summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2015-2708-pt3.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2708-pt3.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2708-pt3.patch228
1 files changed, 228 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2708-pt3.patch b/gnu/packages/patches/icecat-CVE-2015-2708-pt3.patch
new file mode 100644
index 0000000000..f684804d0b
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-2708-pt3.patch
@@ -0,0 +1,228 @@
+From 4dcbca8b3c26b451e1376cd1b7c88ab984a45b39 Mon Sep 17 00:00:00 2001
+From: Mats Palmgren <mats@mozilla.com>
+Date: Tue, 14 Apr 2015 22:12:39 -0400
+Subject: [PATCH] Bug 1143299 - Make frame insertion methods deal with
+ aPrevFrame being on an overflow list. r=roc, a=bkerensa
+
+---
+ layout/generic/nsBlockFrame.cpp        | 18 ++++++++++++---
+ layout/generic/nsBlockFrame.h          | 14 ++++++++----
+ layout/generic/nsContainerFrame.cpp    | 41 +++++++++++++++++++---------------
+ layout/tables/nsTableFrame.cpp         |  2 ++
+ layout/tables/nsTableRowFrame.cpp      |  2 ++
+ layout/tables/nsTableRowGroupFrame.cpp |  2 ++
+ 6 files changed, 54 insertions(+), 25 deletions(-)
+
+diff --git a/layout/generic/nsBlockFrame.cpp b/layout/generic/nsBlockFrame.cpp
+index a011bcf..70d5297 100644
+--- a/layout/generic/nsBlockFrame.cpp
++++ b/layout/generic/nsBlockFrame.cpp
+@@ -1049,7 +1049,7 @@ nsBlockFrame::Reflow(nsPresContext*           aPresContext,
+   state.mOverflowTracker = &tracker;
+ 
+   // Drain & handle pushed floats
+-  DrainPushedFloats(state);
++  DrainPushedFloats();
+   nsOverflowAreas fcBounds;
+   nsReflowStatus fcStatus = NS_FRAME_COMPLETE;
+   ReflowPushedFloats(state, fcBounds, fcStatus);
+@@ -4438,9 +4438,13 @@ nsBlockFrame::DrainSelfOverflowList()
+  * might push some of them on).  Floats with placeholders in this block
+  * are reflowed by (nsBlockReflowState/nsLineLayout)::AddFloat, which
+  * also maintains these invariants.
++ *
++ * DrainSelfPushedFloats moves any pushed floats from this block's own
++ * PushedFloats list back into mFloats.  DrainPushedFloats additionally
++ * moves frames from its prev-in-flow's PushedFloats list into mFloats.
+  */
+ void
+-nsBlockFrame::DrainPushedFloats(nsBlockReflowState& aState)
++nsBlockFrame::DrainSelfPushedFloats()
+ {
+ #ifdef DEBUG
+   // Between when we drain pushed floats and when we complete reflow,
+@@ -4503,12 +4507,18 @@ nsBlockFrame::DrainPushedFloats(nsBlockReflowState& aState)
+       RemovePushedFloats()->Delete(presContext->PresShell());
+     }
+   }
++}
++
++void
++nsBlockFrame::DrainPushedFloats()
++{
++  DrainSelfPushedFloats();
+ 
+   // After our prev-in-flow has completed reflow, it may have a pushed
+   // floats list, containing floats that we need to own.  Take these.
+   nsBlockFrame* prevBlock = static_cast<nsBlockFrame*>(GetPrevInFlow());
+   if (prevBlock) {
+-    AutoFrameListPtr list(presContext, prevBlock->RemovePushedFloats());
++    AutoFrameListPtr list(PresContext(), prevBlock->RemovePushedFloats());
+     if (list && list->NotEmpty()) {
+       mFloats.InsertFrames(this, nullptr, *list);
+     }
+@@ -4711,6 +4721,7 @@ nsBlockFrame::AppendFrames(ChildListID  aListID,
+       return nsContainerFrame::AppendFrames(aListID, aFrameList);
+     }
+     else if (kFloatList == aListID) {
++      DrainSelfPushedFloats(); // ensure the last frame is in mFloats
+       mFloats.AppendFrames(nullptr, aFrameList);
+       return NS_OK;
+     }
+@@ -4757,6 +4768,7 @@ nsBlockFrame::InsertFrames(ChildListID aListID,
+       return nsContainerFrame::InsertFrames(aListID, aPrevFrame, aFrameList);
+     }
+     else if (kFloatList == aListID) {
++      DrainSelfPushedFloats(); // ensure aPrevFrame is in mFloats
+       mFloats.InsertFrames(this, aPrevFrame, aFrameList);
+       return NS_OK;
+     }
+diff --git a/layout/generic/nsBlockFrame.h b/layout/generic/nsBlockFrame.h
+index 1a6bb1e..07f7508 100644
+--- a/layout/generic/nsBlockFrame.h
++++ b/layout/generic/nsBlockFrame.h
+@@ -533,10 +533,16 @@ protected:
+     return GetStateBits() & NS_BLOCK_HAS_OVERFLOW_OUT_OF_FLOWS;
+   }
+ 
+-  /** grab pushed floats from this block's prevInFlow, and splice
+-    * them into this block's mFloats list.
+-    */
+-  void DrainPushedFloats(nsBlockReflowState& aState);
++  /**
++   * Moves frames from our PushedFloats list back into our mFloats list.
++   */
++  void DrainSelfPushedFloats();
++
++  /**
++   * First calls DrainSelfPushedFloats() then grabs pushed floats from this
++   * block's prev-in-flow, and splice them into this block's mFloats list too.
++   */
++  void DrainPushedFloats();
+ 
+   /** Load all our floats into the float manager (without reflowing them).
+    *  Assumes float manager is in our own coordinate system.
+diff --git a/layout/generic/nsContainerFrame.cpp b/layout/generic/nsContainerFrame.cpp
+index 76f0748..3ffcba7 100644
+--- a/layout/generic/nsContainerFrame.cpp
++++ b/layout/generic/nsContainerFrame.cpp
+@@ -102,16 +102,18 @@ nsContainerFrame::AppendFrames(ChildListID  aListID,
+       return NS_ERROR_INVALID_ARG;
+     }
+   }
+-  if (aFrameList.NotEmpty()) {
+-    mFrames.AppendFrames(this, aFrameList);
+ 
+-    // Ask the parent frame to reflow me.
+-    if (aListID == kPrincipalList)
+-    {
+-      PresContext()->PresShell()->
+-        FrameNeedsReflow(this, nsIPresShell::eTreeChange,
+-                         NS_FRAME_HAS_DIRTY_CHILDREN);
+-    }
++  if (MOZ_UNLIKELY(aFrameList.IsEmpty())) {
++    return NS_OK;
++  }
++
++  DrainSelfOverflowList(); // ensure the last frame is in mFrames
++  mFrames.AppendFrames(this, aFrameList);
++
++  if (aListID != kNoReflowPrincipalList) {
++    PresContext()->PresShell()->
++      FrameNeedsReflow(this, nsIPresShell::eTreeChange,
++                       NS_FRAME_HAS_DIRTY_CHILDREN);
+   }
+   return NS_OK;
+ }
+@@ -131,16 +133,19 @@ nsContainerFrame::InsertFrames(ChildListID aListID,
+       return NS_ERROR_INVALID_ARG;
+     }
+   }
+-  if (aFrameList.NotEmpty()) {
+-    // Insert frames after aPrevFrame
+-    mFrames.InsertFrames(this, aPrevFrame, aFrameList);
+ 
+-    if (aListID == kPrincipalList)
+-    {
+-      PresContext()->PresShell()->
+-        FrameNeedsReflow(this, nsIPresShell::eTreeChange,
+-                         NS_FRAME_HAS_DIRTY_CHILDREN);
+-    }
++  if (MOZ_UNLIKELY(aFrameList.IsEmpty())) {
++    return NS_OK;
++  }
++
++  DrainSelfOverflowList(); // ensure aPrevFrame is in mFrames
++  mFrames.InsertFrames(this, aPrevFrame, aFrameList);
++
++  if (aListID != kNoReflowPrincipalList) {
++    PresContext()->PresShell()->
++      FrameNeedsReflow(this, nsIPresShell::eTreeChange,
++                       NS_FRAME_HAS_DIRTY_CHILDREN);
++
+   }
+   return NS_OK;
+ }
+diff --git a/layout/tables/nsTableFrame.cpp b/layout/tables/nsTableFrame.cpp
+index 60613ba..44088da 100644
+--- a/layout/tables/nsTableFrame.cpp
++++ b/layout/tables/nsTableFrame.cpp
+@@ -2232,6 +2232,7 @@ nsTableFrame::AppendFrames(ChildListID     aListID,
+       InsertColGroups(startColIndex,
+                       nsFrameList::Slice(mColGroups, f, f->GetNextSibling()));
+     } else if (IsRowGroup(display->mDisplay)) {
++      DrainSelfOverflowList(); // ensure the last frame is in mFrames
+       // Append the new row group frame to the sibling chain
+       mFrames.AppendFrame(nullptr, f);
+ 
+@@ -2404,6 +2405,7 @@ nsTableFrame::HomogenousInsertFrames(ChildListID     aListID,
+     InsertColGroups(startColIndex, newColgroups);
+   } else if (IsRowGroup(display->mDisplay)) {
+     NS_ASSERTION(aListID == kPrincipalList, "unexpected child list");
++    DrainSelfOverflowList(); // ensure aPrevFrame is in mFrames
+     // Insert the frames in the sibling chain
+     const nsFrameList::Slice& newRowGroups =
+       mFrames.InsertFrames(nullptr, aPrevFrame, aFrameList);
+diff --git a/layout/tables/nsTableRowFrame.cpp b/layout/tables/nsTableRowFrame.cpp
+index d1c493b..2351de3 100644
+--- a/layout/tables/nsTableRowFrame.cpp
++++ b/layout/tables/nsTableRowFrame.cpp
+@@ -182,6 +182,7 @@ nsTableRowFrame::AppendFrames(ChildListID     aListID,
+ {
+   NS_ASSERTION(aListID == kPrincipalList, "unexpected child list");
+ 
++  DrainSelfOverflowList(); // ensure the last frame is in mFrames
+   const nsFrameList::Slice& newCells = mFrames.AppendFrames(nullptr, aFrameList);
+ 
+   // Add the new cell frames to the table
+@@ -208,6 +209,7 @@ nsTableRowFrame::InsertFrames(ChildListID     aListID,
+   NS_ASSERTION(aListID == kPrincipalList, "unexpected child list");
+   NS_ASSERTION(!aPrevFrame || aPrevFrame->GetParent() == this,
+                "inserting after sibling frame with different parent");
++  DrainSelfOverflowList(); // ensure aPrevFrame is in mFrames
+   //Insert Frames in the frame list
+   const nsFrameList::Slice& newCells = mFrames.InsertFrames(nullptr, aPrevFrame, aFrameList);
+ 
+diff --git a/layout/tables/nsTableRowGroupFrame.cpp b/layout/tables/nsTableRowGroupFrame.cpp
+index 34aaf02..40b349b 100644
+--- a/layout/tables/nsTableRowGroupFrame.cpp
++++ b/layout/tables/nsTableRowGroupFrame.cpp
+@@ -1389,6 +1389,7 @@ nsTableRowGroupFrame::AppendFrames(ChildListID     aListID,
+ {
+   NS_ASSERTION(aListID == kPrincipalList, "unexpected child list");
+ 
++  DrainSelfOverflowList(); // ensure the last frame is in mFrames
+   ClearRowCursor();
+ 
+   // collect the new row frames in an array
+@@ -1430,6 +1431,7 @@ nsTableRowGroupFrame::InsertFrames(ChildListID     aListID,
+   NS_ASSERTION(!aPrevFrame || aPrevFrame->GetParent() == this,
+                "inserting after sibling frame with different parent");
+ 
++  DrainSelfOverflowList(); // ensure aPrevFrame is in mFrames
+   ClearRowCursor();
+ 
+   // collect the new row frames in an array
+-- 
+2.2.1
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-12 17:37:00 +0000