Bump JsRuntimeHost pin (napi string-getter underflow fix + 3 others)#1759
Merged
bkaradzic-microsoft merged 1 commit intoJun 12, 2026
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Updates BabylonNative’s pinned JsRuntimeHost dependency to include upstream fixes (notably the Chakra napi_get_value_string_* underflow security fix) and additional upstream improvements.
Changes:
- Bump
JsRuntimeHostFetchContentGIT_TAGfromc88625b6…to272f6a9f….
Update the JsRuntimeHost FetchContent GIT_TAG to JRH main HEAD (272f6a9f), which fixes an integer underflow in the Chakra napi_get_value_string_* zero-bufsize handling (bufsize - 1 underflows to SIZE_MAX, causing an out-of-bounds write): BabylonJS/JsRuntimeHost#197 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
bkaradzic-microsoft
force-pushed
the
chore/bump-jsruntimehost-197
branch
from
df9af9e to
14b8ae8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Bump the
JsRuntimeHostFetchContent pin to JRHmainHEAD272f6a9f.This brings in a security fix in JsRuntimeHost — an integer underflow in the Chakra
napi_get_value_string_*getters when a caller passes a non-null buffer withbufsize == 0(bufsize - 1underflows toSIZE_MAX, causing an out-of-bounds write):It is a single-commit fast-forward over the pin currently on
master(99457c03, JRH #181).Verification
272f6a9f; the#197fix is present injs_native_api_chakra.cc.272f6a9f(napi,JsRuntime,AppRuntime, and the polyfills relink;Playground.exeis produced).