summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch
new file mode 100644
index 0000000000..843e2eb244
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch
@@ -0,0 +1,29 @@
+  changeset:   312044:09418166fd77
+  user:        Jon Coppeard <jcoppeard@mozilla.com>
+  Date:        Wed May 11 10:14:45 2016 +0100
+  summary:     Bug 1264575 - Add missing pre-barrier in Ion r=jandem a=ritu
+
+diff -r 9cc65cca1f71 -r 09418166fd77 js/src/jit-test/tests/self-hosting/bug1264575.js
+--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
++++ b/js/src/jit-test/tests/self-hosting/bug1264575.js	Wed May 11 10:14:45 2016 +0100
+@@ -0,0 +1,7 @@
++function f(x, [y]) {}
++f(0, []);
++// jsfunfuzz-generated
++let i = 0;
++for (var z of [0, 0, 0]) {
++    verifyprebarriers();
++}
+diff -r 9cc65cca1f71 -r 09418166fd77 js/src/jit/MCallOptimize.cpp
+--- a/js/src/jit/MCallOptimize.cpp	Mon May 16 15:11:24 2016 -0400
++++ b/js/src/jit/MCallOptimize.cpp	Wed May 11 10:14:45 2016 +0100
+@@ -2263,7 +2263,8 @@
+ 
+     callInfo.setImplicitlyUsedUnchecked();
+ 
+-    MStoreFixedSlot* store = MStoreFixedSlot::New(alloc(), callInfo.getArg(0), slot, callInfo.getArg(2));
++    MStoreFixedSlot* store =
++        MStoreFixedSlot::NewBarriered(alloc(), callInfo.getArg(0), slot, callInfo.getArg(2));
+     current->add(store);
+     current->push(store);
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-26 03:08:45 +0000