1 files changed, 35 insertions, 0 deletions

diff --git a/gnu/packages/patches/icecat-CVE-2015-7201-pt3.patch b/gnu/packages/patches/icecat-CVE-2015-7201-pt3.patch
new file mode 100644
index 0000000000..022ab5cc16
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-7201-pt3.patch
@@ -0,0 +1,35 @@
+From 567a97b6347ac8c2b93ec788c437b7e9bb23ef75 Mon Sep 17 00:00:00 2001
+From: Edwin Flores <eflores@mozilla.com>
+Date: Wed, 2 Dec 2015 16:15:29 +0100
+Subject: [PATCH] Bug 1224100 - Initialize padding to 0 in Downscaler. r=seth,
+ a=sledru
+
+---
+ image/src/Downscaler.cpp | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp
+index 24ecfda..2a7acfd 100644
+--- a/image/src/Downscaler.cpp
++++ b/image/src/Downscaler.cpp
+@@ -86,11 +86,16 @@ Downscaler::BeginFrame(const nsIntSize& aOriginalSize,
+                                mTargetSize.height, mYFilter.get());
+ 
+   // Allocate the buffer, which contains scanlines of the original image.
+-  mRowBuffer = MakeUnique<uint8_t[]>(mOriginalSize.width * sizeof(uint32_t));
++  size_t bufferLen = mOriginalSize.width * sizeof(uint32_t);
++  mRowBuffer = MakeUnique<uint8_t[]>(bufferLen);
+   if (MOZ_UNLIKELY(!mRowBuffer)) {
+     return NS_ERROR_OUT_OF_MEMORY;
+   }
+ 
++  // Zero buffer to keep valgrind happy.
++  memset(mRowBuffer.get(), 0, bufferLen);
++
++
+   // Allocate the window, which contains horizontally downscaled scanlines. (We
+   // can store scanlines which are already downscale because our downscaling
+   // filter is separable.)
+-- 
+2.6.3
+