summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-01-28 00:22:49 -0500
committerMark H Weaver <mhw@netris.org>2016-01-28 00:34:20 -0500
commit29a780147d066d5ce218d1fa2678a0a36a1145e3 (patch)
tree447a0dd62011ec61c4fb5b39a72612e24ae3bdf6 /gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch
parenta394c60aa381d2284e382b48af990b6bdc5f33b4 (diff)
downloadguix-29a780147d066d5ce218d1fa2678a0a36a1145e3.tar.gz
gnu: icecat: Add fixes for CVE-2016-{1930,1935} and other bugs.
* gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch,
  gnu/packages/patches/icecat-CVE-2016-1935.patch,
  gnu/packages/patches/icecat-bug-1146335-pt1.patch,
  gnu/packages/patches/icecat-bug-1146335-pt2.patch,
  gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch: New
  files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch56
1 files changed, 56 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch
new file mode 100644
index 0000000000..4f349747c0
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch
@@ -0,0 +1,56 @@
+Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/750e4cfc90f8
+Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
+Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233152
+
+# HG changeset patch
+# User Jan de Mooij <jdemooij@mozilla.com>
+# Date 1451478493 -3600
+# Node ID 750e4cfc90f80df657e44c9c63b1865023d88682
+# Parent  93617c30c0df35f719dead526b78649d564f5ac3
+Bug 1233152 - Use PersistentRooted for ParseTask script and sourceObject. r=terrence a=abillings
+
+diff --git a/js/src/vm/HelperThreads.cpp b/js/src/vm/HelperThreads.cpp
+--- a/js/src/vm/HelperThreads.cpp
++++ b/js/src/vm/HelperThreads.cpp
+@@ -198,17 +198,17 @@ static const JSClass parseTaskGlobalClas
+ 
+ ParseTask::ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal, JSContext* initCx,
+                      const char16_t* chars, size_t length,
+                      JS::OffThreadCompileCallback callback, void* callbackData)
+   : cx(cx), options(initCx), chars(chars), length(length),
+     alloc(JSRuntime::TEMP_LIFO_ALLOC_PRIMARY_CHUNK_SIZE),
+     exclusiveContextGlobal(initCx, exclusiveContextGlobal),
+     callback(callback), callbackData(callbackData),
+-    script(nullptr), errors(cx), overRecursed(false)
++    script(initCx->runtime(), nullptr), errors(cx), overRecursed(false)
+ {
+ }
+ 
+ bool
+ ParseTask::init(JSContext* cx, const ReadOnlyCompileOptions& options)
+ {
+     if (!this->options.copy(cx, options))
+         return false;
+diff --git a/js/src/vm/HelperThreads.h b/js/src/vm/HelperThreads.h
+--- a/js/src/vm/HelperThreads.h
++++ b/js/src/vm/HelperThreads.h
+@@ -472,17 +472,17 @@ struct ParseTask
+ 
+     // Callback invoked off the main thread when the parse finishes.
+     JS::OffThreadCompileCallback callback;
+     void* callbackData;
+ 
+     // Holds the final script between the invocation of the callback and the
+     // point where FinishOffThreadScript is called, which will destroy the
+     // ParseTask.
+-    JSScript* script;
++    PersistentRootedScript script;
+ 
+     // Any errors or warnings produced during compilation. These are reported
+     // when finishing the script.
+     Vector<frontend::CompileError*> errors;
+     bool overRecursed;
+ 
+     ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal,
+               JSContext* initCx, const char16_t* chars, size_t length,
+