summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch91
1 files changed, 91 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch
new file mode 100644
index 0000000000..7861e24c89
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch
@@ -0,0 +1,91 @@
+Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/8c184c30caa6
+Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
+Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230668
+
+# HG changeset patch
+# User L. David Baron <dbaron@dbaron.org>
+# Date 1452248144 -39600
+# Node ID 8c184c30caa6d16f5ec63cce9a77d16f25d2e57e
+# Parent  0f7224441f2089001f7934b46ac10cb72d267606
+Bug 1230668 - Don't use frame when not in composed document.  r=heycam a=sylvestre
+
+diff --git a/layout/style/nsComputedDOMStyle.cpp b/layout/style/nsComputedDOMStyle.cpp
+--- a/layout/style/nsComputedDOMStyle.cpp
++++ b/layout/style/nsComputedDOMStyle.cpp
+@@ -421,26 +421,31 @@ nsComputedDOMStyle::GetStyleContextForEl
+ {
+   MOZ_ASSERT(aElement, "NULL element");
+   // If the content has a pres shell, we must use it.  Otherwise we'd
+   // potentially mix rule trees by using the wrong pres shell's style
+   // set.  Using the pres shell from the content also means that any
+   // content that's actually *in* a document will get the style from the
+   // correct document.
+   nsIPresShell *presShell = GetPresShellForContent(aElement);
++  bool inDocWithShell = true;
+   if (!presShell) {
++    inDocWithShell = false;
+     presShell = aPresShell;
+     if (!presShell)
+       return nullptr;
+   }
+ 
+-  // XXX the !aElement->IsHTML(nsGkAtoms::area)

+-  // check is needed due to bug 135040 (to avoid using 

++  // XXX the !aElement->IsHTML(nsGkAtoms::area)
++  // check is needed due to bug 135040 (to avoid using 
+   // mPrimaryFrame). Remove it once that's fixed.
+-  if (!aPseudo && aStyleType == eAll && !aElement->IsHTML(nsGkAtoms::area)) {
++  if (!aPseudo && aStyleType == eAll && inDocWithShell &&
++      !aElement->IsHTML(nsGkAtoms::area)) {
++  if (!aPseudo && aStyleType == eAll && inDocWithShell &&
++      !aElement->IsHTMLElement(nsGkAtoms::area)) {
+     nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement);
+     if (frame) {
+       nsStyleContext* result = frame->StyleContext();
+       // Don't use the style context if it was influenced by
+       // pseudo-elements, since then it's not the primary style
+       // for this element.
+       if (!result->HasPseudoElementData()) {
+         // this function returns an addrefed style context
+@@ -468,17 +473,18 @@ nsComputedDOMStyle::GetStyleContextForEl
+ 
+   nsRefPtr<nsStyleContext> sc;
+   if (aPseudo) {
+     nsCSSPseudoElements::Type type = nsCSSPseudoElements::GetPseudoType(aPseudo);
+     if (type >= nsCSSPseudoElements::ePseudo_PseudoElementCount) {
+       return nullptr;
+     }
+     nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement);
+-    Element* pseudoElement = frame ? frame->GetPseudoElement(type) : nullptr;
++    Element* pseudoElement =
++      frame && inDocWithShell ? frame->GetPseudoElement(type) : nullptr;
+     sc = styleSet->ResolvePseudoElementStyle(aElement, type, parentContext,
+                                              pseudoElement);
+   } else {
+     sc = styleSet->ResolveStyleFor(aElement, parentContext);
+   }
+ 
+   if (aStyleType == eDefaultOnly) {
+     // We really only want the user and UA rules.  Filter out the other ones.
+@@ -592,18 +598,18 @@ nsComputedDOMStyle::UpdateCurrentStyleSo
+   mFlushedPendingReflows = aNeedsLayoutFlush;
+ #endif
+ 
+   mPresShell = document->GetShell();
+   if (!mPresShell || !mPresShell->GetPresContext()) {
+     return;
+   }
+ 
+-  // XXX the !mContent->IsHTML(nsGkAtoms::area)

+-  // check is needed due to bug 135040 (to avoid using 

++  // XXX the !mContent->IsHTML(nsGkAtoms::area)
++  // check is needed due to bug 135040 (to avoid using 
+   // mPrimaryFrame). Remove it once that's fixed.
+   if (!mPseudo && mStyleType == eAll && !mContent->IsHTML(nsGkAtoms::area)) {
+     mOuterFrame = mContent->GetPrimaryFrame();
+     mInnerFrame = mOuterFrame;
+     if (mOuterFrame) {
+       nsIAtom* type = mOuterFrame->GetType();
+       if (type == nsGkAtoms::tableOuterFrame) {
+         // If the frame is an outer table frame then we should get the style
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-01-02 20:36:14 +0000