aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/icecat-CVE-2016-2807-pt4.patch
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-04-27 22:33:02 -0400
committerMark H Weaver <mhw@netris.org>2016-04-28 10:25:19 -0400
commitdde2a94c095f840578c307ebf23cd7c3ba5ec858 (patch)
tree214642e8d3e7ece66e548072144193d1ed17efe1 /gnu/packages/patches/icecat-CVE-2016-2807-pt4.patch
parent3161f6a4eca3225778a76eb5c21cfc150e6dce0a (diff)
downloadguix-dde2a94c095f840578c307ebf23cd7c3ba5ec858.tar
guix-dde2a94c095f840578c307ebf23cd7c3ba5ec858.tar.gz
gnu: icecat: Add fixes for CVE-2016-{2805,2807,2808,2814} etc.
* gnu/packages/patches/icecat-CVE-2016-2805.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt1.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt2.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt3.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt4.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt5.patch, gnu/packages/patches/icecat-CVE-2016-2808.patch, gnu/packages/patches/icecat-CVE-2016-2814.patch, gnu/packages/patches/icecat-update-bundled-graphite2: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches. icecat fixup
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-2807-pt4.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-2807-pt4.patch37
1 files changed, 37 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-2807-pt4.patch b/gnu/packages/patches/icecat-CVE-2016-2807-pt4.patch
new file mode 100644
index 0000000000..5eff4fe99c
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-2807-pt4.patch
@@ -0,0 +1,37 @@
+Copied from https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/5c312182da90
+
+# HG changeset patch
+# User Jan de Mooij <jdemooij@mozilla.com>
+# Date 1458828581 -3600
+# Node ID 5c312182da9020504103aa329360abaffa7e232d
+# Parent fa4efccde9b7efde8763a178a6cf422b6d37a0e9
+Bug 1254622 - Relookup group->newScript in CreateThisForFunctionWithGroup. r=bhackett a=sylvestre
+
+MozReview-Commit-ID: KXd7kB70f1Z
+
+diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp
+--- a/js/src/jsobj.cpp
++++ b/js/src/jsobj.cpp
+@@ -1574,18 +1574,19 @@ CreateThisForFunctionWithGroup(JSContext
+ // Not enough objects with this group have been created yet, so make a
+ // plain object and register it with the group. Use the maximum number
+ // of fixed slots, as is also required by the TypeNewScript.
+ gc::AllocKind allocKind = GuessObjectGCKind(NativeObject::MAX_FIXED_SLOTS);
+ PlainObject* res = NewObjectWithGroup<PlainObject>(cx, group, parent, allocKind, newKind);
+ if (!res)
+ return nullptr;
+
+- if (newKind != SingletonObject)
+- newScript->registerNewObject(res);
++ // Make sure group->newScript is still there.
++ if (newKind != SingletonObject && group->newScript())
++ group->newScript()->registerNewObject(res);
+
+ return res;
+ }
+
+ gc::AllocKind allocKind = NewObjectGCKind(&PlainObject::class_);
+
+ if (newKind == SingletonObject) {
+ Rooted<TaggedProto> protoRoot(cx, group->proto());
+