summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2015-2740.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2740.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2740.patch52
1 files changed, 0 insertions, 52 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2740.patch b/gnu/packages/patches/icecat-CVE-2015-2740.patch
deleted file mode 100644
index caafa52a23..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2740.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From ccbae7ff07c2e72c48e0676adaa3e798990f33a1 Mon Sep 17 00:00:00 2001
-From: Andrea Marchesini <amarchesini@mozilla.com>
-Date: Tue, 23 Jun 2015 10:47:38 -0400
-Subject: [PATCH] Bug 1170809 - Improve the buffer size check in
- nsXMLHttpRequest::AppendToResponseText. r=ehsan, r=bz, a=abillings
-
----
- content/base/src/nsXMLHttpRequest.cpp | 15 +++++++++++----
- 1 file changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/content/base/src/nsXMLHttpRequest.cpp b/content/base/src/nsXMLHttpRequest.cpp
-index 56d1aa3..86425d7 100644
---- a/content/base/src/nsXMLHttpRequest.cpp
-+++ b/content/base/src/nsXMLHttpRequest.cpp
-@@ -655,13 +655,18 @@ nsXMLHttpRequest::AppendToResponseText(const char * aSrcBuffer,
-                                        &destBufferLen);
-   NS_ENSURE_SUCCESS(rv, rv);
- 
--  if (!mResponseText.SetCapacity(mResponseText.Length() + destBufferLen, fallible_t())) {
-+  uint32_t size = mResponseText.Length() + destBufferLen;
-+  if (size < (uint32_t)destBufferLen) {
-+    return NS_ERROR_OUT_OF_MEMORY;
-+  }
-+
-+  if (!mResponseText.SetCapacity(size, fallible_t())) {
-     return NS_ERROR_OUT_OF_MEMORY;
-   }
- 
-   char16_t* destBuffer = mResponseText.BeginWriting() + mResponseText.Length();
- 
--  int32_t totalChars = mResponseText.Length();
-+  CheckedInt32 totalChars = mResponseText.Length();
- 
-   // This code here is basically a copy of a similar thing in
-   // nsScanner::Append(const char* aBuffer, uint32_t aLen).
-@@ -674,9 +679,11 @@ nsXMLHttpRequest::AppendToResponseText(const char * aSrcBuffer,
-   MOZ_ASSERT(NS_SUCCEEDED(rv));
- 
-   totalChars += destlen;
-+  if (!totalChars.isValid()) {
-+    return NS_ERROR_OUT_OF_MEMORY;
-+  }
- 
--  mResponseText.SetLength(totalChars);
--
-+  mResponseText.SetLength(totalChars.value());
-   return NS_OK;
- }
- 
--- 
-2.4.3
-
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-01-11 08:48:12 +0000