Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 8ebd894186 and 1e35f64725 from v8 #28810

Merged
merged 2 commits into from
Apr 26, 2021
Merged

chore: cherry-pick 8ebd894186 and 1e35f64725 from v8 #28810

merged 2 commits into from
Apr 26, 2021

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Apr 23, 2021
edited

[LTS-M86][builtins] Fix Array.prototype.concat with @@species

(cherry picked from commit 7989e04979c3195e60a6814e8263063eb91f7b47)

No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195977
Change-Id: I16843bce2e9f776abca0f2b943b898ab5e597e42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810787
Reviewed-by: Camillo Bruni cbruni@chromium.org
Commit-Queue: Igor Sheludko ishell@chromium.org
Cr-Original-Commit-Position: refs/heads/master@{#73842}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2823829
Commit-Queue: Jana Grill janagrill@chromium.org
Reviewed-by: Igor Sheludko ishell@chromium.org
Reviewed-by: Victor-Gabriel Savu vsavu@google.com
Cr-Commit-Position: refs/branch-heads/8.6@{#77}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}

==========

[LTS-M86][builtins] Harden Array.prototype.concat.

Defence in depth patch to prevent JavaScript from executing
from within IterateElements.

R=​ishell@chromium.org
R=​cbruni@chromium.org

(cherry picked from commit 8284359ed0607e452a4dda2ce89811fb019b4aaa)

No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195977
Change-Id: Ie59d468b73b94818cea986a3ded0804f6dddd10b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2819941
Reviewed-by: Camillo Bruni cbruni@chromium.org
Reviewed-by: Igor Sheludko ishell@chromium.org
Commit-Queue: Igor Sheludko ishell@chromium.org
Cr-Original-Commit-Position: refs/heads/master@{#73898}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2821961
Commit-Queue: Jana Grill janagrill@chromium.org
Reviewed-by: Victor-Gabriel Savu vsavu@google.com
Cr-Commit-Position: refs/branch-heads/8.6@{#76}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}

Notes: Security: backported fix to CVE-2021-21225.

@ppontes ppontes added semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 11-x-y labels Apr 23, 2021
@ppontes ppontes requested a review from a team as a code owner April 23, 2021 19:57
@codebytere codebytere merged commit 4b6b82d into 11-x-y Apr 26, 2021
@release-clerk
Copy link

release-clerk bot commented Apr 26, 2021

Release Notes Persisted

Security: backported fix to CVE-2021-21225.

@codebytere codebytere deleted the cherry-pick/11-x-y/v8/8ebd894186-n-1e35f64725 branch April 26, 2021 07:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nornagon nornagon nornagon approved these changes

Assignees
No one assigned
Labels
11-x-y backport-check-skip Skip trop's backport validity checking semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ppontes @nornagon @codebytere @electron-bot