aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/icecat-CVE-2015-0817.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-0817.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0817.patch44
1 files changed, 44 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-0817.patch b/gnu/packages/patches/icecat-CVE-2015-0817.patch
new file mode 100644
index 0000000000..bb530a535d
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-0817.patch
@@ -0,0 +1,44 @@
+From cedbdf8290018fbef65458e9e438c72adf2c2775 Mon Sep 17 00:00:00 2001
+From: Steve Fink <sfink@mozilla.com>
+Date: Thu, 19 Mar 2015 15:46:24 -0700
+Subject: [PATCH] Bug 1145255. r=luke, a=lmandel
+
+---
+ js/src/jit/AsmJS.cpp | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/js/src/jit/AsmJS.cpp b/js/src/jit/AsmJS.cpp
+index 302b5ab..1b8eed6 100644
+--- a/js/src/jit/AsmJS.cpp
++++ b/js/src/jit/AsmJS.cpp
+@@ -14,6 +14,7 @@
+
+ #include "jsmath.h"
+ #include "jsprf.h"
++#include "jsutil.h"
+ #include "jsworkers.h"
+ #include "prmjtime.h"
+
+@@ -3432,9 +3433,17 @@ FoldMaskedArrayIndex(FunctionCompiler &f, ParseNode **indexExpr, int32_t *mask,
+ if (IsLiteralOrConstInt(f, maskNode, &mask2)) {
+ // Flag the access to skip the bounds check if the mask ensures that an 'out of
+ // bounds' access can not occur based on the current heap length constraint.
+- if (mask2 == 0 ||
+- CountLeadingZeroes32(f.m().minHeapLength() - 1) <= CountLeadingZeroes32(mask2)) {
++ if (mask2 == 0) {
+ *needsBoundsCheck = NO_BOUNDS_CHECK;
++ } else {
++ uint32_t minHeap = f.m().minHeapLength();
++ uint32_t minHeapZeroes = CountLeadingZeroes32(minHeap - 1);
++ uint32_t maskZeroes = CountLeadingZeroes32(mask2);
++ if ((minHeapZeroes < maskZeroes) ||
++ (IsPowerOfTwo(minHeap) && minHeapZeroes == maskZeroes))
++ {
++ *needsBoundsCheck = NO_BOUNDS_CHECK;
++ }
+ }
+ *mask &= mask2;
+ *indexExpr = indexNode;
+--
+2.2.1
+