summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2015-2739.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2739.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2739.patch66
1 files changed, 0 insertions, 66 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2739.patch b/gnu/packages/patches/icecat-CVE-2015-2739.patch
deleted file mode 100644
index 9f70db8cf9..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2739.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 55d0298956b8a3cfbd5b70fe32fb07e120d364c2 Mon Sep 17 00:00:00 2001
-From: Boris Zbarsky <bzbarsky@mit.edu>
-Date: Mon, 1 Jun 2015 16:59:26 -0700
-Subject: [PATCH] Bug 1168207. Be a bit more careful with overflow checking in
- XHR. r=baku a=lizzard
-
----
- content/base/src/nsXMLHttpRequest.cpp | 25 +++++++++++++++----------
- 1 file changed, 15 insertions(+), 10 deletions(-)
-
-diff --git a/content/base/src/nsXMLHttpRequest.cpp b/content/base/src/nsXMLHttpRequest.cpp
-index 58a9ee0..56d1aa3 100644
---- a/content/base/src/nsXMLHttpRequest.cpp
-+++ b/content/base/src/nsXMLHttpRequest.cpp
-@@ -7,6 +7,7 @@
- #include "nsXMLHttpRequest.h"
- 
- #include "mozilla/ArrayUtils.h"
-+#include "mozilla/CheckedInt.h"
- #include "mozilla/dom/XMLHttpRequestUploadBinding.h"
- #include "mozilla/EventDispatcher.h"
- #include "mozilla/EventListenerManager.h"
-@@ -3897,26 +3898,30 @@ bool
- ArrayBufferBuilder::append(const uint8_t *aNewData, uint32_t aDataLen,
-                            uint32_t aMaxGrowth)
- {
-+  CheckedUint32 neededCapacity = mLength;
-+  neededCapacity += aDataLen;
-+  if (!neededCapacity.isValid()) {
-+    return false;
-+  }
-   if (mLength + aDataLen > mCapacity) {
--    uint32_t newcap;
-+    CheckedUint32 newcap = mCapacity;
-     // Double while under aMaxGrowth or if not specified.
-     if (!aMaxGrowth || mCapacity < aMaxGrowth) {
--      newcap = mCapacity * 2;
-+      newcap *= 2;
-     } else {
--      newcap = mCapacity + aMaxGrowth;
-+      newcap += aMaxGrowth;
-     }
- 
--    // But make sure there's always enough to satisfy our request.
--    if (newcap < mLength + aDataLen) {
--      newcap = mLength + aDataLen;
-+    if (!newcap.isValid()) {
-+      return false;
-     }
- 
--    // Did we overflow?
--    if (newcap < mCapacity) {
--      return false;
-+    // But make sure there's always enough to satisfy our request.
-+    if (newcap.value() < neededCapacity.value()) {
-+      newcap = neededCapacity;
-     }
- 
--    if (!setCapacity(newcap)) {
-+    if (!setCapacity(newcap.value())) {
-       return false;
-     }
-   }
--- 
-2.4.3
-
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-27 18:24:34 +0000