[MERGE #6328 @boingoing] ChakraCore servicing update for 19-11

Merge pull request #6328 from boingoing:servicing/1911

Addresses the following issues:
CVE-2019-1426
CVE-2019-1427
CVE-2019-1428

Author: boingoing

Build/NuGet/.pack-version

@@ -1 +1 @@
-1.11.14
+1.11.15

lib/Backend/GlobOptFields.cpp

@@ -250,7 +250,8 @@ GlobOpt::KillLiveElems(IR::IndirOpnd * indirOpnd, IR::Opnd * valueOpnd, BVSparse
             IR::RegOpnd *baseOpnd = indirOpnd->GetBaseOpnd();
             Value * baseValue = baseOpnd ? this->currentBlock->globOptData.FindValue(baseOpnd->m_sym) : nullptr;
             ValueInfo * baseValueInfo = baseValue ? baseValue->GetValueInfo() : nullptr;
-            if (!baseValueInfo || !baseValueInfo->IsNotNativeArray())
+            if (!baseValueInfo || !baseValueInfo->IsNotNativeArray() || 
+                (this->IsLoopPrePass() && !this->IsSafeToTransferInPrepass(baseOpnd->m_sym, baseValueInfo)))
             {
                 if (this->currentBlock->globOptData.maybeWrittenTypeSyms == nullptr)
                 {

lib/Backend/GlobOptIntBounds.cpp

@@ -803,7 +803,7 @@ void GlobOpt::TrackIntSpecializedAddSubConstant(
 
                 // Ensure that the sym is live in the landing pad, and that its value has not changed in an unknown way yet
                 Value *const landingPadValue = currentBlock->loop->landingPad->globOptData.FindValue(sym);
-                if(!landingPadValue || srcValueNumber != landingPadValue->GetValueNumber())
+                if(!landingPadValue || srcValueNumber != landingPadValue->GetValueNumber() || currentBlock->loop->symsDefInLoop->Test(sym->m_id))
                 {
                     updateInductionVariableValueNumber = false;
                     break;

lib/Common/ChakraCoreVersion.h

@@ -17,7 +17,7 @@
 // ChakraCore version number definitions (used in ChakraCore binary metadata)
 #define CHAKRA_CORE_MAJOR_VERSION 1
 #define CHAKRA_CORE_MINOR_VERSION 11
-#define CHAKRA_CORE_PATCH_VERSION 14
+#define CHAKRA_CORE_PATCH_VERSION 15
 #define CHAKRA_CORE_VERSION_RELEASE_QFE 0 // Redundant with PATCH_VERSION. Keep this value set to 0.
 
 // -------------

lib/Parser/Parse.cpp

@@ -9506,6 +9506,15 @@ ParseNodeCatch * Parser::ParseCatch()
             GetCurrentBlock()->SetChildCallsEval(true);
         }
 
+        if (pnodeCatchScope->GetCallsEval())
+        {
+            pnodeBody->AsParseNodeBlock()->SetCallsEval(true);
+        }
+        if (pnodeCatchScope->GetChildCallsEval())
+        {
+            pnodeBody->AsParseNodeBlock()->SetChildCallsEval(true);
+        }
+
         if (buildAST)
         {
             PopStmt(&stmt);