summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch
new file mode 100644
index 0000000000..685e3a6d43
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch
@@ -0,0 +1,53 @@
+From 4920c5c447d1153dffa623dd70d8b535b9ca6795 Mon Sep 17 00:00:00 2001
+From: Jan de Mooij <jdemooij@mozilla.com>
+Date: Mon, 26 Jan 2015 12:59:47 +0100
+Subject: [PATCH] Bug 1115776 - Fix LApplyArgsGeneric to always emit the
+ has-script check. r=shu, a=sledru
+
+---
+ js/src/jit/CodeGenerator.cpp | 24 ++++++++----------------
+ 1 file changed, 8 insertions(+), 16 deletions(-)
+
+diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
+index ba14f86..0669692 100644
+--- a/js/src/jit/CodeGenerator.cpp
++++ b/js/src/jit/CodeGenerator.cpp
+@@ -2448,27 +2448,19 @@ CodeGenerator::visitApplyArgsGeneric(LApplyArgsGeneric *apply)
+ 
+     masm.checkStackAlignment();
+ 
+-    // If the function is known to be uncompilable, only emit the call to InvokeFunction.
++    // If the function is native, only emit the call to InvokeFunction.
+     ExecutionMode executionMode = gen->info().executionMode();
+-    if (apply->hasSingleTarget()) {
+-        JSFunction *target = apply->getSingleTarget();
+-        if (target->isNative()) {
+-            if (!emitCallInvokeFunction(apply, copyreg))
+-                return false;
+-            emitPopArguments(apply, copyreg);
+-            return true;
+-        }
++    if (apply->hasSingleTarget() && apply->getSingleTarget()->isNative()) {
++        if (!emitCallInvokeFunction(apply, copyreg))
++            return false;
++        emitPopArguments(apply, copyreg);
++        return true;
+     }
+ 
+     Label end, invoke;
+ 
+-    // Guard that calleereg is an interpreted function with a JSScript:
+-    if (!apply->hasSingleTarget()) {
+-        masm.branchIfFunctionHasNoScript(calleereg, &invoke);
+-    } else {
+-        // Native single targets are handled by LCallNative.
+-        JS_ASSERT(!apply->getSingleTarget()->isNative());
+-    }
++    // Guard that calleereg is an interpreted function with a JSScript.
++    masm.branchIfFunctionHasNoScript(calleereg, &invoke);
+ 
+     // Knowing that calleereg is a non-native function, load the JSScript.
+     masm.loadPtr(Address(calleereg, JSFunction::offsetOfNativeOrScript()), objreg);
+-- 
+2.2.1
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-13 02:41:01 +0000