diff options
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-0817.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-0817.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-0817.patch b/gnu/packages/patches/icecat-CVE-2015-0817.patch new file mode 100644 index 0000000000..bb530a535d --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2015-0817.patch @@ -0,0 +1,44 @@ +From cedbdf8290018fbef65458e9e438c72adf2c2775 Mon Sep 17 00:00:00 2001 +From: Steve Fink <sfink@mozilla.com> +Date: Thu, 19 Mar 2015 15:46:24 -0700 +Subject: [PATCH] Bug 1145255. r=luke, a=lmandel + +--- + js/src/jit/AsmJS.cpp | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/js/src/jit/AsmJS.cpp b/js/src/jit/AsmJS.cpp +index 302b5ab..1b8eed6 100644 +--- a/js/src/jit/AsmJS.cpp ++++ b/js/src/jit/AsmJS.cpp +@@ -14,6 +14,7 @@ + + #include "jsmath.h" + #include "jsprf.h" ++#include "jsutil.h" + #include "jsworkers.h" + #include "prmjtime.h" + +@@ -3432,9 +3433,17 @@ FoldMaskedArrayIndex(FunctionCompiler &f, ParseNode **indexExpr, int32_t *mask, + if (IsLiteralOrConstInt(f, maskNode, &mask2)) { + // Flag the access to skip the bounds check if the mask ensures that an 'out of + // bounds' access can not occur based on the current heap length constraint. +- if (mask2 == 0 || +- CountLeadingZeroes32(f.m().minHeapLength() - 1) <= CountLeadingZeroes32(mask2)) { ++ if (mask2 == 0) { + *needsBoundsCheck = NO_BOUNDS_CHECK; ++ } else { ++ uint32_t minHeap = f.m().minHeapLength(); ++ uint32_t minHeapZeroes = CountLeadingZeroes32(minHeap - 1); ++ uint32_t maskZeroes = CountLeadingZeroes32(mask2); ++ if ((minHeapZeroes < maskZeroes) || ++ (IsPowerOfTwo(minHeap) && minHeapZeroes == maskZeroes)) ++ { ++ *needsBoundsCheck = NO_BOUNDS_CHECK; ++ } + } + *mask &= mask2; + *indexExpr = indexNode; +-- +2.2.1 + |