diff options
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch new file mode 100644 index 0000000000..685e3a6d43 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch @@ -0,0 +1,53 @@ +From 4920c5c447d1153dffa623dd70d8b535b9ca6795 Mon Sep 17 00:00:00 2001 +From: Jan de Mooij <jdemooij@mozilla.com> +Date: Mon, 26 Jan 2015 12:59:47 +0100 +Subject: [PATCH] Bug 1115776 - Fix LApplyArgsGeneric to always emit the + has-script check. r=shu, a=sledru + +--- + js/src/jit/CodeGenerator.cpp | 24 ++++++++---------------- + 1 file changed, 8 insertions(+), 16 deletions(-) + +diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp +index ba14f86..0669692 100644 +--- a/js/src/jit/CodeGenerator.cpp ++++ b/js/src/jit/CodeGenerator.cpp +@@ -2448,27 +2448,19 @@ CodeGenerator::visitApplyArgsGeneric(LApplyArgsGeneric *apply) + + masm.checkStackAlignment(); + +- // If the function is known to be uncompilable, only emit the call to InvokeFunction. ++ // If the function is native, only emit the call to InvokeFunction. + ExecutionMode executionMode = gen->info().executionMode(); +- if (apply->hasSingleTarget()) { +- JSFunction *target = apply->getSingleTarget(); +- if (target->isNative()) { +- if (!emitCallInvokeFunction(apply, copyreg)) +- return false; +- emitPopArguments(apply, copyreg); +- return true; +- } ++ if (apply->hasSingleTarget() && apply->getSingleTarget()->isNative()) { ++ if (!emitCallInvokeFunction(apply, copyreg)) ++ return false; ++ emitPopArguments(apply, copyreg); ++ return true; + } + + Label end, invoke; + +- // Guard that calleereg is an interpreted function with a JSScript: +- if (!apply->hasSingleTarget()) { +- masm.branchIfFunctionHasNoScript(calleereg, &invoke); +- } else { +- // Native single targets are handled by LCallNative. +- JS_ASSERT(!apply->getSingleTarget()->isNative()); +- } ++ // Guard that calleereg is an interpreted function with a JSScript. ++ masm.branchIfFunctionHasNoScript(calleereg, &invoke); + + // Knowing that calleereg is a non-native function, load the JSScript. + masm.loadPtr(Address(calleereg, JSFunction::offsetOfNativeOrScript()), objreg); +-- +2.2.1 + |