summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2015-2738.patch
blob: beb784c6152c3802c30ca72f14c4ee32cccb83e1 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
From cda807c21650d0678761d6af8fd324ce622962d6 Mon Sep 17 00:00:00 2001
From: Andrew Comminos <acomminos@mozilla.com>
Date: Fri, 19 Jun 2015 11:32:17 -0400
Subject: [PATCH] Bug 1167356 - Handle return value of DataSourceSurface::Map
 wherever possible. r=Bas, a=abillings CLOSED TREE

---
 gfx/2d/SourceSurfaceD2D1.cpp            | 11 +++++++++--
 gfx/gl/GLScreenBuffer.cpp               |  5 ++++-
 gfx/gl/SharedSurfaceGL.cpp              |  5 ++++-
 gfx/layers/YCbCrImageDataSerializer.cpp |  4 +++-
 gfx/layers/opengl/CompositorOGL.cpp     |  6 +++++-
 gfx/thebes/gfxPlatform.cpp              |  6 ++++--
 widget/gtk/nsImageToPixbuf.cpp          |  4 +++-
 7 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/gfx/2d/SourceSurfaceD2D1.cpp b/gfx/2d/SourceSurfaceD2D1.cpp
index fc64327..01f3a67 100644
--- a/gfx/2d/SourceSurfaceD2D1.cpp
+++ b/gfx/2d/SourceSurfaceD2D1.cpp
@@ -5,6 +5,7 @@
 
 #include "SourceSurfaceD2D1.h"
 #include "DrawTargetD2D1.h"
+#include "Logging.h"
 #include "Tools.h"
 
 namespace mozilla {
@@ -156,7 +157,10 @@ DataSourceSurfaceD2D1::Map(MapType aMapType, MappedSurface *aMappedSurface)
   }
 
   D2D1_MAPPED_RECT map;
-  mBitmap->Map(D2D1_MAP_OPTIONS_READ, &map);
+  if (FAILED(mBitmap->Map(D2D1_MAP_OPTIONS_READ, &map))) {
+    gfxCriticalError() << "Failed to map bitmap.";
+    return false;
+  }
   aMappedSurface->mData = map.bits;
   aMappedSurface->mStride = map.pitch;
 
@@ -189,7 +193,10 @@ DataSourceSurfaceD2D1::EnsureMapped()
   if (mMapped) {
     return;
   }
-  mBitmap->Map(D2D1_MAP_OPTIONS_READ, &mMap);
+  if (FAILED(mBitmap->Map(D2D1_MAP_OPTIONS_READ, &mMap))) {
+    gfxCriticalError() << "Failed to map bitmap.";
+    return;
+  }
   mMapped = true;
 }
 
diff --git a/gfx/gl/GLScreenBuffer.cpp b/gfx/gl/GLScreenBuffer.cpp
index 432bdbc..d31e848 100755
--- a/gfx/gl/GLScreenBuffer.cpp
+++ b/gfx/gl/GLScreenBuffer.cpp
@@ -483,7 +483,10 @@ GLScreenBuffer::Readback(SharedSurface_GL* src, DataSourceSurface* dest)
 {
   MOZ_ASSERT(src && dest);
   DataSourceSurface::MappedSurface ms;
-  dest->Map(DataSourceSurface::MapType::READ, &ms);
+  if (!dest->Map(DataSourceSurface::MapType::READ, &ms)) {
+    NS_ERROR("Failed to map surface for reading.");
+    return;
+  }
   nsRefPtr<gfxImageSurface> wrappedDest =
     new gfxImageSurface(ms.mData,
                         ThebesIntSize(dest->GetSize()),
diff --git a/gfx/gl/SharedSurfaceGL.cpp b/gfx/gl/SharedSurfaceGL.cpp
index 1aab56f..1f80c28 100644
--- a/gfx/gl/SharedSurfaceGL.cpp
+++ b/gfx/gl/SharedSurfaceGL.cpp
@@ -326,7 +326,10 @@ SharedSurface_Basic::Fence()
     ScopedBindFramebuffer autoFB(mGL, mFB);
 
     DataSourceSurface::MappedSurface map;
-    mData->Map(DataSourceSurface::MapType::WRITE, &map);
+    if (!mData->Map(DataSourceSurface::MapType::WRITE, &map)) {
+      NS_ERROR("Failed to map surface for writing.");
+      return;
+    }
     nsRefPtr<gfxImageSurface> wrappedData =
       new gfxImageSurface(map.mData,
                           ThebesIntSize(mData->GetSize()),
diff --git a/gfx/layers/YCbCrImageDataSerializer.cpp b/gfx/layers/YCbCrImageDataSerializer.cpp
index e16db18..6e7a908 100644
--- a/gfx/layers/YCbCrImageDataSerializer.cpp
+++ b/gfx/layers/YCbCrImageDataSerializer.cpp
@@ -278,7 +278,9 @@ YCbCrImageDataDeserializer::ToDataSourceSurface()
     Factory::CreateDataSourceSurface(GetYSize(), gfx::SurfaceFormat::B8G8R8X8);
 
   DataSourceSurface::MappedSurface map;
-  result->Map(DataSourceSurface::MapType::WRITE, &map);
+  if (NS_WARN_IF(!result->Map(DataSourceSurface::MapType::WRITE, &map))) {
+    return nullptr;
+  }
 
   gfx::ConvertYCbCrToRGB32(GetYData(), GetCbData(), GetCrData(),
                            map.mData,
diff --git a/gfx/layers/opengl/CompositorOGL.cpp b/gfx/layers/opengl/CompositorOGL.cpp
index 92432c3..2e0b51e 100644
--- a/gfx/layers/opengl/CompositorOGL.cpp
+++ b/gfx/layers/opengl/CompositorOGL.cpp
@@ -1346,7 +1346,11 @@ CompositorOGL::CopyToTarget(DrawTarget *aTarget, const gfx::Matrix& aTransform)
         Factory::CreateDataSourceSurface(rect.Size(), gfx::SurfaceFormat::B8G8R8A8);
 
   DataSourceSurface::MappedSurface map;
-  source->Map(DataSourceSurface::MapType::WRITE, &map);
+  if (!source->Map(DataSourceSurface::MapType::WRITE, &map)) {
+    NS_ERROR("Failed to map surface for writing!");
+    return;
+  }
+
   // XXX we should do this properly one day without using the gfxImageSurface
   nsRefPtr<gfxImageSurface> surf =
     new gfxImageSurface(map.mData,
diff --git a/gfx/thebes/gfxPlatform.cpp b/gfx/thebes/gfxPlatform.cpp
index c869e53..8a2122c 100644
--- a/gfx/thebes/gfxPlatform.cpp
+++ b/gfx/thebes/gfxPlatform.cpp
@@ -662,8 +662,10 @@ CopySurface(gfxASurface* aSurface)
   }
 
   DataSourceSurface::MappedSurface map;
-  DebugOnly<bool> result = data->Map(DataSourceSurface::WRITE, &map);
-  MOZ_ASSERT(result, "Should always succeed mapping raw data surfaces!");
+  if (!data->Map(DataSourceSurface::WRITE, &map)) {
+    NS_ERROR("Failed to map surface for reading!");
+    return nullptr;
+  }
 
   nsRefPtr<gfxImageSurface> image = new gfxImageSurface(map.mData, size, map.mStride, format);
   nsRefPtr<gfxContext> ctx = new gfxContext(image);
diff --git a/widget/gtk/nsImageToPixbuf.cpp b/widget/gtk/nsImageToPixbuf.cpp
index ca05b3b..a83a570 100644
--- a/widget/gtk/nsImageToPixbuf.cpp
+++ b/widget/gtk/nsImageToPixbuf.cpp
@@ -75,7 +75,9 @@ nsImageToPixbuf::SourceSurfaceToPixbuf(SourceSurface* aSurface,
 
     RefPtr<DataSourceSurface> dataSurface = aSurface->GetDataSurface();
     DataSourceSurface::MappedSurface map;
-    dataSurface->Map(DataSourceSurface::MapType::READ, &map);
+    if (!dataSurface->Map(DataSourceSurface::MapType::READ, &map))
+        return nullptr;
+
     uint8_t* srcData = map.mData;
     int32_t srcStride = map.mStride;
 
-- 
2.4.3