summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2015-2708-pt2.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2708-pt2.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2708-pt2.patch284
1 files changed, 0 insertions, 284 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2708-pt2.patch b/gnu/packages/patches/icecat-CVE-2015-2708-pt2.patch
deleted file mode 100644
index 9788806557..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2708-pt2.patch
+++ /dev/null
@@ -1,284 +0,0 @@
-From 272c1ba11fac7a9ceede2f4f737bb27b4bbcad71 Mon Sep 17 00:00:00 2001
-From: Steve Fink <sfink@mozilla.com>
-Date: Thu, 19 Mar 2015 20:50:57 -0700
-Subject: [PATCH] Bug 1120655 - Suppress zone/compartment collection while
- iterating. r=terrence, a=bkerensa
-
----
- js/src/gc/Zone.h      |  9 ++++----
- js/src/jsgc.cpp       | 57 +++++++++++++++++++++++++++++++++++----------------
- js/src/jsgc.h         | 11 +++++++++-
- js/src/vm/Runtime.cpp |  1 +
- js/src/vm/Runtime.h   |  3 +++
- 5 files changed, 58 insertions(+), 23 deletions(-)
-
-diff --git a/js/src/gc/Zone.h b/js/src/gc/Zone.h
-index e7f687a..dd058f0 100644
---- a/js/src/gc/Zone.h
-+++ b/js/src/gc/Zone.h
-@@ -353,10 +353,11 @@ enum ZoneSelector {
- 
- class ZonesIter {
-   private:
-+    gc::AutoEnterIteration iterMarker;
-     JS::Zone **it, **end;
- 
-   public:
--    ZonesIter(JSRuntime *rt, ZoneSelector selector) {
-+    ZonesIter(JSRuntime *rt, ZoneSelector selector) : iterMarker(rt) {
-         it = rt->zones.begin();
-         end = rt->zones.end();
- 
-@@ -427,13 +428,13 @@ struct CompartmentsInZoneIter
- template<class ZonesIterT>
- class CompartmentsIterT
- {
--  private:
-+    gc::AutoEnterIteration iterMarker;
-     ZonesIterT zone;
-     mozilla::Maybe<CompartmentsInZoneIter> comp;
- 
-   public:
-     explicit CompartmentsIterT(JSRuntime *rt)
--      : zone(rt)
-+      : iterMarker(rt), zone(rt)
-     {
-         if (zone.done())
-             comp.construct();
-@@ -442,7 +443,7 @@ class CompartmentsIterT
-     }
- 
-     CompartmentsIterT(JSRuntime *rt, ZoneSelector selector)
--      : zone(rt, selector)
-+      : iterMarker(rt), zone(rt, selector)
-     {
-         if (zone.done())
-             comp.construct();
-diff --git a/js/src/jsgc.cpp b/js/src/jsgc.cpp
-index 15c86c8..1dfe0ab 100644
---- a/js/src/jsgc.cpp
-+++ b/js/src/jsgc.cpp
-@@ -2525,7 +2525,7 @@ ReleaseObservedTypes(JSRuntime* rt)
-  * arbitrary compartment in the zone.
-  */
- static void
--SweepCompartments(FreeOp *fop, Zone *zone, bool keepAtleastOne, bool lastGC)
-+SweepCompartments(FreeOp *fop, Zone *zone, bool keepAtleastOne, bool destroyingRuntime)
- {
-     JSRuntime *rt = zone->runtimeFromMainThread();
-     JSDestroyCompartmentCallback callback = rt->destroyCompartmentCallback;
-@@ -2543,7 +2543,7 @@ SweepCompartments(FreeOp *fop, Zone *zone, bool keepAtleastOne, bool lastGC)
-          * deleted and keepAtleastOne is true.
-          */
-         bool dontDelete = read == end && !foundOne && keepAtleastOne;
--        if ((!comp->marked && !dontDelete) || lastGC) {
-+        if ((!comp->marked && !dontDelete) || destroyingRuntime) {
-             if (callback)
-                 callback(fop, comp);
-             if (comp->principals)
-@@ -2559,9 +2559,13 @@ SweepCompartments(FreeOp *fop, Zone *zone, bool keepAtleastOne, bool lastGC)
- }
- 
- static void
--SweepZones(FreeOp *fop, bool lastGC)
-+SweepZones(FreeOp *fop, bool destroyingRuntime)
- {
-     JSRuntime *rt = fop->runtime();
-+    MOZ_ASSERT_IF(destroyingRuntime, rt->numActiveZoneIters == 0);
-+    if (rt->numActiveZoneIters)
-+        return;
-+
-     JSZoneCallback callback = rt->destroyZoneCallback;
- 
-     /* Skip the atomsCompartment zone. */
-@@ -2576,17 +2580,17 @@ SweepZones(FreeOp* fop, bool lastGC)
- 
-         if (zone->wasGCStarted()) {
-             if ((zone->allocator.arenas.arenaListsAreEmpty() && !zone->hasMarkedCompartments()) ||
--                lastGC)
-+                destroyingRuntime)
-             {
-                 zone->allocator.arenas.checkEmptyFreeLists();
-                 if (callback)
-                     callback(zone);
--                SweepCompartments(fop, zone, false, lastGC);
-+                SweepCompartments(fop, zone, false, destroyingRuntime);
-                 JS_ASSERT(zone->compartments.empty());
-                 fop->delete_(zone);
-                 continue;
-             }
--            SweepCompartments(fop, zone, true, lastGC);
-+            SweepCompartments(fop, zone, true, destroyingRuntime);
-         }
-         *write++ = zone;
-     }
-@@ -3787,7 +3791,7 @@ EndSweepingZoneGroup(JSRuntime *rt)
- }
- 
- static void
--BeginSweepPhase(JSRuntime *rt, bool lastGC)
-+BeginSweepPhase(JSRuntime *rt, bool destroyingRuntime)
- {
-     /*
-      * Sweep phase.
-@@ -3804,7 +3808,7 @@ BeginSweepPhase(JSRuntime *rt, bool lastGC)
-     gcstats::AutoPhase ap(rt->gcStats, gcstats::PHASE_SWEEP);
- 
- #ifdef JS_THREADSAFE
--    rt->gcSweepOnBackgroundThread = !lastGC && rt->useHelperThreads();
-+    rt->gcSweepOnBackgroundThread = !destroyingRuntime && rt->useHelperThreads();
- #endif
- 
- #ifdef DEBUG
-@@ -3903,12 +3907,12 @@ SweepPhase(JSRuntime *rt, SliceBudget &sliceBudget)
- }
- 
- static void
--EndSweepPhase(JSRuntime *rt, JSGCInvocationKind gckind, bool lastGC)
-+EndSweepPhase(JSRuntime *rt, JSGCInvocationKind gckind, bool destroyingRuntime)
- {
-     gcstats::AutoPhase ap(rt->gcStats, gcstats::PHASE_SWEEP);
-     FreeOp fop(rt, rt->gcSweepOnBackgroundThread);
- 
--    JS_ASSERT_IF(lastGC, !rt->gcSweepOnBackgroundThread);
-+    JS_ASSERT_IF(destroyingRuntime, !rt->gcSweepOnBackgroundThread);
- 
-     JS_ASSERT(rt->gcMarker.isDrained());
-     rt->gcMarker.stop();
-@@ -3959,8 +3963,8 @@ EndSweepPhase(JSRuntime *rt, JSGCInvocationKind gckind, bool lastGC)
-          * This removes compartments from rt->compartment, so we do it last to make
-          * sure we don't miss sweeping any compartments.
-          */
--        if (!lastGC)
--            SweepZones(&fop, lastGC);
-+        if (!destroyingRuntime)
-+            SweepZones(&fop, destroyingRuntime);
- 
-         if (!rt->gcSweepOnBackgroundThread) {
-             /*
-@@ -4001,8 +4005,8 @@ EndSweepPhase(JSRuntime *rt, JSGCInvocationKind gckind, bool lastGC)
-         rt->freeLifoAlloc.freeAll();
- 
-         /* Ensure the compartments get swept if it's the last GC. */
--        if (lastGC)
--            SweepZones(&fop, lastGC);
-+        if (destroyingRuntime)
-+            SweepZones(&fop, destroyingRuntime);
-     }
- 
-     for (ZonesIter zone(rt, WithAtoms); !zone.done(); zone.next()) {
-@@ -4339,7 +4343,7 @@ IncrementalCollectSlice(JSRuntime *rt,
-     AutoCopyFreeListToArenasForGC copy(rt);
-     AutoGCSlice slice(rt);
- 
--    bool lastGC = (reason == JS::gcreason::DESTROY_RUNTIME);
-+    bool destroyingRuntime = (reason == JS::gcreason::DESTROY_RUNTIME);
- 
-     gc::State initialState = rt->gcIncrementalState;
- 
-@@ -4384,7 +4388,7 @@ IncrementalCollectSlice(JSRuntime *rt,
-             return;
-         }
- 
--        if (!lastGC)
-+        if (!destroyingRuntime)
-             PushZealSelectedObjects(rt);
- 
-         rt->gcIncrementalState = MARK;
-@@ -4426,7 +4430,7 @@ IncrementalCollectSlice(JSRuntime *rt,
-          * This runs to completion, but we don't continue if the budget is
-          * now exhasted.
-          */
--        BeginSweepPhase(rt, lastGC);
-+        BeginSweepPhase(rt, destroyingRuntime);
-         if (sliceBudget.isOverBudget())
-             break;
- 
-@@ -4445,7 +4449,7 @@ IncrementalCollectSlice(JSRuntime *rt,
-         if (!finished)
-             break;
- 
--        EndSweepPhase(rt, gckind, lastGC);
-+        EndSweepPhase(rt, gckind, destroyingRuntime);
- 
-         if (rt->gcSweepOnBackgroundThread)
-             rt->gcHelperThread.startBackgroundSweep(gckind == GC_SHRINK);
-@@ -5386,3 +5390,20 @@ JS::AutoAssertNoGC::~AutoAssertNoGC()
-         MOZ_ASSERT(gcNumber == runtime->gcNumber, "GC ran inside an AutoAssertNoGC scope.");
- }
- #endif
-+
-+namespace js {
-+namespace gc {
-+
-+AutoEnterIteration::AutoEnterIteration(JSRuntime *rt_) : rt(rt_)
-+{
-+    ++rt->numActiveZoneIters;
-+}
-+
-+AutoEnterIteration::~AutoEnterIteration()
-+{
-+    MOZ_ASSERT(rt->numActiveZoneIters);
-+    --rt->numActiveZoneIters;
-+}
-+
-+} /* namespace gc */
-+} /* namespace js */
-diff --git a/js/src/jsgc.h b/js/src/jsgc.h
-index 825cff5..ca331c0 100644
---- a/js/src/jsgc.h
-+++ b/js/src/jsgc.h
-@@ -1077,7 +1077,7 @@ MaybeVerifyBarriers(JSContext* cx, bool always = false)
- /*
-  * Instances of this class set the |JSRuntime::suppressGC| flag for the duration
-  * that they are live. Use of this class is highly discouraged. Please carefully
-- * read the comment in jscntxt.h above |suppressGC| and take all appropriate
-+ * read the comment in vm/Runtime.h above |suppressGC| and take all appropriate
-  * precautions before instantiating this class.
-  */
- class AutoSuppressGC
-@@ -1113,6 +1113,15 @@ class AutoEnterOOMUnsafeRegion
- class AutoEnterOOMUnsafeRegion {};
- #endif /* DEBUG */
- 
-+/* Prevent compartments and zones from being collected during iteration. */
-+class AutoEnterIteration {
-+    JSRuntime *rt;
-+
-+  public:
-+    AutoEnterIteration(JSRuntime *rt_);
-+    ~AutoEnterIteration();
-+};
-+
- } /* namespace gc */
- 
- #ifdef DEBUG
-diff --git a/js/src/vm/Runtime.cpp b/js/src/vm/Runtime.cpp
-index bb5c8680..0d8c6cd 100644
---- a/js/src/vm/Runtime.cpp
-+++ b/js/src/vm/Runtime.cpp
-@@ -195,6 +195,7 @@ JSRuntime::JSRuntime(JSRuntime *parentRuntime, JSUseHelperThreads useHelperThrea
-     gcShouldCleanUpEverything(false),
-     gcGrayBitsValid(false),
-     gcIsNeeded(0),
-+    numActiveZoneIters(0),
-     gcStats(thisFromCtor()),
-     gcNumber(0),
-     gcStartNumber(0),
-diff --git a/js/src/vm/Runtime.h b/js/src/vm/Runtime.h
-index 5aeb924..ba4180e 100644
---- a/js/src/vm/Runtime.h
-+++ b/js/src/vm/Runtime.h
-@@ -1061,6 +1061,9 @@ struct JSRuntime : public JS::shadow::Runtime,
-      */
-     volatile uintptr_t  gcIsNeeded;
- 
-+    mozilla::Atomic<size_t, mozilla::ReleaseAcquire> numActiveZoneIters;
-+    friend class js::gc::AutoEnterIteration;
-+
-     js::gcstats::Statistics gcStats;
- 
-     /* Incremented on every GC slice. */
--- 
-2.2.1
-