summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2014-1593.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2014-1593.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2014-1593.patch154
1 files changed, 154 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2014-1593.patch b/gnu/packages/patches/icecat-CVE-2014-1593.patch
new file mode 100644
index 0000000000..446920a95f
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2014-1593.patch
@@ -0,0 +1,154 @@
+commit a58cea744ac5b93b99a66554e1029b2c7aa3255d
+Author: Matthew Gregan <kinetik@flim.org>
+Date:   Tue Nov 11 08:58:52 2014 +1300
+
+    Bug 1085175. r=roc, a=dveditz
+
+	Modified   content/media/MediaCache.cpp
+diff --git a/content/media/MediaCache.cpp b/content/media/MediaCache.cpp
+index 598d905..c99f724 100644
+--- a/content/media/MediaCache.cpp
++++ b/content/media/MediaCache.cpp
+@@ -1174,6 +1174,7 @@ MediaCache::Update()
+       // Figure out where we should be reading from. It's the first
+       // uncached byte after the current mStreamOffset.
+       int64_t dataOffset = stream->GetCachedDataEndInternal(stream->mStreamOffset);
++      MOZ_ASSERT(dataOffset >= 0);
+ 
+       // Compute where we'd actually seek to to read at readOffset
+       int64_t desiredOffset = dataOffset;
+@@ -1702,6 +1703,7 @@ MediaCacheStream::NotifyDataStarted(int64_t aOffset)
+   ReentrantMonitorAutoEnter mon(gMediaCache->GetReentrantMonitor());
+   NS_WARN_IF_FALSE(aOffset == mChannelOffset,
+                    "Server is giving us unexpected offset");
++  MOZ_ASSERT(aOffset >= 0);
+   mChannelOffset = aOffset;
+   if (mStreamLength >= 0) {
+     // If we started reading at a certain offset, then for sure
+@@ -2118,23 +2120,28 @@ MediaCacheStream::Seek(int32_t aWhence, int64_t aOffset)
+     return NS_ERROR_FAILURE;
+ 
+   int64_t oldOffset = mStreamOffset;
++  int64_t newOffset = mStreamOffset;
+   switch (aWhence) {
+   case PR_SEEK_END:
+     if (mStreamLength < 0)
+       return NS_ERROR_FAILURE;
+-    mStreamOffset = mStreamLength + aOffset;
++    newOffset = mStreamLength + aOffset;
+     break;
+   case PR_SEEK_CUR:
+-    mStreamOffset += aOffset;
++    newOffset += aOffset;
+     break;
+   case PR_SEEK_SET:
+-    mStreamOffset = aOffset;
++    newOffset = aOffset;
+     break;
+   default:
+     NS_ERROR("Unknown whence");
+     return NS_ERROR_FAILURE;
+   }
+ 
++  if (newOffset < 0)
++    return NS_ERROR_FAILURE;
++  mStreamOffset = newOffset;
++
+   CACHE_LOG(PR_LOG_DEBUG, ("Stream %p Seek to %lld", this, (long long)mStreamOffset));
+   gMediaCache->NoteSeek(this, oldOffset);
+ 
+@@ -2176,11 +2183,10 @@ MediaCacheStream::Read(char* aBuffer, uint32_t aCount, uint32_t* aBytes)
+         break;
+       }
+       size = std::min(size, bytesRemaining);
+-      // Clamp size until 64-bit file size issues (bug 500784) are fixed.
++      // Clamp size until 64-bit file size issues are fixed.
+       size = std::min(size, int64_t(INT32_MAX));
+     }
+ 
+-    int32_t bytes;
+     int32_t cacheBlock = streamBlock < mBlocks.Length() ? mBlocks[streamBlock] : -1;
+     if (cacheBlock < 0) {
+       // We don't have a complete cached block here.
+@@ -2208,7 +2214,10 @@ MediaCacheStream::Read(char* aBuffer, uint32_t aCount, uint32_t* aBytes)
+         // We can just use the data in mPartialBlockBuffer. In fact we should
+         // use it rather than waiting for the block to fill and land in
+         // the cache.
+-        bytes = std::min<int64_t>(size, streamWithPartialBlock->mChannelOffset - mStreamOffset);
++        int64_t bytes = std::min<int64_t>(size, streamWithPartialBlock->mChannelOffset - mStreamOffset);
++        // Clamp bytes until 64-bit file size issues are fixed.
++        bytes = std::min(bytes, int64_t(INT32_MAX));
++        NS_ABORT_IF_FALSE(bytes >= 0 && bytes <= aCount, "Bytes out of range.");
+         memcpy(aBuffer,
+           reinterpret_cast<char*>(streamWithPartialBlock->mPartialBlockBuffer.get()) + offsetInStreamBlock, bytes);
+         if (mCurrentMode == MODE_METADATA) {
+@@ -2232,6 +2241,7 @@ MediaCacheStream::Read(char* aBuffer, uint32_t aCount, uint32_t* aBytes)
+     gMediaCache->NoteBlockUsage(this, cacheBlock, mCurrentMode, TimeStamp::Now());
+ 
+     int64_t offset = cacheBlock*BLOCK_SIZE + offsetInStreamBlock;
++    int32_t bytes;
+     NS_ABORT_IF_FALSE(size >= 0 && size <= INT32_MAX, "Size out of range.");
+     nsresult rv = gMediaCache->ReadCacheFile(offset, aBuffer + count, int32_t(size), &bytes);
+     if (NS_FAILED(rv)) {
+@@ -2268,9 +2278,7 @@ MediaCacheStream::ReadAt(int64_t aOffset, char* aBuffer,
+ }
+ 
+ nsresult
+-MediaCacheStream::ReadFromCache(char* aBuffer,
+-                                  int64_t aOffset,
+-                                  int64_t aCount)
++MediaCacheStream::ReadFromCache(char* aBuffer, int64_t aOffset, int64_t aCount)
+ {
+   ReentrantMonitorAutoEnter mon(gMediaCache->GetReentrantMonitor());
+   if (mClosed)
+@@ -2292,7 +2300,7 @@ MediaCacheStream::ReadFromCache(char* aBuffer,
+         return NS_ERROR_FAILURE;
+       }
+       size = std::min(size, bytesRemaining);
+-      // Clamp size until 64-bit file size issues (bug 500784) are fixed.
++      // Clamp size until 64-bit file size issues are fixed.
+       size = std::min(size, int64_t(INT32_MAX));
+     }
+ 
+@@ -2303,7 +2311,10 @@ MediaCacheStream::ReadFromCache(char* aBuffer,
+       // We can just use the data in mPartialBlockBuffer. In fact we should
+       // use it rather than waiting for the block to fill and land in
+       // the cache.
+-      bytes = std::min<int64_t>(size, mChannelOffset - streamOffset);
++      // Clamp bytes until 64-bit file size issues are fixed.
++      int64_t toCopy = std::min<int64_t>(size, mChannelOffset - streamOffset);
++      bytes = std::min(toCopy, int64_t(INT32_MAX));
++      NS_ABORT_IF_FALSE(bytes >= 0 && bytes <= toCopy, "Bytes out of range.");
+       memcpy(aBuffer + count,
+         reinterpret_cast<char*>(mPartialBlockBuffer.get()) + offsetInStreamBlock, bytes);
+     } else {
+	Modified   media/libnestegg/include/nestegg-stdint.h
+diff --git a/media/libnestegg/include/nestegg-stdint.h b/media/libnestegg/include/nestegg-stdint.h
+index 599a7a5..c315991 100644
+--- a/media/libnestegg/include/nestegg-stdint.h
++++ b/media/libnestegg/include/nestegg-stdint.h
+@@ -1,6 +1,9 @@
+ #ifdef _WIN32
+ typedef __int64 int64_t;
+ typedef unsigned __int64 uint64_t;
++#if !defined(INT64_MAX)
++#define INT64_MAX 9223372036854775807LL
++#endif
+ #else
+ #include <stdint.h>
+ #endif
+	Modified   media/libnestegg/src/nestegg.c
+diff --git a/media/libnestegg/src/nestegg.c b/media/libnestegg/src/nestegg.c
+index 8813cf2..56884d7 100644
+--- a/media/libnestegg/src/nestegg.c
++++ b/media/libnestegg/src/nestegg.c
+@@ -1950,6 +1950,9 @@ nestegg_offset_seek(nestegg * ctx, uint64_t offset)
+ {
+   int r;
+ 
++  if (offset > INT64_MAX)
++    return -1;
++
+   /* Seek and set up parser state for segment-level element (Cluster). */
+   r = ne_io_seek(ctx->io, offset, NESTEGG_SEEK_SET);
+   if (r != 0)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-19 06:27:21 +0000