summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch95
1 files changed, 95 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch b/gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch
new file mode 100644
index 0000000000..8bcae6177a
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch
@@ -0,0 +1,95 @@
+From 81ce99255a0ef65c98eaac300d90c1dc161efc54 Mon Sep 17 00:00:00 2001
+From: Ben Turner <bent.mozilla@gmail.com>
+Date: Tue, 9 Jun 2015 09:46:58 -0400
+Subject: [PATCH] Bug 1142210. r=khuey, a=dveditz CLOSED TREE
+
+--HG--
+extra : amend_source : 5626188ba4b79f7c25286d4f29c63dc387e63c75
+extra : transplant_source : %F0%A1%D6F%E6%1B%1FJO%BFH%29%FFo%97%2A%89%03%ECm
+---
+ dom/indexedDB/IDBRequest.cpp             |  5 +++++
+ dom/indexedDB/IDBRequest.h               |  3 +++
+ dom/indexedDB/IndexedDatabaseManager.cpp | 22 +++++++++++++++++-----
+ 3 files changed, 25 insertions(+), 5 deletions(-)
+
+diff --git a/dom/indexedDB/IDBRequest.cpp b/dom/indexedDB/IDBRequest.cpp
+index 36e8a96..695f2ee 100644
+--- a/dom/indexedDB/IDBRequest.cpp
++++ b/dom/indexedDB/IDBRequest.cpp
+@@ -35,6 +35,8 @@
+ 
+ namespace {
+ 
++NS_DEFINE_IID(kIDBRequestIID, PRIVATE_IDBREQUEST_IID);
++
+ #ifdef MOZ_ENABLE_PROFILER_SPS
+ uint64_t gNextRequestSerialNumber = 1;
+ #endif
+@@ -382,6 +384,9 @@ NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN_INHERITED(IDBRequest, IDBWrapperCache)
+ NS_IMPL_CYCLE_COLLECTION_TRACE_END
+ 
+ NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION_INHERITED(IDBRequest)
++  if (aIID.Equals(kIDBRequestIID)) {
++    foundInterface = this;
++  } else
+ NS_INTERFACE_MAP_END_INHERITING(IDBWrapperCache)
+ 
+ NS_IMPL_ADDREF_INHERITED(IDBRequest, IDBWrapperCache)
+diff --git a/dom/indexedDB/IDBRequest.h b/dom/indexedDB/IDBRequest.h
+index c835ae8..c8d1081 100644
+--- a/dom/indexedDB/IDBRequest.h
++++ b/dom/indexedDB/IDBRequest.h
+@@ -19,6 +19,9 @@
+ 
+ #include "mozilla/dom/indexedDB/IDBWrapperCache.h"
+ 
++#define PRIVATE_IDBREQUEST_IID \
++  {0xe68901e5, 0x1d50, 0x4ee9, {0xaf, 0x49, 0x90, 0x99, 0x4a, 0xff, 0xc8, 0x39}}
++
+ class nsIScriptContext;
+ class nsPIDOMWindow;
+ 
+diff --git a/dom/indexedDB/IndexedDatabaseManager.cpp b/dom/indexedDB/IndexedDatabaseManager.cpp
+index 466d0ff..820dfa6 100644
+--- a/dom/indexedDB/IndexedDatabaseManager.cpp
++++ b/dom/indexedDB/IndexedDatabaseManager.cpp
+@@ -318,19 +318,31 @@ IndexedDatabaseManager::FireWindowOnError(nsPIDOMWindow* aOwner,
+     return NS_OK;
+   }
+ 
++  Event* internalEvent = aVisitor.mDOMEvent->InternalDOMEvent();
++  MOZ_ASSERT(internalEvent);
++
++  if (!internalEvent->IsTrusted()) {
++    return NS_OK;
++  }
++
+   nsString type;
+-  nsresult rv = aVisitor.mDOMEvent->GetType(type);
++  nsresult rv = internalEvent->GetType(type);
+   NS_ENSURE_SUCCESS(rv, rv);
+ 
+   if (!type.EqualsLiteral(ERROR_EVT_STR)) {
+     return NS_OK;
+   }
+ 
+-  nsCOMPtr<EventTarget> eventTarget =
+-    aVisitor.mDOMEvent->InternalDOMEvent()->GetTarget();
++  nsCOMPtr<EventTarget> eventTarget = internalEvent->GetTarget();
++  MOZ_ASSERT(eventTarget);
+ 
+-  IDBRequest* request = static_cast<IDBRequest*>(eventTarget.get());
+-  NS_ENSURE_TRUE(request, NS_ERROR_UNEXPECTED);
++  // Only mess with events that were originally targeted to an IDBRequest.
++  nsRefPtr<IDBRequest> request;
++  if (NS_FAILED(eventTarget->QueryInterface(kIDBRequestIID,
++                                            getter_AddRefs(request))) ||
++      !request) {
++    return NS_OK;
++  }
+ 
+   ErrorResult ret;
+   nsRefPtr<DOMError> error = request->GetError(ret);
+-- 
+2.4.3
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-15 09:25:21 +0000