diff options
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch | 183 |
1 files changed, 0 insertions, 183 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch deleted file mode 100644 index 2e409d961c..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch +++ /dev/null @@ -1,183 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/0f7224441f20 -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1234280 - -# HG changeset patch -# User Benjamin Bouvier <benj@benj.me> -# Date 1450947090 -3600 -# Node ID 0f7224441f2089001f7934b46ac10cb72d267606 -# Parent debff255c08e898be370e307e1e014f5601c20c6 -Bug 1234280: Handle oom in CodeGeneratorShared::allocateData; r=jandem, a=sledru - -diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp ---- a/js/src/jit/CodeGenerator.cpp -+++ b/js/src/jit/CodeGenerator.cpp -@@ -7902,17 +7902,19 @@ const VMFunction GetPropertyIC::UpdateIn - void - CodeGenerator::visitGetPropertyIC(OutOfLineUpdateCache* ool, DataPtr<GetPropertyIC>& ic) - { - LInstruction* lir = ool->lir(); - - if (ic->idempotent()) { - size_t numLocs; - CacheLocationList& cacheLocs = lir->mirRaw()->toGetPropertyCache()->location(); -- size_t locationBase = addCacheLocations(cacheLocs, &numLocs); -+ size_t locationBase; -+ if (!addCacheLocations(cacheLocs, &numLocs, &locationBase)) -+ return; - ic->setLocationInfo(locationBase, numLocs); - } - - saveLive(lir); - - pushArg(ic->object()); - pushArg(Imm32(ool->getCacheIndex())); - pushArg(ImmGCPtr(gen->info().script())); -diff --git a/js/src/jit/shared/CodeGenerator-shared.cpp b/js/src/jit/shared/CodeGenerator-shared.cpp ---- a/js/src/jit/shared/CodeGenerator-shared.cpp -+++ b/js/src/jit/shared/CodeGenerator-shared.cpp -@@ -1527,31 +1527,34 @@ CodeGeneratorShared::jumpToBlock(MBasicB - - masm.propagateOOM(patchableBackedges_.append(PatchableBackedgeInfo(backedge, mir->lir()->label(), oolEntry))); - } else { - masm.j(cond, mir->lir()->label()); - } - } - #endif - --size_t --CodeGeneratorShared::addCacheLocations(const CacheLocationList& locs, size_t* numLocs) -+MOZ_WARN_UNUSED_RESULT bool -+CodeGeneratorShared::addCacheLocations(const CacheLocationList& locs, size_t* numLocs, -+ size_t* curIndex) - { - size_t firstIndex = runtimeData_.length(); - size_t numLocations = 0; - for (CacheLocationList::iterator iter = locs.begin(); iter != locs.end(); iter++) { - // allocateData() ensures that sizeof(CacheLocation) is word-aligned. - // If this changes, we will need to pad to ensure alignment. -- size_t curIndex = allocateData(sizeof(CacheLocation)); -- new (&runtimeData_[curIndex]) CacheLocation(iter->pc, iter->script); -+ if (!allocateData(sizeof(CacheLocation), curIndex)) -+ return false; -+ new (&runtimeData_[*curIndex]) CacheLocation(iter->pc, iter->script); - numLocations++; - } - MOZ_ASSERT(numLocations != 0); - *numLocs = numLocations; -- return firstIndex; -+ *curIndex = firstIndex; -+ return true; - } - - ReciprocalMulConstants - CodeGeneratorShared::computeDivisionConstants(int d) { - // In what follows, d is positive and is not a power of 2. - MOZ_ASSERT(d > 0 && (d & (d - 1)) != 0); - - // Speeding up division by non power-of-2 constants is possible by -diff --git a/js/src/jit/shared/CodeGenerator-shared.h b/js/src/jit/shared/CodeGenerator-shared.h ---- a/js/src/jit/shared/CodeGenerator-shared.h -+++ b/js/src/jit/shared/CodeGenerator-shared.h -@@ -3,16 +3,17 @@ - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - - #ifndef jit_shared_CodeGenerator_shared_h - #define jit_shared_CodeGenerator_shared_h - - #include "mozilla/Alignment.h" -+#include "mozilla/TypeTraits.h" - - #include "jit/JitFrames.h" - #include "jit/LIR.h" - #include "jit/MacroAssembler.h" - #include "jit/MIRGenerator.h" - #include "jit/MIRGraph.h" - #include "jit/OptimizationTracking.h" - #include "jit/Safepoints.h" -@@ -242,24 +243,16 @@ class CodeGeneratorShared : public LElem - return SlotToStackOffset(a->toStackSlot()->slot()); - } - - uint32_t frameSize() const { - return frameClass_ == FrameSizeClass::None() ? frameDepth_ : frameClass_.frameSize(); - } - - protected: -- // Ensure the cache is an IonCache while expecting the size of the derived -- // class. We only need the cache list at GC time. Everyone else can just take -- // runtimeData offsets. -- size_t allocateCache(const IonCache&, size_t size) { -- size_t dataOffset = allocateData(size); -- masm.propagateOOM(cacheList_.append(dataOffset)); -- return dataOffset; -- } - - #ifdef CHECK_OSIPOINT_REGISTERS - void resetOsiPointRegs(LSafepoint* safepoint); - bool shouldVerifyOsiPointRegs(LSafepoint* safepoint); - void verifyOsiPointRegs(LSafepoint* safepoint); - #endif - - bool addNativeToBytecodeEntry(const BytecodeSite* site); -@@ -295,27 +288,33 @@ class CodeGeneratorShared : public LElem - return lookup(); - } - T * operator*() { - return lookup(); - } - }; - - protected: -- -- size_t allocateData(size_t size) { -+ MOZ_WARN_UNUSED_RESULT -+ bool allocateData(size_t size, size_t* offset) { - MOZ_ASSERT(size % sizeof(void*) == 0); -- size_t dataOffset = runtimeData_.length(); -+ *offset = runtimeData_.length(); - masm.propagateOOM(runtimeData_.appendN(0, size)); -- return dataOffset; -+ return !masm.oom(); - } - -+ // Ensure the cache is an IonCache while expecting the size of the derived -+ // class. We only need the cache list at GC time. Everyone else can just take -+ // runtimeData offsets. - template <typename T> - inline size_t allocateCache(const T& cache) { -- size_t index = allocateCache(cache, sizeof(mozilla::AlignedStorage2<T>)); -+ static_assert(mozilla::IsBaseOf<IonCache, T>::value, "T must inherit from IonCache"); -+ size_t index; -+ masm.propagateOOM(allocateData(sizeof(mozilla::AlignedStorage2<T>), &index)); -+ masm.propagateOOM(cacheList_.append(index)); - if (masm.oom()) - return SIZE_MAX; - // Use the copy constructor on the allocated space. - MOZ_ASSERT(index == cacheList_.back()); - new (&runtimeData_[index]) T(cache); - return index; - } - -@@ -475,17 +474,17 @@ class CodeGeneratorShared : public LElem - - void callVM(const VMFunction& f, LInstruction* ins, const Register* dynStack = nullptr); - - template <class ArgSeq, class StoreOutputTo> - inline OutOfLineCode* oolCallVM(const VMFunction& fun, LInstruction* ins, const ArgSeq& args, - const StoreOutputTo& out); - - void addCache(LInstruction* lir, size_t cacheIndex); -- size_t addCacheLocations(const CacheLocationList& locs, size_t* numLocs); -+ bool addCacheLocations(const CacheLocationList& locs, size_t* numLocs, size_t* offset); - ReciprocalMulConstants computeDivisionConstants(int d); - - protected: - void addOutOfLineCode(OutOfLineCode* code, const MInstruction* mir); - void addOutOfLineCode(OutOfLineCode* code, const BytecodeSite* site); - bool hasOutOfLineCode() { return !outOfLineCode_.empty(); } - bool generateOutOfLineCode(); - - |