Update quickjs to fix CVE-2023-31922 (#125)

* Squashed 'quickjs/' changes from b5e6289..f87cab0 f87cab0 added String.prototype.at, Array.prototype.at and TypedArray.prototype.at 3106401 keep LTO cdeca4d updated to unicode 15.0.0 94010ed the BigInt support is now always included 03cc5ec fixed js_proxy_isArray stack overflow (github issue #178) 6de52d8 bf_set_ui() fix (github issue #133) 2788d71 updated to Unicode 14.0.0 8516959 updated test262.conf 446099a added Object.hasOwn() b9f5880 fixed invalid Array.prototype.push/unshift optimization git-subtree-dir: quickjs git-subtree-split: f87cab0fc62866f4d4dfff0526adebe4fda364e2 * Ignore emsdk-cache in prettier (caused CI failure in my own repo: https://github.com/tbrockman/quickjs-emscripten/actions/runs/7103978144/job/19337912692).
justjake · Dec 5, 2023 · 6e8bf02 · 6e8bf02
1 parent 24c340c
commit 6e8bf02
Show file tree

Hide file tree

Showing 12 changed files with 3,005 additions and 3,040 deletions.
diff --git a/.prettierignore b/.prettierignore
@@ -7,3 +7,4 @@ dist
 examples/imports
 examples/typescript-smoketest/*.js
 build
+emsdk-cache
diff --git a/quickjs/Makefile b/quickjs/Makefile
@@ -47,7 +47,7 @@ prefix=/usr/local
 #CONFIG_PROFILE=y
 # use address sanitizer
 #CONFIG_ASAN=y
-# include the code for BigInt/BigFloat/BigDecimal and math mode
+# include the code for BigFloat/BigDecimal, math mode and faster large integers
 CONFIG_BIGNUM=y
 
 OBJDIR=.obj
@@ -166,11 +166,10 @@ endif
 
 all: $(OBJDIR) $(OBJDIR)/quickjs.check.o $(OBJDIR)/qjs.check.o $(PROGS)
 
-QJS_LIB_OBJS=$(OBJDIR)/quickjs.o $(OBJDIR)/libregexp.o $(OBJDIR)/libunicode.o $(OBJDIR)/cutils.o $(OBJDIR)/quickjs-libc.o
+QJS_LIB_OBJS=$(OBJDIR)/quickjs.o $(OBJDIR)/libregexp.o $(OBJDIR)/libunicode.o $(OBJDIR)/cutils.o $(OBJDIR)/quickjs-libc.o $(OBJDIR)/libbf.o 
 
 QJS_OBJS=$(OBJDIR)/qjs.o $(OBJDIR)/repl.o $(QJS_LIB_OBJS)
 ifdef CONFIG_BIGNUM
-QJS_LIB_OBJS+=$(OBJDIR)/libbf.o 
 QJS_OBJS+=$(OBJDIR)/qjscalc.o
 endif
 
@@ -317,10 +316,7 @@ endif
 HELLO_SRCS=examples/hello.js
 HELLO_OPTS=-fno-string-normalize -fno-map -fno-promise -fno-typedarray \
            -fno-typedarray -fno-regexp -fno-json -fno-eval -fno-proxy \
-           -fno-date -fno-module-loader
-ifdef CONFIG_BIGNUM
-HELLO_OPTS+=-fno-bigint
-endif
+           -fno-date -fno-module-loader -fno-bigint
 
 hello.c: $(QJSC) $(HELLO_SRCS)
 	$(QJSC) -e $(HELLO_OPTS) -o $@ $(HELLO_SRCS)

diff --git a/quickjs/libbf.c b/quickjs/libbf.c
@@ -37,10 +37,12 @@
 
 /* enable it to check the multiplication result */
 //#define USE_MUL_CHECK
+#ifdef CONFIG_BIGNUM
 /* enable it to use FFT/NTT multiplication */
 #define USE_FFT_MUL
 /* enable decimal floating point support */
 #define USE_BF_DEC
+#endif
 
 //#define inline __attribute__((always_inline))
 
@@ -164,6 +166,21 @@ static inline slimb_t sat_add(slimb_t a, slimb_t b)
     return r;
 }
 
+static inline __maybe_unused limb_t shrd(limb_t low, limb_t high, long shift)
+{
+    if (shift != 0)
+        low = (low >> shift) | (high << (LIMB_BITS - shift));
+    return low;
+}
+
+static inline __maybe_unused limb_t shld(limb_t a1, limb_t a0, long shift)
+{
+    if (shift != 0)
+        return (a1 << shift) | (a0 >> (LIMB_BITS - shift));
+    else
+        return a1;
+}
+
 #define malloc(s) malloc_is_forbidden(s)
 #define free(p) free_is_forbidden(p)
 #define realloc(p, s) realloc_is_forbidden(p, s)
@@ -236,7 +253,7 @@ int bf_set_ui(bf_t *r, uint64_t a)
         a1 = a >> 32;
         shift = clz(a1);
         r->tab[0] = a0 << shift;
-        r->tab[1] = (a1 << shift) | (a0 >> (LIMB_BITS - shift));
+        r->tab[1] = shld(a1, a0, shift);
         r->expn = 2 * LIMB_BITS - shift;
     }
 #endif
@@ -1585,7 +1602,9 @@ int bf_mul(bf_t *r, const bf_t *a, const bf_t *b, limb_t prec,
                 r = &tmp;
             }
             if (bf_resize(r, a_len + b_len)) {
+#ifdef USE_FFT_MUL
             fail:
+#endif                
                 bf_set_nan(r);
                 ret = BF_ST_MEM_ERROR;
                 goto done;
@@ -2282,11 +2301,14 @@ static int bf_pow_ui_ui(bf_t *r, limb_t a1, limb_t b,
     bf_t a;
     int ret;
 
+#ifdef USE_BF_DEC
     if (a1 == 10 && b <= LIMB_DIGITS) {
         /* use precomputed powers. We do not round at this point
            because we expect the caller to do it */
         ret = bf_set_ui(r, mp_pow_dec[b]);
-    } else {
+    } else
+#endif        
+    {
         bf_init(r->ctx, &a);
         ret = bf_set_ui(&a, a1);
         ret |= bf_pow_ui(r, &a, b, prec, flags);
@@ -5392,21 +5414,6 @@ int bf_acos(bf_t *r, const bf_t *a, limb_t prec, bf_flags_t flags)
 
 #endif /* LIMB_BITS != 64 */
 
-static inline __maybe_unused limb_t shrd(limb_t low, limb_t high, long shift)
-{
-    if (shift != 0)
-        low = (low >> shift) | (high << (LIMB_BITS - shift));
-    return low;
-}
-
-static inline __maybe_unused limb_t shld(limb_t a1, limb_t a0, long shift)
-{
-    if (shift != 0)
-        return (a1 << shift) | (a0 >> (LIMB_BITS - shift));
-    else
-        return a1;
-}
-
 #if LIMB_DIGITS == 19
 
 /* WARNING: hardcoded for b = 1e19. It is assumed that: