summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch219
1 files changed, 219 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch
new file mode 100644
index 0000000000..9a4668b2dc
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch
@@ -0,0 +1,219 @@
+From 66e65b2138c6db20288ef4cf78d15995f382a7e2 Mon Sep 17 00:00:00 2001
+From: Kartikaya Gupta <kgupta@mozilla.com>
+Date: Tue, 13 Jan 2015 13:26:26 -0500
+Subject: [PATCH] Bug 1107009. r=BenWa, a=sledru
+
+---
+ gfx/layers/ipc/CompositorParent.cpp | 57 ++++++++++++++++++++++++++++++-------
+ 1 file changed, 46 insertions(+), 11 deletions(-)
+
+diff --git a/gfx/layers/ipc/CompositorParent.cpp b/gfx/layers/ipc/CompositorParent.cpp
+index ce50277..cbbb2ef 100644
+--- a/gfx/layers/ipc/CompositorParent.cpp
++++ b/gfx/layers/ipc/CompositorParent.cpp
+@@ -22,6 +22,7 @@
+ #include "gfxPrefs.h"                   // for gfxPrefs
+ #include "ipc/ShadowLayersManager.h"    // for ShadowLayersManager
+ #include "mozilla/AutoRestore.h"        // for AutoRestore
++#include "mozilla/ClearOnShutdown.h"    // for ClearOnShutdown
+ #include "mozilla/DebugOnly.h"          // for DebugOnly
+ #include "mozilla/gfx/2D.h"          // for DrawTarget
+ #include "mozilla/gfx/Point.h"          // for IntSize
+@@ -70,6 +71,16 @@ CompositorParent::LayerTreeState::LayerTreeState()
+ 
+ typedef map<uint64_t, CompositorParent::LayerTreeState> LayerTreeMap;
+ static LayerTreeMap sIndirectLayerTrees;
++static StaticAutoPtr<mozilla::Monitor> sIndirectLayerTreesLock;
++
++static void EnsureLayerTreeMapReady()
++{
++  MOZ_ASSERT(NS_IsMainThread());
++  if (!sIndirectLayerTreesLock) {
++    sIndirectLayerTreesLock = new Monitor("IndirectLayerTree");
++    mozilla::ClearOnShutdown(&sIndirectLayerTreesLock);
++  }
++}
+ 
+ // FIXME/bug 774386: we're assuming that there's only one
+ // CompositorParent, but that's not always true.  This assumption only
+@@ -132,6 +143,7 @@ void CompositorParent::StartUp()
+     return;
+   }
+   MOZ_ASSERT(!sCompositorLoop);
++  EnsureLayerTreeMapReady();
+   CreateCompositorMap();
+   CreateThread();
+   sMainLoop = MessageLoop::current();
+@@ -206,7 +218,11 @@ CompositorParent::CompositorParent(nsIWidget* aWidget,
+                                                           this, &mCompositorID));
+ 
+   mRootLayerTreeID = AllocateLayerTreeId();
+-  sIndirectLayerTrees[mRootLayerTreeID].mParent = this;
++
++  { // scope lock
++    MonitorAutoLock lock(*sIndirectLayerTreesLock);
++    sIndirectLayerTrees[mRootLayerTreeID].mParent = this;
++  }
+ 
+   mApzcTreeManager = new APZCTreeManager();
+   ++sCompositorThreadRefCount;
+@@ -249,7 +265,10 @@ CompositorParent::Destroy()
+   mCompositionManager = nullptr;
+   mApzcTreeManager->ClearTree();
+   mApzcTreeManager = nullptr;
+-  sIndirectLayerTrees.erase(mRootLayerTreeID);
++  { // scope lock
++    MonitorAutoLock lock(*sIndirectLayerTreesLock);
++    sIndirectLayerTrees.erase(mRootLayerTreeID);
++  }
+ }
+ 
+ void
+@@ -266,6 +285,7 @@ CompositorParent::RecvWillStop()
+ 
+   // Ensure that the layer manager is destroyed before CompositorChild.
+   if (mLayerManager) {
++    MonitorAutoLock lock(*sIndirectLayerTreesLock);
+     for (LayerTreeMap::iterator it = sIndirectLayerTrees.begin();
+          it != sIndirectLayerTrees.end(); it++)
+     {
+@@ -380,7 +400,10 @@ CompositorParent::ActorDestroy(ActorDestroyReason why)
+   if (mLayerManager) {
+     mLayerManager->Destroy();
+     mLayerManager = nullptr;
+-    sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = nullptr;
++    { // scope lock
++      MonitorAutoLock lock(*sIndirectLayerTreesLock);
++      sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = nullptr;
++    }
+     mCompositionManager = nullptr;
+     mCompositor = nullptr;
+   }
+@@ -696,6 +719,7 @@ CompositorParent::DidComposite()
+ {
+   unused << SendDidComposite(0);
+ 
++  MonitorAutoLock lock(*sIndirectLayerTreesLock);
+   for (LayerTreeMap::iterator it = sIndirectLayerTrees.begin();
+        it != sIndirectLayerTrees.end(); it++) {
+     LayerTreeState* lts = &it->second;
+@@ -867,6 +891,7 @@ CompositorParent::InitializeLayerManager(const nsTArray<LayersBackend>& aBackend
+       mLayerManager = layerManager;
+       MOZ_ASSERT(compositor);
+       mCompositor = compositor;
++      MonitorAutoLock lock(*sIndirectLayerTreesLock);
+       sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = layerManager;
+       return;
+     }
+@@ -969,6 +994,7 @@ CompositorParent::RecvNotifyChildCreated(const uint64_t& child)
+ void
+ CompositorParent::NotifyChildCreated(uint64_t aChild)
+ {
++  MonitorAutoLock lock(*sIndirectLayerTreesLock);
+   sIndirectLayerTrees[aChild].mParent = this;
+   sIndirectLayerTrees[aChild].mLayerManager = mLayerManager;
+ }
+@@ -985,6 +1011,7 @@ CompositorParent::AllocateLayerTreeId()
+ static void
+ EraseLayerState(uint64_t aId)
+ {
++  MonitorAutoLock lock(*sIndirectLayerTreesLock);
+   sIndirectLayerTrees.erase(aId);
+ }
+ 
+@@ -1001,6 +1028,7 @@ UpdateControllerForLayersId(uint64_t aLayersId,
+                             GeckoContentController* aController)
+ {
+   // Adopt ref given to us by SetControllerForLayerTree()
++  MonitorAutoLock lock(*sIndirectLayerTreesLock);
+   sIndirectLayerTrees[aLayersId].mController =
+     already_AddRefed<GeckoContentController>(aController);
+ }
+@@ -1010,12 +1038,15 @@ ScopedLayerTreeRegistration::ScopedLayerTreeRegistration(uint64_t aLayersId,
+                                                          GeckoContentController* aController)
+     : mLayersId(aLayersId)
+ {
++  EnsureLayerTreeMapReady();
++  MonitorAutoLock lock(*sIndirectLayerTreesLock);
+   sIndirectLayerTrees[aLayersId].mRoot = aRoot;
+   sIndirectLayerTrees[aLayersId].mController = aController;
+ }
+ 
+ ScopedLayerTreeRegistration::~ScopedLayerTreeRegistration()
+ {
++  MonitorAutoLock lock(*sIndirectLayerTreesLock);
+   sIndirectLayerTrees.erase(mLayersId);
+ }
+ 
+@@ -1175,6 +1206,7 @@ CompositorParent::CloneToplevel(const InfallibleTArray<mozilla::ipc::ProtocolFdM
+ static void
+ UpdateIndirectTree(uint64_t aId, Layer* aRoot, const TargetConfig& aTargetConfig)
+ {
++  MonitorAutoLock lock(*sIndirectLayerTreesLock);
+   sIndirectLayerTrees[aId].mRoot = aRoot;
+   sIndirectLayerTrees[aId].mTargetConfig = aTargetConfig;
+ }
+@@ -1182,6 +1214,7 @@ UpdateIndirectTree(uint64_t aId, Layer* aRoot, const TargetConfig& aTargetConfig
+ /* static */ const CompositorParent::LayerTreeState*
+ CompositorParent::GetIndirectShadowTree(uint64_t aId)
+ {
++  MonitorAutoLock lock(*sIndirectLayerTreesLock);
+   LayerTreeMap::const_iterator cit = sIndirectLayerTrees.find(aId);
+   if (sIndirectLayerTrees.end() == cit) {
+     return nullptr;
+@@ -1189,12 +1222,6 @@ CompositorParent::GetIndirectShadowTree(uint64_t aId)
+   return &cit->second;
+ }
+ 
+-static void
+-RemoveIndirectTree(uint64_t aId)
+-{
+-  sIndirectLayerTrees.erase(aId);
+-}
+-
+ void
+ CrossProcessCompositorParent::ActorDestroy(ActorDestroyReason aWhy)
+ {
+@@ -1211,6 +1238,8 @@ CrossProcessCompositorParent::AllocPLayerTransactionParent(const nsTArray<Layers
+ {
+   MOZ_ASSERT(aId != 0);
+ 
++  MonitorAutoLock lock(*sIndirectLayerTreesLock);
++
+   if (sIndirectLayerTrees[aId].mLayerManager) {
+     sIndirectLayerTrees[aId].mCrossProcessParent = this;
+     LayerManagerComposite* lm = sIndirectLayerTrees[aId].mLayerManager;
+@@ -1234,7 +1263,7 @@ bool
+ CrossProcessCompositorParent::DeallocPLayerTransactionParent(PLayerTransactionParent* aLayers)
+ {
+   LayerTransactionParent* slp = static_cast<LayerTransactionParent*>(aLayers);
+-  RemoveIndirectTree(slp->GetId());
++  EraseLayerState(slp->GetId());
+   static_cast<LayerTransactionParent*>(aLayers)->ReleaseIPDLReference();
+   return true;
+ }
+@@ -1242,6 +1271,7 @@ CrossProcessCompositorParent::DeallocPLayerTransactionParent(PLayerTransactionPa
+ bool
+ CrossProcessCompositorParent::RecvNotifyChildCreated(const uint64_t& child)
+ {
++  MonitorAutoLock lock(*sIndirectLayerTreesLock);
+   sIndirectLayerTrees[child].mParent->NotifyChildCreated(child);
+   return true;
+ }
+@@ -1269,7 +1299,12 @@ CrossProcessCompositorParent::ForceComposite(LayerTransactionParent* aLayerTree)
+ {
+   uint64_t id = aLayerTree->GetId();
+   MOZ_ASSERT(id != 0);
+-  sIndirectLayerTrees[id].mParent->ForceComposite(aLayerTree);
++  CompositorParent* parent;
++  { // scope lock
++    MonitorAutoLock lock(*sIndirectLayerTreesLock);
++    parent = sIndirectLayerTrees[id].mParent;
++  }
++  parent->ForceComposite(aLayerTree);
+ }
+ 
+ bool
+-- 
+2.2.1
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-28 03:22:15 +0000