aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/icecat-CVE-2015-2739.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2739.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2739.patch66
1 files changed, 0 insertions, 66 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2739.patch b/gnu/packages/patches/icecat-CVE-2015-2739.patch
deleted file mode 100644
index 9f70db8cf9..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2739.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 55d0298956b8a3cfbd5b70fe32fb07e120d364c2 Mon Sep 17 00:00:00 2001
-From: Boris Zbarsky <bzbarsky@mit.edu>
-Date: Mon, 1 Jun 2015 16:59:26 -0700
-Subject: [PATCH] Bug 1168207. Be a bit more careful with overflow checking in
- XHR. r=baku a=lizzard
-
----
- content/base/src/nsXMLHttpRequest.cpp | 25 +++++++++++++++----------
- 1 file changed, 15 insertions(+), 10 deletions(-)
-
-diff --git a/content/base/src/nsXMLHttpRequest.cpp b/content/base/src/nsXMLHttpRequest.cpp
-index 58a9ee0..56d1aa3 100644
---- a/content/base/src/nsXMLHttpRequest.cpp
-+++ b/content/base/src/nsXMLHttpRequest.cpp
-@@ -7,6 +7,7 @@
- #include "nsXMLHttpRequest.h"
-
- #include "mozilla/ArrayUtils.h"
-+#include "mozilla/CheckedInt.h"
- #include "mozilla/dom/XMLHttpRequestUploadBinding.h"
- #include "mozilla/EventDispatcher.h"
- #include "mozilla/EventListenerManager.h"
-@@ -3897,26 +3898,30 @@ bool
- ArrayBufferBuilder::append(const uint8_t *aNewData, uint32_t aDataLen,
- uint32_t aMaxGrowth)
- {
-+ CheckedUint32 neededCapacity = mLength;
-+ neededCapacity += aDataLen;
-+ if (!neededCapacity.isValid()) {
-+ return false;
-+ }
- if (mLength + aDataLen > mCapacity) {
-- uint32_t newcap;
-+ CheckedUint32 newcap = mCapacity;
- // Double while under aMaxGrowth or if not specified.
- if (!aMaxGrowth || mCapacity < aMaxGrowth) {
-- newcap = mCapacity * 2;
-+ newcap *= 2;
- } else {
-- newcap = mCapacity + aMaxGrowth;
-+ newcap += aMaxGrowth;
- }
-
-- // But make sure there's always enough to satisfy our request.
-- if (newcap < mLength + aDataLen) {
-- newcap = mLength + aDataLen;
-+ if (!newcap.isValid()) {
-+ return false;
- }
-
-- // Did we overflow?
-- if (newcap < mCapacity) {
-- return false;
-+ // But make sure there's always enough to satisfy our request.
-+ if (newcap.value() < neededCapacity.value()) {
-+ newcap = neededCapacity;
- }
-
-- if (!setCapacity(newcap)) {
-+ if (!setCapacity(newcap.value())) {
- return false;
- }
- }
---
-2.4.3
-
generated by cgit v1.2.3 (git 2.25.4) at 2024-11-05 06:30:34 +0000