From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 2141 invoked from network); 10 Jun 2023 11:34:50 -0000 Received: from localhost (HELO inbox.vuxu.org) (::1) by localhost with ESMTPUTF8; 10 Jun 2023 11:34:50 -0000 Content-Type: multipart/mixed; boundary="===============1026809195307696644==" MIME-Version: 1.0 Subject: =?utf8?q?Re=3A_=5BPR_PATCH=5D_=5BUpdated=5D_quickjs=3A_Fix_stack_overflow_in_CVE-2023-31922?= To: ml@inbox.vuxu.org From: Gottox Reply-to: ml@inbox.vuxu.org In-Reply-To: References: Date: Sat, 10 Jun 2023 13:34:49 +0200 List-Id: Message-ID: <20230610113449.Q3tQxShdMgefFlGHUz1lu09x8EAGQMIvJMmnuZE8mqg@z> GitHub notification mails are now in MIME to allow UTF8. --===============1026809195307696644== Content-Type: text/plain; charset="utf8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 VGhlcmUgaXMgYW4gdXBkYXRlZCBwdWxsIHJlcXVlc3QgYnkgR290dG94IGFnYWluc3QgbWFzdGVy IG9uIHRoZSB2b2lkLXBhY2thZ2VzIHJlcG9zaXRvcnkKCmh0dHBzOi8vZ2l0aHViLmNvbS9Hb3R0 b3gvdm9pZC1wYWNrYWdlcyBxdWlja2pzLWN2ZS0yMDIzLTMxOTIyCmh0dHBzOi8vZ2l0aHViLmNv bS92b2lkLWxpbnV4L3ZvaWQtcGFja2FnZXMvcHVsbC80NDE3MwoKcXVpY2tqczogRml4IHN0YWNr IG92ZXJmbG93IGluIENWRS0yMDIzLTMxOTIyCjwhLS0gVW5jb21tZW50IHJlbGV2YW50IHNlY3Rp b25zIGFuZCBkZWxldGUgb3B0aW9ucyB3aGljaCBhcmUgbm90IGFwcGxpY2FibGUgLS0+DQoNCiMj IyMgVGVzdGluZyB0aGUgY2hhbmdlcw0KLSBJIHRlc3RlZCB0aGUgY2hhbmdlcyBpbiB0aGlzIFBS OiAqKllFUyoqDQotIA0KaHR0cHM6Ly9naXRodWIuY29tL2JlbGxhcmQvcXVpY2tqcy9pc3N1ZXMv MTc4DQo8IS0tIE5vdGU6IElmIHRoZSBidWlsZCBpcyBsaWtlbHkgdG8gdGFrZSBtb3JlIHRoYW4g MiBob3VycywgcGxlYXNlIGFkZCBjaSBza2lwIHRhZyBhcyBkZXNjcmliZWQgaW4NCmh0dHBzOi8v Z2l0aHViLmNvbS92b2lkLWxpbnV4L3ZvaWQtcGFja2FnZXMvYmxvYi9tYXN0ZXIvQ09OVFJJQlVU SU5HLm1kI2NvbnRpbnVvdXMtaW50ZWdyYXRpb24NCmFuZCB0ZXN0IGF0IGxlYXN0IG9uZSBuYXRp dmUgYnVpbGQgYW5kLCBpZiBzdXBwb3J0ZWQsIGF0IGxlYXN0IG9uZSBjcm9zcyBidWlsZC4NCkln bm9yZSB0aGlzIHNlY3Rpb24gaWYgdGhpcyBQUiBpcyBub3Qgc2tpcHBpbmcgQ0kuDQotLT4NCjwh LS0NCiMjIyMgTG9jYWwgYnVpbGQgdGVzdGluZw0KLSBJIGJ1aWx0IHRoaXMgUFIgbG9jYWxseSBm b3IgbXkgbmF0aXZlIGFyY2hpdGVjdHVyZSwgKEFSQ0gtTElCQykNCi0gSSBidWlsdCB0aGlzIFBS IGxvY2FsbHkgZm9yIHRoZXNlIGFyY2hpdGVjdHVyZXMgKGlmIHN1cHBvcnRlZC4gbWFyayBjcm9z c2J1aWxkcyk6DQogIC0gYWFyY2g2NC1tdXNsDQogIC0gYXJtdjdsDQogIC0gYXJtdjZsLW11c2wN Ci0tPg0KCgpBIHBhdGNoIGZpbGUgZnJvbSBodHRwczovL2dpdGh1Yi5jb20vdm9pZC1saW51eC92 b2lkLXBhY2thZ2VzL3B1bGwvNDQxNzMucGF0Y2ggaXMgYXR0YWNoZWQ= --===============1026809195307696644== Content-Type: text/x-diff MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="github-pr-quickjs-cve-2023-31922-44173.patch" RnJvbSAxMDg2NGMxODIzMzY2ODRjMjMzOTFiOGRmNjE1MGQzMmM5ZGQzMDc5IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBFbm5vIEJvbGFuZCA8Z290dG94QHZvaWRsaW51eC5vcmc+CkRh dGU6IFR1ZSwgMzAgTWF5IDIwMjMgMTg6MDA6NDUgKzAyMDAKU3ViamVjdDogW1BBVENIXSBxdWlj a2pzOiBGaXggc3RhY2sgb3ZlcmZsb3cgaW4gQ1ZFLTIwMjMtMzE5MjIKCi0tLQogLi4uL3BhdGNo LWdoLWlzc3VlLTE3OC1jdmUtMjAyMy0zMTkyMi5wYXRjaCAgIHwgNDIgKysrKysrKysrKysrKysr KysrKwogc3JjcGtncy9xdWlja2pzL3RlbXBsYXRlICAgICAgICAgICAgICAgICAgICAgIHwgIDIg Ky0KIDIgZmlsZXMgY2hhbmdlZCwgNDMgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQogY3Jl YXRlIG1vZGUgMTAwNjQ0IHNyY3BrZ3MvcXVpY2tqcy9wYXRjaGVzL3BhdGNoLWdoLWlzc3VlLTE3 OC1jdmUtMjAyMy0zMTkyMi5wYXRjaAoKZGlmZiAtLWdpdCBhL3NyY3BrZ3MvcXVpY2tqcy9wYXRj aGVzL3BhdGNoLWdoLWlzc3VlLTE3OC1jdmUtMjAyMy0zMTkyMi5wYXRjaCBiL3NyY3BrZ3MvcXVp Y2tqcy9wYXRjaGVzL3BhdGNoLWdoLWlzc3VlLTE3OC1jdmUtMjAyMy0zMTkyMi5wYXRjaApuZXcg ZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAuLjc1NDkyNGM2MDYzOQotLS0gL2Rl di9udWxsCisrKyBiL3NyY3BrZ3MvcXVpY2tqcy9wYXRjaGVzL3BhdGNoLWdoLWlzc3VlLTE3OC1j dmUtMjAyMy0zMTkyMi5wYXRjaApAQCAtMCwwICsxLDQyIEBACitGcm9tIDA1NjQ1OTMxNDMwNWY2 NjZhZWUxMzI1NjVkZjcxMGM0MmY0MWVjMDQgTW9uIFNlcCAxNyAwMDowMDowMCAyMDAxCitGcm9t OiBOaWNrIFZhdGFtYW5pdWMgPHZhdGFtYW5lQGdtYWlsLmNvbT4KK0RhdGU6IFN1biwgMjggTWF5 IDIwMjMgMDE6NTA6NDYgLTA0MDAKK1N1YmplY3Q6IFtQQVRDSF0gRml4IHN0YWNrIG92ZXJmbG93 IGluIENWRS0yMDIzLTMxOTIyCisKK2lzQXJyYXkgYW5kIHByb3h5IGlzQXJyYXkgY2FuIGNhbGwg ZWFjaCBvdGhlciBpbmRlZmluaXRlbHkgaW4gYSBtdXR1YWxseQorcmVjdXJzaXZlIGxvb3AuCisK K0FkZCBhIHN0YWNrIG92ZXJmbG93IGNoZWNrIGluIHRoZSBqc19wcm94eV9pc0FycmF5IGZ1bmN0 aW9uIGJlZm9yZSBjYWxsaW5nCitKU19pc0FycmF5KGN0eCwgcy0+dGFyZ2V0KS4KKworV2l0aCBB U0FOIHRoZSB0aGUgcG9jLmpzIGZyb20gaXNzdWUgMTc4OgorCitgYGAKKy4vcWpzIC4vcG9jLmpz CitJbnRlcm5hbEVycm9yOiBzdGFjayBvdmVyZmxvdworICBhdCBpc0FycmF5IChuYXRpdmUpCisg IGF0IDxldmFsPiAoLi9wb2MuanM6NCkKK2BgYAorCitGaXg6IGh0dHBzOi8vZ2l0aHViLmNvbS9i ZWxsYXJkL3F1aWNranMvaXNzdWVzLzE3OAorLS0tCisgcXVpY2tqcy5jIHwgNiArKysrKysKKyAx IGZpbGUgY2hhbmdlZCwgNiBpbnNlcnRpb25zKCspCisKK2RpZmYgLS1naXQgYS9xdWlja2pzLmMg Yi9xdWlja2pzLmMKK2luZGV4IDc5MTYwMTM5Li5hM2IwYjU1ZiAxMDA2NDQKKy0tLSBhL3F1aWNr anMuYworKysrIGIvcXVpY2tqcy5jCitAQCAtNDUyNDMsNiArNDUyNDMsMTIgQEAgc3RhdGljIGlu dCBqc19wcm94eV9pc0FycmF5KEpTQ29udGV4dCAqY3R4LCBKU1ZhbHVlQ29uc3Qgb2JqKQorICAg ICBKU1Byb3h5RGF0YSAqcyA9IEpTX0dldE9wYXF1ZShvYmosIEpTX0NMQVNTX1BST1hZKTsKKyAg ICAgaWYgKCFzKQorICAgICAgICAgcmV0dXJuIEZBTFNFOworKworKyAgICBpZiAoanNfY2hlY2tf c3RhY2tfb3ZlcmZsb3coY3R4LT5ydCwgMCkpIHsKKysgICAgICAgIEpTX1Rocm93U3RhY2tPdmVy ZmxvdyhjdHgpOworKyAgICAgICAgcmV0dXJuIC0xOworKyAgICB9CisrCisgICAgIGlmIChzLT5p c19yZXZva2VkKSB7CisgICAgICAgICBKU19UaHJvd1R5cGVFcnJvclJldm9rZWRQcm94eShjdHgp OworICAgICAgICAgcmV0dXJuIC0xOwpkaWZmIC0tZ2l0IGEvc3JjcGtncy9xdWlja2pzL3RlbXBs YXRlIGIvc3JjcGtncy9xdWlja2pzL3RlbXBsYXRlCmluZGV4IDdjZmU2ZjNlN2Y0My4uNTYyY2Ez NzFiYzVkIDEwMDY0NAotLS0gYS9zcmNwa2dzL3F1aWNranMvdGVtcGxhdGUKKysrIGIvc3JjcGtn cy9xdWlja2pzL3RlbXBsYXRlCkBAIC0xLDcgKzEsNyBAQAogIyBUZW1wbGF0ZSBmaWxlIGZvciAn cXVpY2tqcycKIHBrZ25hbWU9cXVpY2tqcwogdmVyc2lvbj0yMDIxLjAzLjI3Ci1yZXZpc2lvbj0z CityZXZpc2lvbj00CiBidWlsZF9zdHlsZT1nbnUtbWFrZWZpbGUKIG1ha2VfdXNlX2Vudj10cnVl CiBtYWtlX2J1aWxkX2FyZ3M9IkNPTkZJR19MVE89Igo= --===============1026809195307696644==--