diff options
author | Mark H Weaver <mhw@netris.org> | 2015-11-06 22:08:30 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2015-11-07 08:33:16 -0500 |
commit | 0ca1eb705d29c20f901fc385ee4e1bb1eaa52f75 (patch) | |
tree | 83964c88051d0ce95ece8eafde5c0133b3afa7df /gnu/packages/patches/icecat-CVE-2015-4513-pt04.patch | |
parent | fe88f636e3bfbbf143bd87f57e0d65a2e532d7dd (diff) | |
download | guix-0ca1eb705d29c20f901fc385ee4e1bb1eaa52f75.tar.gz |
gnu: icecat: Add several security fixes.
* gnu/packages/patches/icecat-CVE-2015-4513-pt01.patch, gnu/packages/patches/icecat-CVE-2015-4513-pt02.patch, gnu/packages/patches/icecat-CVE-2015-4513-pt03.patch, gnu/packages/patches/icecat-CVE-2015-4513-pt04.patch, gnu/packages/patches/icecat-CVE-2015-4513-pt05.patch, gnu/packages/patches/icecat-CVE-2015-4513-pt06.patch, gnu/packages/patches/icecat-CVE-2015-4513-pt07.patch, gnu/packages/patches/icecat-CVE-2015-4513-pt08.patch, gnu/packages/patches/icecat-CVE-2015-4513-pt09.patch, gnu/packages/patches/icecat-CVE-2015-4513-pt10.patch, gnu/packages/patches/icecat-CVE-2015-4513-pt11.patch, gnu/packages/patches/icecat-CVE-2015-7188.patch, gnu/packages/patches/icecat-CVE-2015-7189.patch, gnu/packages/patches/icecat-CVE-2015-7193.patch, gnu/packages/patches/icecat-CVE-2015-7194.patch, gnu/packages/patches/icecat-CVE-2015-7196.patch, gnu/packages/patches/icecat-CVE-2015-7197.patch, gnu/packages/patches/icecat-CVE-2015-7198.patch, gnu/packages/patches/icecat-CVE-2015-7199.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-4513-pt04.patch')
-rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-4513-pt04.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-4513-pt04.patch b/gnu/packages/patches/icecat-CVE-2015-4513-pt04.patch new file mode 100644 index 0000000000..f6f3cd3585 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2015-4513-pt04.patch @@ -0,0 +1,50 @@ +From 97bd3ada2a0ac6eff0e03e6eec8d2012af3bb57d Mon Sep 17 00:00:00 2001 +From: Jan de Mooij <jdemooij@mozilla.com> +Date: Mon, 28 Sep 2015 13:30:42 +0200 +Subject: [PATCH] Bug 1205707 part 1 - Clean up some is-TypedArrayObject code + in Ion. r=Waldo, a=sylvestre + +--- + js/src/jit/MCallOptimize.cpp | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/js/src/jit/MCallOptimize.cpp b/js/src/jit/MCallOptimize.cpp +index 7fdede8..2c6a533 100644 +--- a/js/src/jit/MCallOptimize.cpp ++++ b/js/src/jit/MCallOptimize.cpp +@@ -2122,6 +2122,19 @@ IonBuilder::inlineIsTypedArray(CallInfo& callInfo) + return InliningStatus_Inlined; + } + ++static bool ++IsTypedArrayObject(CompilerConstraintList* constraints, MDefinition* def) ++{ ++ MOZ_ASSERT(def->type() == MIRType_Object); ++ ++ TemporaryTypeSet* types = def->resultTypeSet(); ++ if (!types) ++ return false; ++ ++ return types->forAllClasses(constraints, IsTypedArrayClass) == ++ TemporaryTypeSet::ForAllResult::ALL_TRUE; ++} ++ + IonBuilder::InliningStatus + IonBuilder::inlineTypedArrayLength(CallInfo& callInfo) + { +@@ -2132,8 +2145,10 @@ IonBuilder::inlineTypedArrayLength(CallInfo& callInfo) + if (getInlineReturnType() != MIRType_Int32) + return InliningStatus_NotInlined; + +- // We assume that when calling this function we always +- // have a TypedArray. The native asserts that as well. ++ // Note that the argument we see here is not necessarily a typed array. ++ // If it's not, this call should be unreachable though. ++ if (!IsTypedArrayObject(constraints(), callInfo.getArg(0))) ++ return InliningStatus_NotInlined; + + MInstruction* length = addTypedArrayLength(callInfo.getArg(0)); + current->push(length); +-- +2.5.0 + |