diff options
| author | Mark H Weaver <mhw@netris.org> | 2016-01-28 00:22:49 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2016-01-28 00:34:20 -0500 |
| commit | 29a780147d066d5ce218d1fa2678a0a36a1145e3 (patch) | |
| tree | 447a0dd62011ec61c4fb5b39a72612e24ae3bdf6 /gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch | |
| parent | a394c60aa381d2284e382b48af990b6bdc5f33b4 (diff) | |
| download | guix-29a780147d066d5ce218d1fa2678a0a36a1145e3.tar guix-29a780147d066d5ce218d1fa2678a0a36a1145e3.tar.gz | |
gnu: icecat: Add fixes for CVE-2016-{1930,1935} and other bugs.
* gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch,
gnu/packages/patches/icecat-CVE-2016-1935.patch,
gnu/packages/patches/icecat-bug-1146335-pt1.patch,
gnu/packages/patches/icecat-bug-1146335-pt2.patch,
gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch: New
files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch new file mode 100644 index 0000000000..406ce1bf2b --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch @@ -0,0 +1,48 @@ +Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/4444e94a99cb +Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ +Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1221385 + +# HG changeset patch +# User Jan de Mooij <jdemooij@mozilla.com> +# Date 1451478429 -3600 +# Node ID 4444e94a99cb9b00c0351cc8bf5459739cc036a5 +# Parent 750e4cfc90f80df657e44c9c63b1865023d88682 +Bug 1221385 - Handle OOM during JitRuntime initialization a bit better. r=bhackett a=abillings + +diff --git a/js/src/jscompartment.cpp b/js/src/jscompartment.cpp +--- a/js/src/jscompartment.cpp ++++ b/js/src/jscompartment.cpp +@@ -138,28 +138,20 @@ JSRuntime::createJitRuntime(JSContext* c + + // Protect jitRuntime_ from being observed (by InterruptRunningJitCode) + // while it is being initialized. Unfortunately, initialization depends on + // jitRuntime_ being non-null, so we can't just wait to assign jitRuntime_. + JitRuntime::AutoMutateBackedges amb(jrt); + jitRuntime_ = jrt; + + if (!jitRuntime_->initialize(cx)) { +- js_ReportOutOfMemory(cx); +- +- js_delete(jitRuntime_); +- jitRuntime_ = nullptr; +- +- JSCompartment* comp = cx->runtime()->atomsCompartment(); +- if (comp->jitCompartment_) { +- js_delete(comp->jitCompartment_); +- comp->jitCompartment_ = nullptr; +- } +- +- return nullptr; ++ // Handling OOM here is complicated: if we delete jitRuntime_ now, we ++ // will destroy the ExecutableAllocator, even though there may still be ++ // JitCode instances holding references to ExecutablePools. ++ CrashAtUnhandlableOOM("OOM in createJitRuntime"); + } + + return jitRuntime_; + } + + bool + JSCompartment::ensureJitCompartmentExists(JSContext* cx) + { + |