summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch60
1 files changed, 60 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch b/gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch
new file mode 100644
index 0000000000..96b83c118c
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch
@@ -0,0 +1,60 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/2839062f84fb
+
+# HG changeset patch
+# User Jan de Mooij <jdemooij@mozilla.com>
+# Date 1455119320 -3600
+# Node ID 2839062f84fb6cba2781ea8d59150f13d4813ddc
+# Parent  185b233ea03f3811404e3979b65ec86b29d13555
+Bug 1242279 - r=bhackett1024 a=sylvestre
+
+diff --git a/js/src/vm/TypeInference.cpp b/js/src/vm/TypeInference.cpp
+--- a/js/src/vm/TypeInference.cpp
++++ b/js/src/vm/TypeInference.cpp
+@@ -3961,16 +3961,22 @@ JSScript::maybeSweepTypes(AutoClearTypeI
+ 
+     unsigned num = TypeScript::NumTypeSets(this);
+     StackTypeSet* typeArray = types_->typeArray();
+ 
+     // Remove constraints and references to dead objects from stack type sets.
+     for (unsigned i = 0; i < num; i++)
+         typeArray[i].sweep(zone(), *oom);
+ 
++    if (oom->hadOOM()) {
++        // It's possible we OOM'd while copying freeze constraints, so they
++        // need to be regenerated.
++        hasFreezeConstraints_ = false;
++    }
++
+     // Update the recompile indexes in any IonScripts still on the script.
+     if (hasIonScript())
+         ionScript()->recompileInfoRef().shouldSweep(types);
+ }
+ 
+ void
+ TypeScript::destroy()
+ {
+diff --git a/js/src/vm/TypeInference.h b/js/src/vm/TypeInference.h
+--- a/js/src/vm/TypeInference.h
++++ b/js/src/vm/TypeInference.h
+@@ -566,16 +566,19 @@ class AutoClearTypeInferenceStateOnOOM
+       : zone(zone), oom(false)
+     {}
+ 
+     ~AutoClearTypeInferenceStateOnOOM();
+ 
+     void setOOM() {
+         oom = true;
+     }
++    bool hadOOM() const {
++        return oom;
++    }
+ };
+ 
+ /* Superclass common to stack and heap type sets. */
+ class ConstraintTypeSet : public TypeSet
+ {
+   public:
+     /* Chain of constraints which propagate changes out from this type set. */
+     TypeConstraint* constraintList;
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-01-09 16:58:58 +0000