diff options
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch b/gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch new file mode 100644 index 0000000000..96b83c118c --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch @@ -0,0 +1,60 @@ +Copied from upstream: +https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/2839062f84fb + +# HG changeset patch +# User Jan de Mooij <jdemooij@mozilla.com> +# Date 1455119320 -3600 +# Node ID 2839062f84fb6cba2781ea8d59150f13d4813ddc +# Parent 185b233ea03f3811404e3979b65ec86b29d13555 +Bug 1242279 - r=bhackett1024 a=sylvestre + +diff --git a/js/src/vm/TypeInference.cpp b/js/src/vm/TypeInference.cpp +--- a/js/src/vm/TypeInference.cpp ++++ b/js/src/vm/TypeInference.cpp +@@ -3961,16 +3961,22 @@ JSScript::maybeSweepTypes(AutoClearTypeI + + unsigned num = TypeScript::NumTypeSets(this); + StackTypeSet* typeArray = types_->typeArray(); + + // Remove constraints and references to dead objects from stack type sets. + for (unsigned i = 0; i < num; i++) + typeArray[i].sweep(zone(), *oom); + ++ if (oom->hadOOM()) { ++ // It's possible we OOM'd while copying freeze constraints, so they ++ // need to be regenerated. ++ hasFreezeConstraints_ = false; ++ } ++ + // Update the recompile indexes in any IonScripts still on the script. + if (hasIonScript()) + ionScript()->recompileInfoRef().shouldSweep(types); + } + + void + TypeScript::destroy() + { +diff --git a/js/src/vm/TypeInference.h b/js/src/vm/TypeInference.h +--- a/js/src/vm/TypeInference.h ++++ b/js/src/vm/TypeInference.h +@@ -566,16 +566,19 @@ class AutoClearTypeInferenceStateOnOOM + : zone(zone), oom(false) + {} + + ~AutoClearTypeInferenceStateOnOOM(); + + void setOOM() { + oom = true; + } ++ bool hadOOM() const { ++ return oom; ++ } + }; + + /* Superclass common to stack and heap type sets. */ + class ConstraintTypeSet : public TypeSet + { + public: + /* Chain of constraints which propagate changes out from this type set. */ + TypeConstraint* constraintList; + |