about summary refs log tree commit diff stats
path: root/lib/quickjs/quickjs.c
Commit message (Collapse)AuthorAgeFilesLines
* quickjs: improve can_destroy hookbptato2023-12-051-19/+40
| | | | | | Use a separate list for tracking potential can_destroy targets. This lets us skip unnecessarily calling can_destroy for non-platform objects, and gets rid of exponential complexity in the loop.
* qjs: fix a warningbptato2023-12-021-1/+1
| | | | | We want to check if d is larger than INT64_MAX, but the conversion rounds it up, so we actually need to use greater-equals.
* js: simplify toJSP0bptato2023-11-301-0/+6
| | | | | | | * Expose js_create_from_ctor from QuickJS and directly use that (instead of badly recreating it) * Do not call defineUnforgeable twice (it is inevitably called in toJSP0, so jsctor does not need it)
* base64: reduce pointless re-coding using JSStringbptato2023-10-211-1/+28
| | | | | We now expose some functions from QuickJS to interact with JavaScript strings without re-encoding them into UTF-8.
* add_eval_variables: do not close over `this' twicebptato2023-10-131-1/+2
| | | | | See https://github.com/bellard/quickjs/issues/192. (Thanks to @dchest for the proposed fix.)
* Fix stack overflow in CVE-2023-31922Nick Vatamaniuc2023-09-231-0/+6
| | | | | | | | | | | | | | | | | | | isArray and proxy isArray can call each other indefinitely in a mutually recursive loop. Add a stack overflow check in the js_proxy_isArray function before calling JS_isArray(ctx, s->target). With ASAN the the poc.js from issue 178: ``` ./qjs ./poc.js InternalError: stack overflow at isArray (native) at <eval> (./poc.js:4) ``` Fix: https://github.com/bellard/quickjs/issues/178
* quickjs: add Array.prototype.atbptato2023-09-031-0/+30
|
* Remove getClassID hackbptato2023-06-271-0/+9
| | | | Add a JS_GetClassID function to QJS instead.
* Working Nim-QuickJS GC integrationbptato2023-06-241-2/+58
| | | | I believe this works correctly. Hopefully I'm not wrong.
* Include QuickJS sources in the repositorybptato2023-06-221-0/+54186
Taken from txiki.js, so it includes zamofex's top-level await patch.