diff options
| author | Mark H Weaver <mhw@netris.org> | 2016-04-27 22:33:02 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2016-04-28 10:25:19 -0400 |
| commit | dde2a94c095f840578c307ebf23cd7c3ba5ec858 (patch) | |
| tree | 214642e8d3e7ece66e548072144193d1ed17efe1 /gnu/packages/patches/icecat-CVE-2016-2807-pt5.patch | |
| parent | 3161f6a4eca3225778a76eb5c21cfc150e6dce0a (diff) | |
| download | guix-dde2a94c095f840578c307ebf23cd7c3ba5ec858.tar guix-dde2a94c095f840578c307ebf23cd7c3ba5ec858.tar.gz | |
gnu: icecat: Add fixes for CVE-2016-{2805,2807,2808,2814} etc.
* gnu/packages/patches/icecat-CVE-2016-2805.patch,
gnu/packages/patches/icecat-CVE-2016-2807-pt1.patch,
gnu/packages/patches/icecat-CVE-2016-2807-pt2.patch,
gnu/packages/patches/icecat-CVE-2016-2807-pt3.patch,
gnu/packages/patches/icecat-CVE-2016-2807-pt4.patch,
gnu/packages/patches/icecat-CVE-2016-2807-pt5.patch,
gnu/packages/patches/icecat-CVE-2016-2808.patch,
gnu/packages/patches/icecat-CVE-2016-2814.patch,
gnu/packages/patches/icecat-update-bundled-graphite2: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
icecat fixup
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-2807-pt5.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2016-2807-pt5.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-2807-pt5.patch b/gnu/packages/patches/icecat-CVE-2016-2807-pt5.patch new file mode 100644 index 0000000000..00718ebaac --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2807-pt5.patch @@ -0,0 +1,35 @@ +Copied from https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/3fdd280fa099 + +# HG changeset patch +# User Carsten "Tomcat" Book <cbook@mozilla.com> +# Date 1461123938 -7200 +# Node ID 3fdd280fa099b6453ce9fd9905af883bc2ebce24 +# Parent 52dfdd37150d62f708dc5bf61dd28f3967596788 +Bug 1252707 - a=sylvestre + +diff --git a/js/src/vm/Shape.cpp b/js/src/vm/Shape.cpp +--- a/js/src/vm/Shape.cpp ++++ b/js/src/vm/Shape.cpp +@@ -382,18 +382,20 @@ NativeObject::getChildPropertyOnDictiona + + if (obj->inDictionaryMode()) { + MOZ_ASSERT(parent == obj->lastProperty()); + RootedGeneric<StackShape*> childRoot(cx, &child); + shape = childRoot->isAccessorShape() ? NewGCAccessorShape(cx) : NewGCShape(cx); + if (!shape) + return nullptr; + if (childRoot->hasSlot() && childRoot->slot() >= obj->lastProperty()->base()->slotSpan()) { +- if (!obj->setSlotSpan(cx, childRoot->slot() + 1)) ++ if (!obj->setSlotSpan(cx, childRoot->slot() + 1)) { ++ new (shape) Shape(obj->lastProperty()->base()->unowned(), 0); + return nullptr; ++ } + } + shape->initDictionaryShape(*childRoot, obj->numFixedSlots(), &obj->shape_); + } + + return shape; + } + + /* static */ Shape* + |