From 14b8ae83da8047e82bd6e9db0472f353c377b053 Mon Sep 17 00:00:00 2001
From: Branimir Karadzic <branimirkaradzic@gmail.com>
Date: Fri, 12 Jun 2026 10:36:30 -0700
Subject: [PATCH] Bump JsRuntimeHost pin to include napi string-getter
 underflow fix

Update the JsRuntimeHost FetchContent GIT_TAG to JRH main HEAD
(272f6a9f), which fixes an integer underflow in the Chakra
napi_get_value_string_* zero-bufsize handling (bufsize - 1 underflows
to SIZE_MAX, causing an out-of-bounds write):
https://github.com/BabylonJS/JsRuntimeHost/pull/197

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5ba7f9093..ffe44c4de 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -54,7 +54,7 @@ FetchContent_Declare(ios-cmake
     EXCLUDE_FROM_ALL)
 FetchContent_Declare(JsRuntimeHost
     GIT_REPOSITORY https://github.com/BabylonJS/JsRuntimeHost.git
-    GIT_TAG 99457c03625782c3eeac6609f632538c7c9445d0)
+    GIT_TAG 272f6a9f3de78f7c4cd8a838ae9655c81fc4881a)
 FetchContent_Declare(metal-cpp
     GIT_REPOSITORY https://github.com/bkaradzic/metal-cpp.git
     GIT_TAG metal-cpp_26