay being passed to the nested function. This fix addresses the issue by marking the parameter scope also as mustInstantiate = true so we end up computing the correct envIndex. This problem and the fix only triggers when the enclosing function's param and body scopes are merged so the param and body scopes will never appear together in the scope stack and as such will not mess up the envIndex.
ChakraCore is the core part of Chakra, the high-performance JavaScript engine that powers Microsoft Edge and Windows applications written in HTML/CSS/JS. ChakraCore supports Just-in-time (JIT) compilation of JavaScript for x86/x64/ARM, garbage collection, and a wide range of the latest JavaScript features. ChakraCore also supports the JavaScript Runtime (JSRT) APIs, which allows you to easily embed ChakraCore in your applications.
You can stay up-to-date on progress by following the MSEdge developer blog.
| Debug | Test | Release | |
|---|---|---|---|
| Windows (x64) | |||
| Windows (x86) | |||
| Windows (ARM) | |||
| Ubuntu 16.04 (x64)[a] | |||
| Ubuntu 16.04 (x64)[s] | |||
| Ubuntu 16.04 (x64)[s][n] | * | * | |
| OS X 10.9 (x64)[a] | |||
| OS X 10.9 (x64)[s][n] | * | * | 
[a] Static | [s] Shared | [n] NoJIT | * Omitted
Above is a table of our rolling build status. We run additional builds on a daily basis. See Build Status for the status of all builds and additional details.
If you believe you have found a security issue in ChakraCore, please share it with us privately following the guidance at the Microsoft Security TechCenter. Reporting it via this channel helps minimize risk to projects built with ChakraCore.
You can build ChakraCore on Windows 7 SP1 or above, and Windows Server 2008 R2 or above, with either Visual Studio 2015 or 2017 with C++ support installed. Once you have Visual Studio installed:
git clone https://github.com/Microsoft/ChakraCore.gitBuild\Chakra.Core.sln in Visual StudioMore details in Building ChakraCore.
Alternatively, see Getting ChakraCore binaries for pre-built ChakraCore binaries.
Once built, you have a few options for how you can use ChakraCore:
Build\VcBuild\bin\${platform}_${configuration}Build\VcBuild\bin\x64_debug)A note about using ChakraCore: ChakraCore is the foundational JavaScript engine, but it does not include the external APIs that make up the modern JavaScript development experience.  For example, DOM APIs like document.write() are additional APIs that are not available by default and would need to be provided.  For debugging, you may instead want to use print().
Contributions to ChakraCore are welcome. Here is how you can contribute to ChakraCore:
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Please refer to Contribution Guidelines for more details.
Code licensed under the MIT License.
For details on our planned features and future direction please refer to our Roadmap.
If you have questions about ChakraCore, or you would like to reach out to us about an issue you're having or for development advice as you work on a ChakraCore issue, you can reach us as follows: