mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 22:08:16 -05:00
gnu: icecat: Add fixes for CVE-2016-{1930,1935} and other bugs.
* gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch, gnu/packages/patches/icecat-CVE-2016-1935.patch, gnu/packages/patches/icecat-bug-1146335-pt1.patch, gnu/packages/patches/icecat-bug-1146335-pt2.patch, gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
This commit is contained in:
parent
a394c60aa3
commit
29a780147d
21 changed files with 1770 additions and 2 deletions
|
@ -517,7 +517,26 @@ dist_patch_DATA = \
|
|||
gnu/packages/patches/hop-linker-flags.patch \
|
||||
gnu/packages/patches/hydra-automake-1.15.patch \
|
||||
gnu/packages/patches/hydra-disable-darcs-test.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch \
|
||||
gnu/packages/patches/icecat-CVE-2016-1935.patch \
|
||||
gnu/packages/patches/icecat-avoid-bundled-includes.patch \
|
||||
gnu/packages/patches/icecat-bug-1146335-pt1.patch \
|
||||
gnu/packages/patches/icecat-bug-1146335-pt2.patch \
|
||||
gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch \
|
||||
gnu/packages/patches/icu4c-CVE-2014-6585.patch \
|
||||
gnu/packages/patches/icu4c-CVE-2015-1270.patch \
|
||||
gnu/packages/patches/icu4c-CVE-2015-4760.patch \
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
|
||||
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
|
||||
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
|
||||
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
|
||||
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
|
@ -287,7 +287,27 @@ (define-public icecat
|
|||
(sha256
|
||||
(base32
|
||||
"0m18xyb0rd02yaw9xd5z4bab1wr2599iszzqhm86c134jv5vk6cg"))
|
||||
(patches (map search-patch '("icecat-avoid-bundled-includes.patch")))
|
||||
(patches (map search-patch
|
||||
'("icecat-avoid-bundled-includes.patch"
|
||||
"icecat-CVE-2016-1930-pt01.patch"
|
||||
"icecat-CVE-2016-1930-pt02.patch"
|
||||
"icecat-CVE-2016-1930-pt03.patch"
|
||||
"icecat-CVE-2016-1930-pt04.patch"
|
||||
"icecat-CVE-2016-1930-pt05.patch"
|
||||
"icecat-CVE-2016-1930-pt06.patch"
|
||||
"icecat-CVE-2016-1930-pt07.patch"
|
||||
"icecat-CVE-2016-1930-pt08.patch"
|
||||
"icecat-CVE-2016-1930-pt09.patch"
|
||||
"icecat-CVE-2016-1930-pt10.patch"
|
||||
"icecat-CVE-2016-1930-pt11.patch"
|
||||
"icecat-CVE-2016-1930-pt12.patch"
|
||||
"icecat-CVE-2016-1930-pt13.patch"
|
||||
"icecat-bug-1146335-pt1.patch"
|
||||
"icecat-bug-1146335-pt2.patch"
|
||||
"icecat-CVE-2016-1935.patch"
|
||||
"icecat-CVE-2016-1930-pt14.patch"
|
||||
"icecat-CVE-2016-1930-pt15.patch"
|
||||
"icecat-limit-max-buffers-size-for-ANGLE.patch")))
|
||||
(modules '((guix build utils)))
|
||||
(snippet
|
||||
'(begin
|
||||
|
|
34
gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch
Normal file
34
gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch
Normal file
|
@ -0,0 +1,34 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/925215cae26f
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233346
|
||||
|
||||
# HG changeset patch
|
||||
# User Nils Ohlmeier <drno@ohlmeier.org>
|
||||
# Date 1451439902 18000
|
||||
# Node ID 925215cae26f9c0ccff07ef403a5b3194a4c45c4
|
||||
# Parent ff8e52467d793e935b80bf22a722a71a96fe2d63
|
||||
Bug 1233346 - r=ekr a=abillings
|
||||
|
||||
diff --git a/media/mtransport/third_party/nICEr/src/stun/addrs.c b/media/mtransport/third_party/nICEr/src/stun/addrs.c
|
||||
--- a/media/mtransport/third_party/nICEr/src/stun/addrs.c
|
||||
+++ b/media/mtransport/third_party/nICEr/src/stun/addrs.c
|
||||
@@ -530,16 +530,18 @@ stun_get_win32_addrs(nr_local_addr addrs
|
||||
|
||||
for (tmpAddress = AdapterAddresses; tmpAddress != NULL; tmpAddress = tmpAddress->Next) {
|
||||
char *c;
|
||||
|
||||
if (tmpAddress->OperStatus != IfOperStatusUp)
|
||||
continue;
|
||||
|
||||
snprintf(munged_ifname, IFNAMSIZ, "%S%c", tmpAddress->FriendlyName, 0);
|
||||
+ munged_ifname[IFNAMSIZ-1] = '\0';
|
||||
+
|
||||
/* replace spaces with underscores */
|
||||
c = strchr(munged_ifname, ' ');
|
||||
while (c != NULL) {
|
||||
*c = '_';
|
||||
c = strchr(munged_ifname, ' ');
|
||||
}
|
||||
c = strchr(munged_ifname, '.');
|
||||
while (c != NULL) {
|
||||
|
33
gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch
Normal file
33
gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch
Normal file
|
@ -0,0 +1,33 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/fc78180165a8
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670
|
||||
|
||||
# HG changeset patch
|
||||
# User Karl Tomlinson <karlt+@karlt.net>
|
||||
# Date 1449117514 -46800
|
||||
# Node ID fc78180165a8262c80bbb722ed99b2e0c27b02d0
|
||||
# Parent 925215cae26f9c0ccff07ef403a5b3194a4c45c4
|
||||
bug 1223670 assert that connected streams have the same graph r=padenot a=abillings
|
||||
|
||||
diff --git a/dom/media/MediaStreamGraph.cpp b/dom/media/MediaStreamGraph.cpp
|
||||
--- a/dom/media/MediaStreamGraph.cpp
|
||||
+++ b/dom/media/MediaStreamGraph.cpp
|
||||
@@ -2696,16 +2696,17 @@ ProcessedMediaStream::AllocateInputPort(
|
||||
unused << mPort.forget();
|
||||
}
|
||||
virtual void RunDuringShutdown()
|
||||
{
|
||||
Run();
|
||||
}
|
||||
nsRefPtr<MediaInputPort> mPort;
|
||||
};
|
||||
+ MOZ_ASSERT(aStream->GraphImpl() == GraphImpl());
|
||||
nsRefPtr<MediaInputPort> port = new MediaInputPort(aStream, this, aFlags,
|
||||
aInputNumber, aOutputNumber);
|
||||
port->SetGraphImpl(GraphImpl());
|
||||
GraphImpl()->AppendMessage(new Message(port));
|
||||
return port.forget();
|
||||
}
|
||||
|
||||
void
|
||||
|
308
gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch
Normal file
308
gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch
Normal file
|
@ -0,0 +1,308 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/f746c38d160e
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670
|
||||
|
||||
# HG changeset patch
|
||||
# User Karl Tomlinson <karlt+@karlt.net>
|
||||
# Date 1449764754 18000
|
||||
# Node ID f746c38d160ea29088c15cacae44f3662befaec5
|
||||
# Parent fc78180165a8262c80bbb722ed99b2e0c27b02d0
|
||||
bug 1223670 replace public constructors with fallible factory methods r=baku a=abillings
|
||||
|
||||
diff --git a/dom/media/webaudio/AudioContext.cpp b/dom/media/webaudio/AudioContext.cpp
|
||||
--- a/dom/media/webaudio/AudioContext.cpp
|
||||
+++ b/dom/media/webaudio/AudioContext.cpp
|
||||
@@ -299,32 +299,29 @@ AudioContext::CreateMediaElementSource(H
|
||||
aRv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
|
||||
return nullptr;
|
||||
}
|
||||
#endif
|
||||
nsRefPtr<DOMMediaStream> stream = aMediaElement.MozCaptureStream(aRv);
|
||||
if (aRv.Failed()) {
|
||||
return nullptr;
|
||||
}
|
||||
- nsRefPtr<MediaElementAudioSourceNode> mediaElementAudioSourceNode =
|
||||
- new MediaElementAudioSourceNode(this, stream);
|
||||
- return mediaElementAudioSourceNode.forget();
|
||||
+ return MediaElementAudioSourceNode::Create(this, stream, aRv);
|
||||
}
|
||||
|
||||
already_AddRefed<MediaStreamAudioSourceNode>
|
||||
AudioContext::CreateMediaStreamSource(DOMMediaStream& aMediaStream,
|
||||
ErrorResult& aRv)
|
||||
{
|
||||
if (mIsOffline) {
|
||||
aRv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
|
||||
return nullptr;
|
||||
}
|
||||
- nsRefPtr<MediaStreamAudioSourceNode> mediaStreamAudioSourceNode =
|
||||
- new MediaStreamAudioSourceNode(this, &aMediaStream);
|
||||
- return mediaStreamAudioSourceNode.forget();
|
||||
+
|
||||
+ return MediaStreamAudioSourceNode::Create(this, &aMediaStream, aRv);
|
||||
}
|
||||
|
||||
already_AddRefed<GainNode>
|
||||
AudioContext::CreateGain()
|
||||
{
|
||||
nsRefPtr<GainNode> gainNode = new GainNode(this);
|
||||
return gainNode.forget();
|
||||
}
|
||||
diff --git a/dom/media/webaudio/AudioNode.cpp b/dom/media/webaudio/AudioNode.cpp
|
||||
--- a/dom/media/webaudio/AudioNode.cpp
|
||||
+++ b/dom/media/webaudio/AudioNode.cpp
|
||||
@@ -61,34 +61,29 @@ AudioNode::AudioNode(AudioContext* aCont
|
||||
ChannelInterpretation aChannelInterpretation)
|
||||
: DOMEventTargetHelper(aContext->GetParentObject())
|
||||
, mContext(aContext)
|
||||
, mChannelCount(aChannelCount)
|
||||
, mChannelCountMode(aChannelCountMode)
|
||||
, mChannelInterpretation(aChannelInterpretation)
|
||||
, mId(gId++)
|
||||
, mPassThrough(false)
|
||||
-#ifdef DEBUG
|
||||
- , mDemiseNotified(false)
|
||||
-#endif
|
||||
{
|
||||
MOZ_ASSERT(aContext);
|
||||
DOMEventTargetHelper::BindToOwner(aContext->GetParentObject());
|
||||
aContext->UpdateNodeCount(1);
|
||||
}
|
||||
|
||||
AudioNode::~AudioNode()
|
||||
{
|
||||
MOZ_ASSERT(mInputNodes.IsEmpty());
|
||||
MOZ_ASSERT(mOutputNodes.IsEmpty());
|
||||
MOZ_ASSERT(mOutputParams.IsEmpty());
|
||||
-#ifdef DEBUG
|
||||
- MOZ_ASSERT(mDemiseNotified,
|
||||
+ MOZ_ASSERT(!mStream,
|
||||
"The webaudio-node-demise notification must have been sent");
|
||||
-#endif
|
||||
if (mContext) {
|
||||
mContext->UpdateNodeCount(-1);
|
||||
}
|
||||
}
|
||||
|
||||
size_t
|
||||
AudioNode::SizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const
|
||||
{
|
||||
@@ -399,19 +394,16 @@ AudioNode::DestroyMediaStream()
|
||||
mStream = nullptr;
|
||||
|
||||
nsCOMPtr<nsIObserverService> obs = services::GetObserverService();
|
||||
if (obs) {
|
||||
nsAutoString id;
|
||||
id.AppendPrintf("%u", mId);
|
||||
obs->NotifyObservers(nullptr, "webaudio-node-demise", id.get());
|
||||
}
|
||||
-#ifdef DEBUG
|
||||
- mDemiseNotified = true;
|
||||
-#endif
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
AudioNode::RemoveOutputParam(AudioParam* aParam)
|
||||
{
|
||||
mOutputParams.RemoveElement(aParam);
|
||||
}
|
||||
diff --git a/dom/media/webaudio/AudioNode.h b/dom/media/webaudio/AudioNode.h
|
||||
--- a/dom/media/webaudio/AudioNode.h
|
||||
+++ b/dom/media/webaudio/AudioNode.h
|
||||
@@ -239,19 +239,14 @@ private:
|
||||
nsTArray<nsRefPtr<AudioParam> > mOutputParams;
|
||||
uint32_t mChannelCount;
|
||||
ChannelCountMode mChannelCountMode;
|
||||
ChannelInterpretation mChannelInterpretation;
|
||||
const uint32_t mId;
|
||||
// Whether the node just passes through its input. This is a devtools API that
|
||||
// only works for some node types.
|
||||
bool mPassThrough;
|
||||
-#ifdef DEBUG
|
||||
- // In debug builds, check to make sure that the node demise notification has
|
||||
- // been properly sent before the node is destroyed.
|
||||
- bool mDemiseNotified;
|
||||
-#endif
|
||||
};
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
diff --git a/dom/media/webaudio/MediaElementAudioSourceNode.cpp b/dom/media/webaudio/MediaElementAudioSourceNode.cpp
|
||||
--- a/dom/media/webaudio/MediaElementAudioSourceNode.cpp
|
||||
+++ b/dom/media/webaudio/MediaElementAudioSourceNode.cpp
|
||||
@@ -5,22 +5,36 @@
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include "MediaElementAudioSourceNode.h"
|
||||
#include "mozilla/dom/MediaElementAudioSourceNodeBinding.h"
|
||||
|
||||
namespace mozilla {
|
||||
namespace dom {
|
||||
|
||||
-MediaElementAudioSourceNode::MediaElementAudioSourceNode(AudioContext* aContext,
|
||||
- DOMMediaStream* aStream)
|
||||
- : MediaStreamAudioSourceNode(aContext, aStream)
|
||||
+MediaElementAudioSourceNode::MediaElementAudioSourceNode(AudioContext* aContext)
|
||||
+ : MediaStreamAudioSourceNode(aContext)
|
||||
{
|
||||
}
|
||||
|
||||
+/* static */ already_AddRefed<MediaElementAudioSourceNode>
|
||||
+MediaElementAudioSourceNode::Create(AudioContext* aContext,
|
||||
+ DOMMediaStream* aStream, ErrorResult& aRv)
|
||||
+{
|
||||
+ nsRefPtr<MediaElementAudioSourceNode> node =
|
||||
+ new MediaElementAudioSourceNode(aContext);
|
||||
+
|
||||
+ node->Init(aStream, aRv);
|
||||
+ if (aRv.Failed()) {
|
||||
+ return nullptr;
|
||||
+ }
|
||||
+
|
||||
+ return node.forget();
|
||||
+}
|
||||
+
|
||||
JSObject*
|
||||
MediaElementAudioSourceNode::WrapObject(JSContext* aCx)
|
||||
{
|
||||
return MediaElementAudioSourceNodeBinding::Wrap(aCx, this);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
diff --git a/dom/media/webaudio/MediaElementAudioSourceNode.h b/dom/media/webaudio/MediaElementAudioSourceNode.h
|
||||
--- a/dom/media/webaudio/MediaElementAudioSourceNode.h
|
||||
+++ b/dom/media/webaudio/MediaElementAudioSourceNode.h
|
||||
@@ -10,28 +10,30 @@
|
||||
#include "MediaStreamAudioSourceNode.h"
|
||||
|
||||
namespace mozilla {
|
||||
namespace dom {
|
||||
|
||||
class MediaElementAudioSourceNode : public MediaStreamAudioSourceNode
|
||||
{
|
||||
public:
|
||||
- MediaElementAudioSourceNode(AudioContext* aContext,
|
||||
- DOMMediaStream* aStream);
|
||||
+ static already_AddRefed<MediaElementAudioSourceNode>
|
||||
+ Create(AudioContext* aContext, DOMMediaStream* aStream, ErrorResult& aRv);
|
||||
|
||||
virtual JSObject* WrapObject(JSContext* aCx) override;
|
||||
|
||||
virtual const char* NodeType() const override
|
||||
{
|
||||
return "MediaElementAudioSourceNode";
|
||||
}
|
||||
|
||||
virtual size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const override
|
||||
{
|
||||
return aMallocSizeOf(this) + SizeOfExcludingThis(aMallocSizeOf);
|
||||
}
|
||||
+private:
|
||||
+ explicit MediaElementAudioSourceNode(AudioContext* aContext);
|
||||
};
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
diff --git a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
|
||||
--- a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
|
||||
+++ b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
|
||||
@@ -25,26 +25,45 @@ NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_
|
||||
NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
|
||||
|
||||
NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION_INHERITED(MediaStreamAudioSourceNode)
|
||||
NS_INTERFACE_MAP_END_INHERITING(AudioNode)
|
||||
|
||||
NS_IMPL_ADDREF_INHERITED(MediaStreamAudioSourceNode, AudioNode)
|
||||
NS_IMPL_RELEASE_INHERITED(MediaStreamAudioSourceNode, AudioNode)
|
||||
|
||||
-MediaStreamAudioSourceNode::MediaStreamAudioSourceNode(AudioContext* aContext,
|
||||
- DOMMediaStream* aMediaStream)
|
||||
+MediaStreamAudioSourceNode::MediaStreamAudioSourceNode(AudioContext* aContext)
|
||||
: AudioNode(aContext,
|
||||
2,
|
||||
ChannelCountMode::Max,
|
||||
- ChannelInterpretation::Speakers),
|
||||
- mInputStream(aMediaStream)
|
||||
+ ChannelInterpretation::Speakers)
|
||||
{
|
||||
+}
|
||||
+
|
||||
+/* static */ already_AddRefed<MediaStreamAudioSourceNode>
|
||||
+MediaStreamAudioSourceNode::Create(AudioContext* aContext,
|
||||
+ DOMMediaStream* aStream, ErrorResult& aRv)
|
||||
+{
|
||||
+ nsRefPtr<MediaStreamAudioSourceNode> node =
|
||||
+ new MediaStreamAudioSourceNode(aContext);
|
||||
+
|
||||
+ node->Init(aStream, aRv);
|
||||
+ if (aRv.Failed()) {
|
||||
+ return nullptr;
|
||||
+ }
|
||||
+
|
||||
+ return node.forget();
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+MediaStreamAudioSourceNode::Init(DOMMediaStream* aMediaStream, ErrorResult& aRv)
|
||||
+{
|
||||
+ mInputStream = aMediaStream;
|
||||
AudioNodeEngine* engine = new MediaStreamAudioSourceNodeEngine(this);
|
||||
- mStream = aContext->Graph()->CreateAudioNodeExternalInputStream(engine);
|
||||
+ mStream = Context()->Graph()->CreateAudioNodeExternalInputStream(engine);
|
||||
ProcessedMediaStream* outputStream = static_cast<ProcessedMediaStream*>(mStream.get());
|
||||
mInputPort = outputStream->AllocateInputPort(aMediaStream->GetStream(),
|
||||
MediaInputPort::FLAG_BLOCK_INPUT);
|
||||
mInputStream->AddConsumerToKeepAlive(static_cast<nsIDOMEventTarget*>(this));
|
||||
|
||||
PrincipalChanged(mInputStream); // trigger enabling/disabling of the connector
|
||||
mInputStream->AddPrincipalChangeObserver(this);
|
||||
}
|
||||
diff --git a/dom/media/webaudio/MediaStreamAudioSourceNode.h b/dom/media/webaudio/MediaStreamAudioSourceNode.h
|
||||
--- a/dom/media/webaudio/MediaStreamAudioSourceNode.h
|
||||
+++ b/dom/media/webaudio/MediaStreamAudioSourceNode.h
|
||||
@@ -38,17 +38,18 @@ public:
|
||||
private:
|
||||
bool mEnabled;
|
||||
};
|
||||
|
||||
class MediaStreamAudioSourceNode : public AudioNode,
|
||||
public DOMMediaStream::PrincipalChangeObserver
|
||||
{
|
||||
public:
|
||||
- MediaStreamAudioSourceNode(AudioContext* aContext, DOMMediaStream* aMediaStream);
|
||||
+ static already_AddRefed<MediaStreamAudioSourceNode>
|
||||
+ Create(AudioContext* aContext, DOMMediaStream* aStream, ErrorResult& aRv);
|
||||
|
||||
NS_DECL_ISUPPORTS_INHERITED
|
||||
NS_DECL_CYCLE_COLLECTION_CLASS_INHERITED(MediaStreamAudioSourceNode, AudioNode)
|
||||
|
||||
virtual JSObject* WrapObject(JSContext* aCx) override;
|
||||
|
||||
virtual void DestroyMediaStream() override;
|
||||
|
||||
@@ -60,16 +61,18 @@ public:
|
||||
}
|
||||
|
||||
virtual size_t SizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const override;
|
||||
virtual size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const override;
|
||||
|
||||
virtual void PrincipalChanged(DOMMediaStream* aMediaStream) override;
|
||||
|
||||
protected:
|
||||
+ explicit MediaStreamAudioSourceNode(AudioContext* aContext);
|
||||
+ void Init(DOMMediaStream* aMediaStream, ErrorResult& aRv);
|
||||
virtual ~MediaStreamAudioSourceNode();
|
||||
|
||||
private:
|
||||
nsRefPtr<MediaInputPort> mInputPort;
|
||||
nsRefPtr<DOMMediaStream> mInputStream;
|
||||
};
|
||||
|
||||
}
|
||||
|
47
gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch
Normal file
47
gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch
Normal file
|
@ -0,0 +1,47 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/6d43ff33bd55
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670
|
||||
|
||||
# HG changeset patch
|
||||
# User Karl Tomlinson <karlt+@karlt.net>
|
||||
# Date 1451362442 -46800
|
||||
# Node ID 6d43ff33bd552b8f7a34e4105cf5bcc0a8c8ea8c
|
||||
# Parent f746c38d160ea29088c15cacae44f3662befaec5
|
||||
bug 1223670 throw not supported when creating a node from a stream with different channel r=baku a=abillings
|
||||
|
||||
diff --git a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
|
||||
--- a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
|
||||
+++ b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
|
||||
@@ -51,21 +51,29 @@ MediaStreamAudioSourceNode::Create(Audio
|
||||
}
|
||||
|
||||
return node.forget();
|
||||
}
|
||||
|
||||
void
|
||||
MediaStreamAudioSourceNode::Init(DOMMediaStream* aMediaStream, ErrorResult& aRv)
|
||||
{
|
||||
+ MOZ_ASSERT(aMediaStream);
|
||||
+ MediaStream* inputStream = aMediaStream->GetStream();
|
||||
+ MediaStreamGraph* graph = Context()->Graph();
|
||||
+ if (NS_WARN_IF(graph != inputStream->Graph())) {
|
||||
+ aRv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
mInputStream = aMediaStream;
|
||||
AudioNodeEngine* engine = new MediaStreamAudioSourceNodeEngine(this);
|
||||
- mStream = Context()->Graph()->CreateAudioNodeExternalInputStream(engine);
|
||||
+ mStream = graph->CreateAudioNodeExternalInputStream(engine);
|
||||
ProcessedMediaStream* outputStream = static_cast<ProcessedMediaStream*>(mStream.get());
|
||||
- mInputPort = outputStream->AllocateInputPort(aMediaStream->GetStream(),
|
||||
+ mInputPort = outputStream->AllocateInputPort(inputStream,
|
||||
MediaInputPort::FLAG_BLOCK_INPUT);
|
||||
mInputStream->AddConsumerToKeepAlive(static_cast<nsIDOMEventTarget*>(this));
|
||||
|
||||
PrincipalChanged(mInputStream); // trigger enabling/disabling of the connector
|
||||
mInputStream->AddPrincipalChangeObserver(this);
|
||||
}
|
||||
|
||||
MediaStreamAudioSourceNode::~MediaStreamAudioSourceNode()
|
||||
|
51
gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch
Normal file
51
gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch
Normal file
|
@ -0,0 +1,51 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/4f6e81673f69
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670
|
||||
|
||||
# HG changeset patch
|
||||
# User Karl Tomlinson <karlt+@karlt.net>
|
||||
# Date 1449145091 -46800
|
||||
# Node ID 4f6e81673f6938719c86516606f2fda493e8c23c
|
||||
# Parent 6d43ff33bd552b8f7a34e4105cf5bcc0a8c8ea8c
|
||||
bug 1223670 make SetMozAudioChannelType() private because the type will not change after construction r=baku a=abillings
|
||||
|
||||
diff --git a/dom/media/webaudio/AudioDestinationNode.h b/dom/media/webaudio/AudioDestinationNode.h
|
||||
--- a/dom/media/webaudio/AudioDestinationNode.h
|
||||
+++ b/dom/media/webaudio/AudioDestinationNode.h
|
||||
@@ -57,17 +57,16 @@ public:
|
||||
void StartRendering(Promise* aPromise);
|
||||
|
||||
void OfflineShutdown();
|
||||
|
||||
// nsIDOMEventListener - by proxy
|
||||
NS_IMETHOD HandleEvent(nsIDOMEvent* aEvent) override;
|
||||
|
||||
AudioChannel MozAudioChannelType() const;
|
||||
- void SetMozAudioChannelType(AudioChannel aValue, ErrorResult& aRv);
|
||||
|
||||
virtual void NotifyMainThreadStateChanged() override;
|
||||
void FireOfflineCompletionEvent();
|
||||
|
||||
// An amount that should be added to the MediaStream's current time to
|
||||
// get the AudioContext.currentTime.
|
||||
double ExtraCurrentTime();
|
||||
|
||||
@@ -86,16 +85,17 @@ public:
|
||||
|
||||
void InputMuted(bool aInputMuted);
|
||||
void ResolvePromise(AudioBuffer* aRenderedBuffer);
|
||||
|
||||
protected:
|
||||
virtual ~AudioDestinationNode();
|
||||
|
||||
private:
|
||||
+ void SetMozAudioChannelType(AudioChannel aValue, ErrorResult& aRv);
|
||||
bool CheckAudioChannelPermissions(AudioChannel aValue);
|
||||
|
||||
void SetCanPlay(bool aCanPlay);
|
||||
|
||||
void NotifyStableState();
|
||||
void ScheduleStableStateNotification();
|
||||
|
||||
SelfReference<AudioDestinationNode> mOfflineRenderingRef;
|
||||
|
170
gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch
Normal file
170
gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch
Normal file
|
@ -0,0 +1,170 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/93617c30c0df
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230686
|
||||
|
||||
# HG changeset patch
|
||||
# User Lee Salzman <lsalzman@mozilla.com>
|
||||
# Date 1451932822 18000
|
||||
# Node ID 93617c30c0df35f719dead526b78649d564f5ac3
|
||||
# Parent 4f6e81673f6938719c86516606f2fda493e8c23c
|
||||
Bug 1230686 - use RefPtr<DrawTarget>& instead of DrawTarget* to track changes in SurfaceFromElement a=ritu
|
||||
|
||||
diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp
|
||||
--- a/layout/base/nsLayoutUtils.cpp
|
||||
+++ b/layout/base/nsLayoutUtils.cpp
|
||||
@@ -6494,17 +6494,17 @@ nsLayoutUtils::IsReallyFixedPos(nsIFrame
|
||||
nsIAtom *parentType = aFrame->GetParent()->GetType();
|
||||
return parentType == nsGkAtoms::viewportFrame ||
|
||||
parentType == nsGkAtoms::pageContentFrame;
|
||||
}
|
||||
|
||||
nsLayoutUtils::SurfaceFromElementResult
|
||||
nsLayoutUtils::SurfaceFromElement(nsIImageLoadingContent* aElement,
|
||||
uint32_t aSurfaceFlags,
|
||||
- DrawTarget* aTarget)
|
||||
+ RefPtr<DrawTarget>& aTarget)
|
||||
{
|
||||
SurfaceFromElementResult result;
|
||||
nsresult rv;
|
||||
|
||||
nsCOMPtr<imgIRequest> imgRequest;
|
||||
rv = aElement->GetRequest(nsIImageLoadingContent::CURRENT_REQUEST,
|
||||
getter_AddRefs(imgRequest));
|
||||
if (NS_FAILED(rv) || !imgRequest)
|
||||
@@ -6586,41 +6586,41 @@ nsLayoutUtils::SurfaceFromElement(nsIIma
|
||||
result.mImageRequest = imgRequest.forget();
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
nsLayoutUtils::SurfaceFromElementResult
|
||||
nsLayoutUtils::SurfaceFromElement(HTMLImageElement *aElement,
|
||||
uint32_t aSurfaceFlags,
|
||||
- DrawTarget* aTarget)
|
||||
+ RefPtr<DrawTarget>& aTarget)
|
||||
{
|
||||
return SurfaceFromElement(static_cast<nsIImageLoadingContent*>(aElement),
|
||||
aSurfaceFlags, aTarget);
|
||||
}
|
||||
|
||||
nsLayoutUtils::SurfaceFromElementResult
|
||||
nsLayoutUtils::SurfaceFromElement(HTMLCanvasElement* aElement,
|
||||
uint32_t aSurfaceFlags,
|
||||
- DrawTarget* aTarget)
|
||||
+ RefPtr<DrawTarget>& aTarget)
|
||||
{
|
||||
SurfaceFromElementResult result;
|
||||
|
||||
bool* isPremultiplied = nullptr;
|
||||
if (aSurfaceFlags & SFE_PREFER_NO_PREMULTIPLY_ALPHA) {
|
||||
isPremultiplied = &result.mIsPremultiplied;
|
||||
}
|
||||
|
||||
gfxIntSize size = aElement->GetSize();
|
||||
|
||||
result.mSourceSurface = aElement->GetSurfaceSnapshot(isPremultiplied);
|
||||
if (!result.mSourceSurface) {
|
||||
// If the element doesn't have a context then we won't get a snapshot. The canvas spec wants us to not error and just
|
||||
// draw nothing, so return an empty surface.
|
||||
- DrawTarget *ref = aTarget ? aTarget : gfxPlatform::GetPlatform()->ScreenReferenceDrawTarget();
|
||||
+ DrawTarget *ref = aTarget ? aTarget.get() : gfxPlatform::GetPlatform()->ScreenReferenceDrawTarget();
|
||||
RefPtr<DrawTarget> dt = ref->CreateSimilarDrawTarget(IntSize(size.width, size.height),
|
||||
SurfaceFormat::B8G8R8A8);
|
||||
if (dt) {
|
||||
result.mSourceSurface = dt->Snapshot();
|
||||
}
|
||||
} else if (aTarget) {
|
||||
RefPtr<SourceSurface> opt = aTarget->OptimizeSourceSurface(result.mSourceSurface);
|
||||
if (opt) {
|
||||
@@ -6637,17 +6637,17 @@ nsLayoutUtils::SurfaceFromElement(HTMLCa
|
||||
result.mIsWriteOnly = aElement->IsWriteOnly();
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
nsLayoutUtils::SurfaceFromElementResult
|
||||
nsLayoutUtils::SurfaceFromElement(HTMLVideoElement* aElement,
|
||||
uint32_t aSurfaceFlags,
|
||||
- DrawTarget* aTarget)
|
||||
+ RefPtr<DrawTarget>& aTarget)
|
||||
{
|
||||
SurfaceFromElementResult result;
|
||||
|
||||
NS_WARN_IF_FALSE((aSurfaceFlags & SFE_PREFER_NO_PREMULTIPLY_ALPHA) == 0, "We can't support non-premultiplied alpha for video!");
|
||||
|
||||
#ifdef MOZ_EME
|
||||
if (aElement->ContainsRestrictedContent()) {
|
||||
return result;
|
||||
@@ -6689,17 +6689,17 @@ nsLayoutUtils::SurfaceFromElement(HTMLVi
|
||||
result.mIsWriteOnly = false;
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
nsLayoutUtils::SurfaceFromElementResult
|
||||
nsLayoutUtils::SurfaceFromElement(dom::Element* aElement,
|
||||
uint32_t aSurfaceFlags,
|
||||
- DrawTarget* aTarget)
|
||||
+ RefPtr<DrawTarget>& aTarget)
|
||||
{
|
||||
// If it's a <canvas>, we may be able to just grab its internal surface
|
||||
if (HTMLCanvasElement* canvas =
|
||||
HTMLCanvasElement::FromContentOrNull(aElement)) {
|
||||
return SurfaceFromElement(canvas, aSurfaceFlags, aTarget);
|
||||
}
|
||||
|
||||
// Maybe it's <video>?
|
||||
diff --git a/layout/base/nsLayoutUtils.h b/layout/base/nsLayoutUtils.h
|
||||
--- a/layout/base/nsLayoutUtils.h
|
||||
+++ b/layout/base/nsLayoutUtils.h
|
||||
@@ -2018,33 +2018,39 @@ public:
|
||||
bool mIsStillLoading;
|
||||
/* Whether the element used CORS when loading. */
|
||||
bool mCORSUsed;
|
||||
/* Whether the returned image contains premultiplied pixel data */
|
||||
bool mIsPremultiplied;
|
||||
};
|
||||
|
||||
static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::Element *aElement,
|
||||
- uint32_t aSurfaceFlags = 0,
|
||||
- DrawTarget *aTarget = nullptr);
|
||||
+ uint32_t aSurfaceFlags,
|
||||
+ mozilla::RefPtr<DrawTarget>& aTarget);
|
||||
+ static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::Element *aElement,
|
||||
+ uint32_t aSurfaceFlags = 0) {
|
||||
+ mozilla::RefPtr<DrawTarget> target = nullptr;
|
||||
+ return SurfaceFromElement(aElement, aSurfaceFlags, target);
|
||||
+ }
|
||||
+
|
||||
static SurfaceFromElementResult SurfaceFromElement(nsIImageLoadingContent *aElement,
|
||||
- uint32_t aSurfaceFlags = 0,
|
||||
- DrawTarget *aTarget = nullptr);
|
||||
+ uint32_t aSurfaceFlags,
|
||||
+ mozilla::RefPtr<DrawTarget>& aTarget);
|
||||
// Need an HTMLImageElement overload, because otherwise the
|
||||
// nsIImageLoadingContent and mozilla::dom::Element overloads are ambiguous
|
||||
// for HTMLImageElement.
|
||||
static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLImageElement *aElement,
|
||||
- uint32_t aSurfaceFlags = 0,
|
||||
- DrawTarget *aTarget = nullptr);
|
||||
+ uint32_t aSurfaceFlags,
|
||||
+ mozilla::RefPtr<DrawTarget>& aTarget);
|
||||
static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLCanvasElement *aElement,
|
||||
- uint32_t aSurfaceFlags = 0,
|
||||
- DrawTarget *aTarget = nullptr);
|
||||
+ uint32_t aSurfaceFlags,
|
||||
+ mozilla::RefPtr<DrawTarget>& aTarget);
|
||||
static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLVideoElement *aElement,
|
||||
- uint32_t aSurfaceFlags = 0,
|
||||
- DrawTarget *aTarget = nullptr);
|
||||
+ uint32_t aSurfaceFlags,
|
||||
+ mozilla::RefPtr<DrawTarget>& aTarget);
|
||||
|
||||
/**
|
||||
* When the document is editable by contenteditable attribute of its root
|
||||
* content or body content.
|
||||
*
|
||||
* Be aware, this returns nullptr if it's in designMode.
|
||||
*
|
||||
* For example:
|
||||
|
56
gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch
Normal file
56
gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch
Normal file
|
@ -0,0 +1,56 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/750e4cfc90f8
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233152
|
||||
|
||||
# HG changeset patch
|
||||
# User Jan de Mooij <jdemooij@mozilla.com>
|
||||
# Date 1451478493 -3600
|
||||
# Node ID 750e4cfc90f80df657e44c9c63b1865023d88682
|
||||
# Parent 93617c30c0df35f719dead526b78649d564f5ac3
|
||||
Bug 1233152 - Use PersistentRooted for ParseTask script and sourceObject. r=terrence a=abillings
|
||||
|
||||
diff --git a/js/src/vm/HelperThreads.cpp b/js/src/vm/HelperThreads.cpp
|
||||
--- a/js/src/vm/HelperThreads.cpp
|
||||
+++ b/js/src/vm/HelperThreads.cpp
|
||||
@@ -198,17 +198,17 @@ static const JSClass parseTaskGlobalClas
|
||||
|
||||
ParseTask::ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal, JSContext* initCx,
|
||||
const char16_t* chars, size_t length,
|
||||
JS::OffThreadCompileCallback callback, void* callbackData)
|
||||
: cx(cx), options(initCx), chars(chars), length(length),
|
||||
alloc(JSRuntime::TEMP_LIFO_ALLOC_PRIMARY_CHUNK_SIZE),
|
||||
exclusiveContextGlobal(initCx, exclusiveContextGlobal),
|
||||
callback(callback), callbackData(callbackData),
|
||||
- script(nullptr), errors(cx), overRecursed(false)
|
||||
+ script(initCx->runtime(), nullptr), errors(cx), overRecursed(false)
|
||||
{
|
||||
}
|
||||
|
||||
bool
|
||||
ParseTask::init(JSContext* cx, const ReadOnlyCompileOptions& options)
|
||||
{
|
||||
if (!this->options.copy(cx, options))
|
||||
return false;
|
||||
diff --git a/js/src/vm/HelperThreads.h b/js/src/vm/HelperThreads.h
|
||||
--- a/js/src/vm/HelperThreads.h
|
||||
+++ b/js/src/vm/HelperThreads.h
|
||||
@@ -472,17 +472,17 @@ struct ParseTask
|
||||
|
||||
// Callback invoked off the main thread when the parse finishes.
|
||||
JS::OffThreadCompileCallback callback;
|
||||
void* callbackData;
|
||||
|
||||
// Holds the final script between the invocation of the callback and the
|
||||
// point where FinishOffThreadScript is called, which will destroy the
|
||||
// ParseTask.
|
||||
- JSScript* script;
|
||||
+ PersistentRootedScript script;
|
||||
|
||||
// Any errors or warnings produced during compilation. These are reported
|
||||
// when finishing the script.
|
||||
Vector<frontend::CompileError*> errors;
|
||||
bool overRecursed;
|
||||
|
||||
ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal,
|
||||
JSContext* initCx, const char16_t* chars, size_t length,
|
||||
|
48
gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch
Normal file
48
gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch
Normal file
|
@ -0,0 +1,48 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/4444e94a99cb
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1221385
|
||||
|
||||
# HG changeset patch
|
||||
# User Jan de Mooij <jdemooij@mozilla.com>
|
||||
# Date 1451478429 -3600
|
||||
# Node ID 4444e94a99cb9b00c0351cc8bf5459739cc036a5
|
||||
# Parent 750e4cfc90f80df657e44c9c63b1865023d88682
|
||||
Bug 1221385 - Handle OOM during JitRuntime initialization a bit better. r=bhackett a=abillings
|
||||
|
||||
diff --git a/js/src/jscompartment.cpp b/js/src/jscompartment.cpp
|
||||
--- a/js/src/jscompartment.cpp
|
||||
+++ b/js/src/jscompartment.cpp
|
||||
@@ -138,28 +138,20 @@ JSRuntime::createJitRuntime(JSContext* c
|
||||
|
||||
// Protect jitRuntime_ from being observed (by InterruptRunningJitCode)
|
||||
// while it is being initialized. Unfortunately, initialization depends on
|
||||
// jitRuntime_ being non-null, so we can't just wait to assign jitRuntime_.
|
||||
JitRuntime::AutoMutateBackedges amb(jrt);
|
||||
jitRuntime_ = jrt;
|
||||
|
||||
if (!jitRuntime_->initialize(cx)) {
|
||||
- js_ReportOutOfMemory(cx);
|
||||
-
|
||||
- js_delete(jitRuntime_);
|
||||
- jitRuntime_ = nullptr;
|
||||
-
|
||||
- JSCompartment* comp = cx->runtime()->atomsCompartment();
|
||||
- if (comp->jitCompartment_) {
|
||||
- js_delete(comp->jitCompartment_);
|
||||
- comp->jitCompartment_ = nullptr;
|
||||
- }
|
||||
-
|
||||
- return nullptr;
|
||||
+ // Handling OOM here is complicated: if we delete jitRuntime_ now, we
|
||||
+ // will destroy the ExecutableAllocator, even though there may still be
|
||||
+ // JitCode instances holding references to ExecutablePools.
|
||||
+ CrashAtUnhandlableOOM("OOM in createJitRuntime");
|
||||
}
|
||||
|
||||
return jitRuntime_;
|
||||
}
|
||||
|
||||
bool
|
||||
JSCompartment::ensureJitCompartmentExists(JSContext* cx)
|
||||
{
|
||||
|
189
gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch
Normal file
189
gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch
Normal file
|
@ -0,0 +1,189 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/f31d643afd41
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233925
|
||||
|
||||
# HG changeset patch
|
||||
# User Jan de Mooij <jdemooij@mozilla.com>
|
||||
# Date 1452110721 -3600
|
||||
# Node ID f31d643afd4159b5422ae5aebcbbea0a088e018e
|
||||
# Parent 4444e94a99cb9b00c0351cc8bf5459739cc036a5
|
||||
Bug 1233925 - Treat functions with rest more like functions with lazy arguments. r=nbp a=ritu
|
||||
|
||||
diff --git a/js/src/jit/BacktrackingAllocator.cpp b/js/src/jit/BacktrackingAllocator.cpp
|
||||
--- a/js/src/jit/BacktrackingAllocator.cpp
|
||||
+++ b/js/src/jit/BacktrackingAllocator.cpp
|
||||
@@ -201,20 +201,19 @@ BacktrackingAllocator::tryGroupRegisters
|
||||
// constructor calling convention.
|
||||
if (IsThisSlotDefinition(reg0->def()) || IsThisSlotDefinition(reg1->def())) {
|
||||
if (*reg0->def()->output() != *reg1->def()->output())
|
||||
return true;
|
||||
}
|
||||
|
||||
// Registers which might spill to the frame's argument slots can only be
|
||||
// grouped with other such registers if the frame might access those
|
||||
- // arguments through a lazy arguments object.
|
||||
+ // arguments through a lazy arguments object or rest parameter.
|
||||
if (IsArgumentSlotDefinition(reg0->def()) || IsArgumentSlotDefinition(reg1->def())) {
|
||||
- JSScript* script = graph.mir().entryBlock()->info().script();
|
||||
- if (script && script->argumentsAliasesFormals()) {
|
||||
+ if (graph.mir().entryBlock()->info().mayReadFrameArgsDirectly()) {
|
||||
if (*reg0->def()->output() != *reg1->def()->output())
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
VirtualRegisterGroup* group0 = reg0->group(), *group1 = reg1->group();
|
||||
|
||||
if (!group0 && group1)
|
||||
diff --git a/js/src/jit/CompileInfo.h b/js/src/jit/CompileInfo.h
|
||||
--- a/js/src/jit/CompileInfo.h
|
||||
+++ b/js/src/jit/CompileInfo.h
|
||||
@@ -194,16 +194,17 @@ enum AnalysisMode {
|
||||
class CompileInfo
|
||||
{
|
||||
public:
|
||||
CompileInfo(JSScript* script, JSFunction* fun, jsbytecode* osrPc, bool constructing,
|
||||
AnalysisMode analysisMode, bool scriptNeedsArgsObj,
|
||||
InlineScriptTree* inlineScriptTree)
|
||||
: script_(script), fun_(fun), osrPc_(osrPc), constructing_(constructing),
|
||||
analysisMode_(analysisMode), scriptNeedsArgsObj_(scriptNeedsArgsObj),
|
||||
+ mayReadFrameArgsDirectly_(script->mayReadFrameArgsDirectly()),
|
||||
inlineScriptTree_(inlineScriptTree)
|
||||
{
|
||||
MOZ_ASSERT_IF(osrPc, JSOp(*osrPc) == JSOP_LOOPENTRY);
|
||||
|
||||
// The function here can flow in from anywhere so look up the canonical
|
||||
// function to ensure that we do not try to embed a nursery pointer in
|
||||
// jit-code. Precisely because it can flow in from anywhere, it's not
|
||||
// guaranteed to be non-lazy. Hence, don't access its script!
|
||||
@@ -222,17 +223,17 @@ class CompileInfo
|
||||
fixedLexicalBegin_ = script->fixedLexicalBegin();
|
||||
nstack_ = script->nslots() - script->nfixed();
|
||||
nslots_ = nimplicit_ + nargs_ + nlocals_ + nstack_;
|
||||
}
|
||||
|
||||
explicit CompileInfo(unsigned nlocals)
|
||||
: script_(nullptr), fun_(nullptr), osrPc_(nullptr), osrStaticScope_(nullptr),
|
||||
constructing_(false), analysisMode_(Analysis_None), scriptNeedsArgsObj_(false),
|
||||
- inlineScriptTree_(nullptr)
|
||||
+ mayReadFrameArgsDirectly_(false), inlineScriptTree_(nullptr)
|
||||
{
|
||||
nimplicit_ = 0;
|
||||
nargs_ = 0;
|
||||
nbodyfixed_ = 0;
|
||||
nlocals_ = nlocals;
|
||||
nstack_ = 1; /* For FunctionCompiler::pushPhiInput/popPhiOutput */
|
||||
nslots_ = nlocals_ + nstack_;
|
||||
fixedLexicalBegin_ = nlocals;
|
||||
@@ -539,16 +540,20 @@ class CompileInfo
|
||||
return false;
|
||||
|
||||
if (needsArgsObj() && isObservableArgumentSlot(slot))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
+ bool mayReadFrameArgsDirectly() const {
|
||||
+ return mayReadFrameArgsDirectly_;
|
||||
+ }
|
||||
+
|
||||
private:
|
||||
unsigned nimplicit_;
|
||||
unsigned nargs_;
|
||||
unsigned nbodyfixed_;
|
||||
unsigned nlocals_;
|
||||
unsigned nstack_;
|
||||
unsigned nslots_;
|
||||
unsigned fixedLexicalBegin_;
|
||||
@@ -559,15 +564,17 @@ class CompileInfo
|
||||
bool constructing_;
|
||||
AnalysisMode analysisMode_;
|
||||
|
||||
// Whether a script needs an arguments object is unstable over compilation
|
||||
// since the arguments optimization could be marked as failed on the main
|
||||
// thread, so cache a value here and use it throughout for consistency.
|
||||
bool scriptNeedsArgsObj_;
|
||||
|
||||
+ bool mayReadFrameArgsDirectly_;
|
||||
+
|
||||
InlineScriptTree* inlineScriptTree_;
|
||||
};
|
||||
|
||||
} // namespace jit
|
||||
} // namespace js
|
||||
|
||||
#endif /* jit_CompileInfo_h */
|
||||
diff --git a/js/src/jit/JitFrames.cpp b/js/src/jit/JitFrames.cpp
|
||||
--- a/js/src/jit/JitFrames.cpp
|
||||
+++ b/js/src/jit/JitFrames.cpp
|
||||
@@ -1002,17 +1002,17 @@ MarkThisAndArguments(JSTracer* trc, JitF
|
||||
// formal arguments is taken care of by the frame's safepoint/snapshot,
|
||||
// except when the script's lazy arguments object aliases those formals,
|
||||
// in which case we mark them as well.
|
||||
|
||||
size_t nargs = layout->numActualArgs();
|
||||
size_t nformals = 0;
|
||||
if (CalleeTokenIsFunction(layout->calleeToken())) {
|
||||
JSFunction* fun = CalleeTokenToFunction(layout->calleeToken());
|
||||
- nformals = fun->nonLazyScript()->argumentsAliasesFormals() ? 0 : fun->nargs();
|
||||
+ nformals = fun->nonLazyScript()->mayReadFrameArgsDirectly() ? 0 : fun->nargs();
|
||||
}
|
||||
|
||||
Value* argv = layout->argv();
|
||||
|
||||
// Trace |this|.
|
||||
gc::MarkValueRoot(trc, argv, "ion-thisv");
|
||||
|
||||
// Trace actual arguments beyond the formals. Note + 1 for thisv.
|
||||
diff --git a/js/src/jsscript.cpp b/js/src/jsscript.cpp
|
||||
--- a/js/src/jsscript.cpp
|
||||
+++ b/js/src/jsscript.cpp
|
||||
@@ -3894,16 +3894,22 @@ JSScript::hasLoops()
|
||||
JSTryNote* tnlimit = tn + trynotes()->length;
|
||||
for (; tn < tnlimit; tn++) {
|
||||
if (tn->kind == JSTRY_FOR_IN || tn->kind == JSTRY_LOOP)
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
+bool
|
||||
+JSScript::mayReadFrameArgsDirectly()
|
||||
+{
|
||||
+ return argumentsHasVarBinding() || (function_ && function_->hasRest());
|
||||
+}
|
||||
+
|
||||
static inline void
|
||||
LazyScriptHash(uint32_t lineno, uint32_t column, uint32_t begin, uint32_t end,
|
||||
HashNumber hashes[3])
|
||||
{
|
||||
HashNumber hash = lineno;
|
||||
hash = RotateLeft(hash, 4) ^ column;
|
||||
hash = RotateLeft(hash, 4) ^ begin;
|
||||
hash = RotateLeft(hash, 4) ^ end;
|
||||
diff --git a/js/src/jsscript.h b/js/src/jsscript.h
|
||||
--- a/js/src/jsscript.h
|
||||
+++ b/js/src/jsscript.h
|
||||
@@ -1397,16 +1397,20 @@ class JSScript : public js::gc::TenuredC
|
||||
}
|
||||
inline void setFunction(JSFunction* fun);
|
||||
/*
|
||||
* De-lazifies the canonical function. Must be called before entering code
|
||||
* that expects the function to be non-lazy.
|
||||
*/
|
||||
inline void ensureNonLazyCanonicalFunction(JSContext* cx);
|
||||
|
||||
+ // Returns true if the script may read formal arguments on the stack
|
||||
+ // directly, via lazy arguments or a rest parameter.
|
||||
+ bool mayReadFrameArgsDirectly();
|
||||
+
|
||||
JSFlatString* sourceData(JSContext* cx);
|
||||
|
||||
static bool loadSource(JSContext* cx, js::ScriptSource* ss, bool* worked);
|
||||
|
||||
void setSourceObject(JSObject* object);
|
||||
JSObject* sourceObject() const {
|
||||
return sourceObject_;
|
||||
}
|
||||
|
33
gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch
Normal file
33
gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch
Normal file
|
@ -0,0 +1,33 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/debff255c08e
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1234571
|
||||
|
||||
# HG changeset patch
|
||||
# User Randell Jesup <rjesup@jesup.org>
|
||||
# Date 1451928471 18000
|
||||
# Node ID debff255c08e898be370e307e1e014f5601c20c6
|
||||
# Parent f31d643afd4159b5422ae5aebcbbea0a088e018e
|
||||
Bug 1234571 - unregister encoded-frame callback when releasing codec databases. r=pkerr, a=al
|
||||
|
||||
diff --git a/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc b/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc
|
||||
--- a/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc
|
||||
+++ b/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc
|
||||
@@ -71,16 +71,17 @@ VCMGenericEncoder::VCMGenericEncoder(Vid
|
||||
VCMGenericEncoder::~VCMGenericEncoder()
|
||||
{
|
||||
}
|
||||
|
||||
int32_t VCMGenericEncoder::Release()
|
||||
{
|
||||
_bitRate = 0;
|
||||
_frameRate = 0;
|
||||
+ _encoder.RegisterEncodeCompleteCallback(NULL);
|
||||
_VCMencodedFrameCallback = NULL;
|
||||
return _encoder.Release();
|
||||
}
|
||||
|
||||
int32_t
|
||||
VCMGenericEncoder::InitEncode(const VideoCodec* settings,
|
||||
int32_t numberOfCores,
|
||||
uint32_t maxPayloadSize)
|
||||
|
183
gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch
Normal file
183
gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch
Normal file
|
@ -0,0 +1,183 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/0f7224441f20
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1234280
|
||||
|
||||
# HG changeset patch
|
||||
# User Benjamin Bouvier <benj@benj.me>
|
||||
# Date 1450947090 -3600
|
||||
# Node ID 0f7224441f2089001f7934b46ac10cb72d267606
|
||||
# Parent debff255c08e898be370e307e1e014f5601c20c6
|
||||
Bug 1234280: Handle oom in CodeGeneratorShared::allocateData; r=jandem, a=sledru
|
||||
|
||||
diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
|
||||
--- a/js/src/jit/CodeGenerator.cpp
|
||||
+++ b/js/src/jit/CodeGenerator.cpp
|
||||
@@ -7902,17 +7902,19 @@ const VMFunction GetPropertyIC::UpdateIn
|
||||
void
|
||||
CodeGenerator::visitGetPropertyIC(OutOfLineUpdateCache* ool, DataPtr<GetPropertyIC>& ic)
|
||||
{
|
||||
LInstruction* lir = ool->lir();
|
||||
|
||||
if (ic->idempotent()) {
|
||||
size_t numLocs;
|
||||
CacheLocationList& cacheLocs = lir->mirRaw()->toGetPropertyCache()->location();
|
||||
- size_t locationBase = addCacheLocations(cacheLocs, &numLocs);
|
||||
+ size_t locationBase;
|
||||
+ if (!addCacheLocations(cacheLocs, &numLocs, &locationBase))
|
||||
+ return;
|
||||
ic->setLocationInfo(locationBase, numLocs);
|
||||
}
|
||||
|
||||
saveLive(lir);
|
||||
|
||||
pushArg(ic->object());
|
||||
pushArg(Imm32(ool->getCacheIndex()));
|
||||
pushArg(ImmGCPtr(gen->info().script()));
|
||||
diff --git a/js/src/jit/shared/CodeGenerator-shared.cpp b/js/src/jit/shared/CodeGenerator-shared.cpp
|
||||
--- a/js/src/jit/shared/CodeGenerator-shared.cpp
|
||||
+++ b/js/src/jit/shared/CodeGenerator-shared.cpp
|
||||
@@ -1527,31 +1527,34 @@ CodeGeneratorShared::jumpToBlock(MBasicB
|
||||
|
||||
masm.propagateOOM(patchableBackedges_.append(PatchableBackedgeInfo(backedge, mir->lir()->label(), oolEntry)));
|
||||
} else {
|
||||
masm.j(cond, mir->lir()->label());
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
-size_t
|
||||
-CodeGeneratorShared::addCacheLocations(const CacheLocationList& locs, size_t* numLocs)
|
||||
+MOZ_WARN_UNUSED_RESULT bool
|
||||
+CodeGeneratorShared::addCacheLocations(const CacheLocationList& locs, size_t* numLocs,
|
||||
+ size_t* curIndex)
|
||||
{
|
||||
size_t firstIndex = runtimeData_.length();
|
||||
size_t numLocations = 0;
|
||||
for (CacheLocationList::iterator iter = locs.begin(); iter != locs.end(); iter++) {
|
||||
// allocateData() ensures that sizeof(CacheLocation) is word-aligned.
|
||||
// If this changes, we will need to pad to ensure alignment.
|
||||
- size_t curIndex = allocateData(sizeof(CacheLocation));
|
||||
- new (&runtimeData_[curIndex]) CacheLocation(iter->pc, iter->script);
|
||||
+ if (!allocateData(sizeof(CacheLocation), curIndex))
|
||||
+ return false;
|
||||
+ new (&runtimeData_[*curIndex]) CacheLocation(iter->pc, iter->script);
|
||||
numLocations++;
|
||||
}
|
||||
MOZ_ASSERT(numLocations != 0);
|
||||
*numLocs = numLocations;
|
||||
- return firstIndex;
|
||||
+ *curIndex = firstIndex;
|
||||
+ return true;
|
||||
}
|
||||
|
||||
ReciprocalMulConstants
|
||||
CodeGeneratorShared::computeDivisionConstants(int d) {
|
||||
// In what follows, d is positive and is not a power of 2.
|
||||
MOZ_ASSERT(d > 0 && (d & (d - 1)) != 0);
|
||||
|
||||
// Speeding up division by non power-of-2 constants is possible by
|
||||
diff --git a/js/src/jit/shared/CodeGenerator-shared.h b/js/src/jit/shared/CodeGenerator-shared.h
|
||||
--- a/js/src/jit/shared/CodeGenerator-shared.h
|
||||
+++ b/js/src/jit/shared/CodeGenerator-shared.h
|
||||
@@ -3,16 +3,17 @@
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#ifndef jit_shared_CodeGenerator_shared_h
|
||||
#define jit_shared_CodeGenerator_shared_h
|
||||
|
||||
#include "mozilla/Alignment.h"
|
||||
+#include "mozilla/TypeTraits.h"
|
||||
|
||||
#include "jit/JitFrames.h"
|
||||
#include "jit/LIR.h"
|
||||
#include "jit/MacroAssembler.h"
|
||||
#include "jit/MIRGenerator.h"
|
||||
#include "jit/MIRGraph.h"
|
||||
#include "jit/OptimizationTracking.h"
|
||||
#include "jit/Safepoints.h"
|
||||
@@ -242,24 +243,16 @@ class CodeGeneratorShared : public LElem
|
||||
return SlotToStackOffset(a->toStackSlot()->slot());
|
||||
}
|
||||
|
||||
uint32_t frameSize() const {
|
||||
return frameClass_ == FrameSizeClass::None() ? frameDepth_ : frameClass_.frameSize();
|
||||
}
|
||||
|
||||
protected:
|
||||
- // Ensure the cache is an IonCache while expecting the size of the derived
|
||||
- // class. We only need the cache list at GC time. Everyone else can just take
|
||||
- // runtimeData offsets.
|
||||
- size_t allocateCache(const IonCache&, size_t size) {
|
||||
- size_t dataOffset = allocateData(size);
|
||||
- masm.propagateOOM(cacheList_.append(dataOffset));
|
||||
- return dataOffset;
|
||||
- }
|
||||
|
||||
#ifdef CHECK_OSIPOINT_REGISTERS
|
||||
void resetOsiPointRegs(LSafepoint* safepoint);
|
||||
bool shouldVerifyOsiPointRegs(LSafepoint* safepoint);
|
||||
void verifyOsiPointRegs(LSafepoint* safepoint);
|
||||
#endif
|
||||
|
||||
bool addNativeToBytecodeEntry(const BytecodeSite* site);
|
||||
@@ -295,27 +288,33 @@ class CodeGeneratorShared : public LElem
|
||||
return lookup();
|
||||
}
|
||||
T * operator*() {
|
||||
return lookup();
|
||||
}
|
||||
};
|
||||
|
||||
protected:
|
||||
-
|
||||
- size_t allocateData(size_t size) {
|
||||
+ MOZ_WARN_UNUSED_RESULT
|
||||
+ bool allocateData(size_t size, size_t* offset) {
|
||||
MOZ_ASSERT(size % sizeof(void*) == 0);
|
||||
- size_t dataOffset = runtimeData_.length();
|
||||
+ *offset = runtimeData_.length();
|
||||
masm.propagateOOM(runtimeData_.appendN(0, size));
|
||||
- return dataOffset;
|
||||
+ return !masm.oom();
|
||||
}
|
||||
|
||||
+ // Ensure the cache is an IonCache while expecting the size of the derived
|
||||
+ // class. We only need the cache list at GC time. Everyone else can just take
|
||||
+ // runtimeData offsets.
|
||||
template <typename T>
|
||||
inline size_t allocateCache(const T& cache) {
|
||||
- size_t index = allocateCache(cache, sizeof(mozilla::AlignedStorage2<T>));
|
||||
+ static_assert(mozilla::IsBaseOf<IonCache, T>::value, "T must inherit from IonCache");
|
||||
+ size_t index;
|
||||
+ masm.propagateOOM(allocateData(sizeof(mozilla::AlignedStorage2<T>), &index));
|
||||
+ masm.propagateOOM(cacheList_.append(index));
|
||||
if (masm.oom())
|
||||
return SIZE_MAX;
|
||||
// Use the copy constructor on the allocated space.
|
||||
MOZ_ASSERT(index == cacheList_.back());
|
||||
new (&runtimeData_[index]) T(cache);
|
||||
return index;
|
||||
}
|
||||
|
||||
@@ -475,17 +474,17 @@ class CodeGeneratorShared : public LElem
|
||||
|
||||
void callVM(const VMFunction& f, LInstruction* ins, const Register* dynStack = nullptr);
|
||||
|
||||
template <class ArgSeq, class StoreOutputTo>
|
||||
inline OutOfLineCode* oolCallVM(const VMFunction& fun, LInstruction* ins, const ArgSeq& args,
|
||||
const StoreOutputTo& out);
|
||||
|
||||
void addCache(LInstruction* lir, size_t cacheIndex);
|
||||
- size_t addCacheLocations(const CacheLocationList& locs, size_t* numLocs);
|
||||
+ bool addCacheLocations(const CacheLocationList& locs, size_t* numLocs, size_t* offset);
|
||||
ReciprocalMulConstants computeDivisionConstants(int d);
|
||||
|
||||
protected:
|
||||
void addOutOfLineCode(OutOfLineCode* code, const MInstruction* mir);
|
||||
void addOutOfLineCode(OutOfLineCode* code, const BytecodeSite* site);
|
||||
bool hasOutOfLineCode() { return !outOfLineCode_.empty(); }
|
||||
bool generateOutOfLineCode();
|
||||
|
||||
|
91
gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch
Normal file
91
gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch
Normal file
|
@ -0,0 +1,91 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/8c184c30caa6
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230668
|
||||
|
||||
# HG changeset patch
|
||||
# User L. David Baron <dbaron@dbaron.org>
|
||||
# Date 1452248144 -39600
|
||||
# Node ID 8c184c30caa6d16f5ec63cce9a77d16f25d2e57e
|
||||
# Parent 0f7224441f2089001f7934b46ac10cb72d267606
|
||||
Bug 1230668 - Don't use frame when not in composed document. r=heycam a=sylvestre
|
||||
|
||||
diff --git a/layout/style/nsComputedDOMStyle.cpp b/layout/style/nsComputedDOMStyle.cpp
|
||||
--- a/layout/style/nsComputedDOMStyle.cpp
|
||||
+++ b/layout/style/nsComputedDOMStyle.cpp
|
||||
@@ -421,26 +421,31 @@ nsComputedDOMStyle::GetStyleContextForEl
|
||||
{
|
||||
MOZ_ASSERT(aElement, "NULL element");
|
||||
// If the content has a pres shell, we must use it. Otherwise we'd
|
||||
// potentially mix rule trees by using the wrong pres shell's style
|
||||
// set. Using the pres shell from the content also means that any
|
||||
// content that's actually *in* a document will get the style from the
|
||||
// correct document.
|
||||
nsIPresShell *presShell = GetPresShellForContent(aElement);
|
||||
+ bool inDocWithShell = true;
|
||||
if (!presShell) {
|
||||
+ inDocWithShell = false;
|
||||
presShell = aPresShell;
|
||||
if (!presShell)
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
- // XXX the !aElement->IsHTML(nsGkAtoms::area)
|
||||
- // check is needed due to bug 135040 (to avoid using
|
||||
+ // XXX the !aElement->IsHTML(nsGkAtoms::area)
|
||||
+ // check is needed due to bug 135040 (to avoid using
|
||||
// mPrimaryFrame). Remove it once that's fixed.
|
||||
- if (!aPseudo && aStyleType == eAll && !aElement->IsHTML(nsGkAtoms::area)) {
|
||||
+ if (!aPseudo && aStyleType == eAll && inDocWithShell &&
|
||||
+ !aElement->IsHTML(nsGkAtoms::area)) {
|
||||
+ if (!aPseudo && aStyleType == eAll && inDocWithShell &&
|
||||
+ !aElement->IsHTMLElement(nsGkAtoms::area)) {
|
||||
nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement);
|
||||
if (frame) {
|
||||
nsStyleContext* result = frame->StyleContext();
|
||||
// Don't use the style context if it was influenced by
|
||||
// pseudo-elements, since then it's not the primary style
|
||||
// for this element.
|
||||
if (!result->HasPseudoElementData()) {
|
||||
// this function returns an addrefed style context
|
||||
@@ -468,17 +473,18 @@ nsComputedDOMStyle::GetStyleContextForEl
|
||||
|
||||
nsRefPtr<nsStyleContext> sc;
|
||||
if (aPseudo) {
|
||||
nsCSSPseudoElements::Type type = nsCSSPseudoElements::GetPseudoType(aPseudo);
|
||||
if (type >= nsCSSPseudoElements::ePseudo_PseudoElementCount) {
|
||||
return nullptr;
|
||||
}
|
||||
nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement);
|
||||
- Element* pseudoElement = frame ? frame->GetPseudoElement(type) : nullptr;
|
||||
+ Element* pseudoElement =
|
||||
+ frame && inDocWithShell ? frame->GetPseudoElement(type) : nullptr;
|
||||
sc = styleSet->ResolvePseudoElementStyle(aElement, type, parentContext,
|
||||
pseudoElement);
|
||||
} else {
|
||||
sc = styleSet->ResolveStyleFor(aElement, parentContext);
|
||||
}
|
||||
|
||||
if (aStyleType == eDefaultOnly) {
|
||||
// We really only want the user and UA rules. Filter out the other ones.
|
||||
@@ -592,18 +598,18 @@ nsComputedDOMStyle::UpdateCurrentStyleSo
|
||||
mFlushedPendingReflows = aNeedsLayoutFlush;
|
||||
#endif
|
||||
|
||||
mPresShell = document->GetShell();
|
||||
if (!mPresShell || !mPresShell->GetPresContext()) {
|
||||
return;
|
||||
}
|
||||
|
||||
- // XXX the !mContent->IsHTML(nsGkAtoms::area)
|
||||
- // check is needed due to bug 135040 (to avoid using
|
||||
+ // XXX the !mContent->IsHTML(nsGkAtoms::area)
|
||||
+ // check is needed due to bug 135040 (to avoid using
|
||||
// mPrimaryFrame). Remove it once that's fixed.
|
||||
if (!mPseudo && mStyleType == eAll && !mContent->IsHTML(nsGkAtoms::area)) {
|
||||
mOuterFrame = mContent->GetPrimaryFrame();
|
||||
mInnerFrame = mOuterFrame;
|
||||
if (mOuterFrame) {
|
||||
nsIAtom* type = mOuterFrame->GetType();
|
||||
if (type == nsGkAtoms::tableOuterFrame) {
|
||||
// If the frame is an outer table frame then we should get the style
|
||||
|
34
gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch
Normal file
34
gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch
Normal file
|
@ -0,0 +1,34 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/fceff80a84a3
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230668
|
||||
|
||||
# HG changeset patch
|
||||
# User Wes Kocher <wkocher@mozilla.com>
|
||||
# Date 1452542163 28800
|
||||
# Node ID fceff80a84a32b68d02abc00486fe6c7b86d545b
|
||||
# Parent 8c184c30caa6d16f5ec63cce9a77d16f25d2e57e
|
||||
Fix up some rebase errors in bug 1230668 r=me a=bustage
|
||||
|
||||
diff --git a/layout/style/nsComputedDOMStyle.cpp b/layout/style/nsComputedDOMStyle.cpp
|
||||
--- a/layout/style/nsComputedDOMStyle.cpp
|
||||
+++ b/layout/style/nsComputedDOMStyle.cpp
|
||||
@@ -434,18 +434,16 @@ nsComputedDOMStyle::GetStyleContextForEl
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
// XXX the !aElement->IsHTML(nsGkAtoms::area)
|
||||
// check is needed due to bug 135040 (to avoid using
|
||||
// mPrimaryFrame). Remove it once that's fixed.
|
||||
if (!aPseudo && aStyleType == eAll && inDocWithShell &&
|
||||
!aElement->IsHTML(nsGkAtoms::area)) {
|
||||
- if (!aPseudo && aStyleType == eAll && inDocWithShell &&
|
||||
- !aElement->IsHTMLElement(nsGkAtoms::area)) {
|
||||
nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement);
|
||||
if (frame) {
|
||||
nsStyleContext* result = frame->StyleContext();
|
||||
// Don't use the style context if it was influenced by
|
||||
// pseudo-elements, since then it's not the primary style
|
||||
// for this element.
|
||||
if (!result->HasPseudoElementData()) {
|
||||
// this function returns an addrefed style context
|
||||
|
83
gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch
Normal file
83
gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch
Normal file
|
@ -0,0 +1,83 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/94a95291d095
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1224200
|
||||
|
||||
# HG changeset patch
|
||||
# User Timothy Nikkel <tnikkel@gmail.com>
|
||||
# Date 1453303652 -3600
|
||||
# Node ID 94a95291d0958439dbed5b7dc99fae59e1318592
|
||||
# Parent 999c13acb40e1113306c65925a7d96688339d945
|
||||
Bug 1224200 - Allow downscaler to get (and ignore) new input lines after it has finished producing all output lines. r=seth, a=lizzard
|
||||
|
||||
diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp
|
||||
--- a/image/src/Downscaler.cpp
|
||||
+++ b/image/src/Downscaler.cpp
|
||||
@@ -145,43 +145,44 @@ GetFilterOffsetAndLength(UniquePtr<skia:
|
||||
aFilterLengthOut);
|
||||
}
|
||||
|
||||
void
|
||||
Downscaler::CommitRow()
|
||||
{
|
||||
MOZ_ASSERT(mOutputBuffer, "Should have a current frame");
|
||||
MOZ_ASSERT(mCurrentInLine < mOriginalSize.height, "Past end of input");
|
||||
- MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, "Past end of output");
|
||||
|
||||
- int32_t filterOffset = 0;
|
||||
- int32_t filterLength = 0;
|
||||
- GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
|
||||
- &filterOffset, &filterLength);
|
||||
+ if (mCurrentOutLine < mTargetSize.height) {
|
||||
+ int32_t filterOffset = 0;
|
||||
+ int32_t filterLength = 0;
|
||||
+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
|
||||
+ &filterOffset, &filterLength);
|
||||
|
||||
- int32_t inLineToRead = filterOffset + mLinesInBuffer;
|
||||
- MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input");
|
||||
- if (mCurrentInLine == inLineToRead) {
|
||||
- skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter,
|
||||
- mWindow[mLinesInBuffer++], mHasAlpha,
|
||||
- /* use_sse2 = */ true);
|
||||
- }
|
||||
-
|
||||
- MOZ_ASSERT(mCurrentOutLine < mTargetSize.height,
|
||||
- "Writing past end of output");
|
||||
-
|
||||
- while (mLinesInBuffer == filterLength) {
|
||||
- DownscaleInputLine();
|
||||
-
|
||||
- if (mCurrentOutLine == mTargetSize.height) {
|
||||
- break; // We're done.
|
||||
+ int32_t inLineToRead = filterOffset + mLinesInBuffer;
|
||||
+ MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input");
|
||||
+ if (mCurrentInLine == inLineToRead) {
|
||||
+ skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter,
|
||||
+ mWindow[mLinesInBuffer++], mHasAlpha,
|
||||
+ /* use_sse2 = */ true);
|
||||
}
|
||||
|
||||
- GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
|
||||
- &filterOffset, &filterLength);
|
||||
+ MOZ_ASSERT(mCurrentOutLine < mTargetSize.height,
|
||||
+ "Writing past end of output");
|
||||
+
|
||||
+ while (mLinesInBuffer == filterLength) {
|
||||
+ DownscaleInputLine();
|
||||
+
|
||||
+ if (mCurrentOutLine == mTargetSize.height) {
|
||||
+ break; // We're done.
|
||||
+ }
|
||||
+
|
||||
+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
|
||||
+ &filterOffset, &filterLength);
|
||||
+ }
|
||||
}
|
||||
|
||||
mCurrentInLine += 1;
|
||||
}
|
||||
|
||||
bool
|
||||
Downscaler::HasInvalidation() const
|
||||
{
|
||||
|
35
gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch
Normal file
35
gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch
Normal file
|
@ -0,0 +1,35 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/ee68c3dae5f6
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230483
|
||||
|
||||
# HG changeset patch
|
||||
# User JW Wang <jwwang@mozilla.com>
|
||||
# Date 1450698943 -28800
|
||||
# Node ID ee68c3dae5f639fdd439f69ef2f724067fce0ea6
|
||||
# Parent 762d015e1854c28c213293ac1e9b2ab51cf201f9
|
||||
Bug 1230483 - Part 2 - LoadFromSourceChildren() should be queued at most once in an event cycle. r=roc, a=lizzard
|
||||
|
||||
diff --git a/dom/html/HTMLMediaElement.cpp b/dom/html/HTMLMediaElement.cpp
|
||||
--- a/dom/html/HTMLMediaElement.cpp
|
||||
+++ b/dom/html/HTMLMediaElement.cpp
|
||||
@@ -4033,16 +4033,19 @@ void HTMLMediaElement::NotifyAddedSource
|
||||
mNetworkState == nsIDOMHTMLMediaElement::NETWORK_EMPTY)
|
||||
{
|
||||
QueueSelectResourceTask();
|
||||
}
|
||||
|
||||
// A load was paused in the resource selection algorithm, waiting for
|
||||
// a new source child to be added, resume the resource selection algorithm.
|
||||
if (mLoadWaitStatus == WAITING_FOR_SOURCE) {
|
||||
+ // Rest the flag so we don't queue multiple LoadFromSourceTask() when
|
||||
+ // multiple <source> are attached in an event loop.
|
||||
+ mLoadWaitStatus = NOT_WAITING;
|
||||
QueueLoadFromSourceTask();
|
||||
}
|
||||
}
|
||||
|
||||
nsIContent* HTMLMediaElement::GetNextSource()
|
||||
{
|
||||
nsCOMPtr<nsIDOMNode> thisDomNode = do_QueryObject(this);
|
||||
|
||||
|
77
gnu/packages/patches/icecat-CVE-2016-1935.patch
Normal file
77
gnu/packages/patches/icecat-CVE-2016-1935.patch
Normal file
|
@ -0,0 +1,77 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/f9aad6c0253a
|
||||
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1220450
|
||||
|
||||
# HG changeset patch
|
||||
# User Jeff Gilbert <jgilbert@mozilla.com>
|
||||
# Date 1452570660 28800
|
||||
# Node ID f9aad6c0253a3b81699a3d7a05e78615dd814ea3
|
||||
# Parent c47640f24251b48c0bba9d2f0f6ee059eca58362
|
||||
Bug 1220450 - Clear length on cache OOM. r=kamidphish, a=ritu
|
||||
|
||||
diff --git a/dom/canvas/WebGLContextBuffers.cpp b/dom/canvas/WebGLContextBuffers.cpp
|
||||
--- a/dom/canvas/WebGLContextBuffers.cpp
|
||||
+++ b/dom/canvas/WebGLContextBuffers.cpp
|
||||
@@ -185,16 +185,17 @@ WebGLContext::BufferData(GLenum target,
|
||||
|
||||
if (error) {
|
||||
GenerateWarning("bufferData generated error %s", ErrorName(error));
|
||||
return;
|
||||
}
|
||||
|
||||
boundBuffer->SetByteLength(size);
|
||||
if (!boundBuffer->ElementArrayCacheBufferData(nullptr, size)) {
|
||||
+ boundBuffer->SetByteLength(0);
|
||||
return ErrorOutOfMemory("bufferData: out of memory");
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
WebGLContext::BufferData(GLenum target,
|
||||
const dom::Nullable<dom::ArrayBuffer>& maybeData,
|
||||
GLenum usage)
|
||||
@@ -234,18 +235,20 @@ WebGLContext::BufferData(GLenum target,
|
||||
GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage);
|
||||
|
||||
if (error) {
|
||||
GenerateWarning("bufferData generated error %s", ErrorName(error));
|
||||
return;
|
||||
}
|
||||
|
||||
boundBuffer->SetByteLength(data.Length());
|
||||
- if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length()))
|
||||
+ if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length())) {
|
||||
+ boundBuffer->SetByteLength(0);
|
||||
return ErrorOutOfMemory("bufferData: out of memory");
|
||||
+ }
|
||||
}
|
||||
|
||||
void
|
||||
WebGLContext::BufferData(GLenum target, const dom::ArrayBufferView& data,
|
||||
GLenum usage)
|
||||
{
|
||||
if (IsContextLost())
|
||||
return;
|
||||
@@ -274,18 +277,20 @@ WebGLContext::BufferData(GLenum target,
|
||||
|
||||
GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage);
|
||||
if (error) {
|
||||
GenerateWarning("bufferData generated error %s", ErrorName(error));
|
||||
return;
|
||||
}
|
||||
|
||||
boundBuffer->SetByteLength(data.Length());
|
||||
- if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length()))
|
||||
+ if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length())) {
|
||||
+ boundBuffer->SetByteLength(0);
|
||||
return ErrorOutOfMemory("bufferData: out of memory");
|
||||
+ }
|
||||
}
|
||||
|
||||
void
|
||||
WebGLContext::BufferSubData(GLenum target, WebGLsizeiptr byteOffset,
|
||||
const dom::Nullable<dom::ArrayBuffer>& maybeData)
|
||||
{
|
||||
if (IsContextLost())
|
||||
return;
|
||||
|
141
gnu/packages/patches/icecat-bug-1146335-pt1.patch
Normal file
141
gnu/packages/patches/icecat-bug-1146335-pt1.patch
Normal file
|
@ -0,0 +1,141 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/9d14787bd10e
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1146335
|
||||
|
||||
# HG changeset patch
|
||||
# User Seth Fowler <mark.seth.fowler@gmail.com>
|
||||
# Date 1428627143 25200
|
||||
# Node ID 9d14787bd10e6f3013263a2cae0bcc78bebde1db
|
||||
# Parent aaf922ae679685acb5d2b8ffa5f0bf22f1e6987a
|
||||
Bug 1146335 (Part 1) - Add assertions and fix style issues in image::Downscaler. r=tn a=lizzard
|
||||
|
||||
diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp
|
||||
--- a/image/src/Downscaler.cpp
|
||||
+++ b/image/src/Downscaler.cpp
|
||||
@@ -72,23 +72,25 @@ Downscaler::BeginFrame(const nsIntSize&
|
||||
mOutputBuffer = aOutputBuffer;
|
||||
mHasAlpha = aHasAlpha;
|
||||
|
||||
ResetForNextProgressivePass();
|
||||
ReleaseWindow();
|
||||
|
||||
auto resizeMethod = skia::ImageOperations::RESIZE_LANCZOS3;
|
||||
|
||||
- skia::resize::ComputeFilters(resizeMethod, mOriginalSize.width,
|
||||
- mTargetSize.width, 0,
|
||||
- mTargetSize.width, mXFilter.get());
|
||||
+ skia::resize::ComputeFilters(resizeMethod,
|
||||
+ mOriginalSize.width, mTargetSize.width,
|
||||
+ 0, mTargetSize.width,
|
||||
+ mXFilter.get());
|
||||
|
||||
- skia::resize::ComputeFilters(resizeMethod, mOriginalSize.height,
|
||||
- mTargetSize.height, 0,
|
||||
- mTargetSize.height, mYFilter.get());
|
||||
+ skia::resize::ComputeFilters(resizeMethod,
|
||||
+ mOriginalSize.height, mTargetSize.height,
|
||||
+ 0, mTargetSize.height,
|
||||
+ mYFilter.get());
|
||||
|
||||
// Allocate the buffer, which contains scanlines of the original image.
|
||||
size_t bufferLen = mOriginalSize.width * sizeof(uint32_t);
|
||||
mRowBuffer = MakeUnique<uint8_t[]>(bufferLen);
|
||||
if (MOZ_UNLIKELY(!mRowBuffer)) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
@@ -126,39 +128,54 @@ void
|
||||
Downscaler::ResetForNextProgressivePass()
|
||||
{
|
||||
mPrevInvalidatedLine = 0;
|
||||
mCurrentOutLine = 0;
|
||||
mCurrentInLine = 0;
|
||||
mLinesInBuffer = 0;
|
||||
}
|
||||
|
||||
+static void
|
||||
+GetFilterOffsetAndLength(UniquePtr<skia::ConvolutionFilter1D>& aFilter,
|
||||
+ int32_t aOutputImagePosition,
|
||||
+ int32_t* aFilterOffsetOut,
|
||||
+ int32_t* aFilterLengthOut)
|
||||
+{
|
||||
+ MOZ_ASSERT(aOutputImagePosition < aFilter->num_values());
|
||||
+ aFilter->FilterForValue(aOutputImagePosition,
|
||||
+ aFilterOffsetOut,
|
||||
+ aFilterLengthOut);
|
||||
+}
|
||||
+
|
||||
void
|
||||
Downscaler::CommitRow()
|
||||
{
|
||||
MOZ_ASSERT(mOutputBuffer, "Should have a current frame");
|
||||
MOZ_ASSERT(mCurrentInLine < mOriginalSize.height, "Past end of input");
|
||||
MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, "Past end of output");
|
||||
|
||||
int32_t filterOffset = 0;
|
||||
int32_t filterLength = 0;
|
||||
- mYFilter->FilterForValue(mCurrentOutLine, &filterOffset, &filterLength);
|
||||
+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
|
||||
+ &filterOffset, &filterLength);
|
||||
|
||||
int32_t inLineToRead = filterOffset + mLinesInBuffer;
|
||||
MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input");
|
||||
if (mCurrentInLine == inLineToRead) {
|
||||
skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter,
|
||||
mWindow[mLinesInBuffer++], mHasAlpha,
|
||||
/* use_sse2 = */ true);
|
||||
}
|
||||
|
||||
while (mLinesInBuffer == filterLength &&
|
||||
mCurrentOutLine < mTargetSize.height) {
|
||||
DownscaleInputLine();
|
||||
- mYFilter->FilterForValue(mCurrentOutLine, &filterOffset, &filterLength);
|
||||
+
|
||||
+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
|
||||
+ &filterOffset, &filterLength);
|
||||
}
|
||||
|
||||
mCurrentInLine += 1;
|
||||
}
|
||||
|
||||
bool
|
||||
Downscaler::HasInvalidation() const
|
||||
{
|
||||
@@ -184,16 +201,17 @@ Downscaler::DownscaleInputLine()
|
||||
{
|
||||
typedef skia::ConvolutionFilter1D::Fixed FilterValue;
|
||||
|
||||
MOZ_ASSERT(mOutputBuffer);
|
||||
MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, "Writing past end of output");
|
||||
|
||||
int32_t filterOffset = 0;
|
||||
int32_t filterLength = 0;
|
||||
+ MOZ_ASSERT(mCurrentOutLine < mYFilter->num_values());
|
||||
auto filterValues =
|
||||
mYFilter->FilterForValue(mCurrentOutLine, &filterOffset, &filterLength);
|
||||
|
||||
uint8_t* outputLine =
|
||||
&mOutputBuffer[mCurrentOutLine * mTargetSize.width * sizeof(uint32_t)];
|
||||
skia::ConvolveVertically(static_cast<const FilterValue*>(filterValues),
|
||||
filterLength, mWindow.get(), mXFilter->num_values(),
|
||||
outputLine, mHasAlpha, /* use_sse2 = */ true);
|
||||
@@ -202,17 +220,18 @@ Downscaler::DownscaleInputLine()
|
||||
|
||||
if (mCurrentOutLine == mTargetSize.height) {
|
||||
// We're done.
|
||||
return;
|
||||
}
|
||||
|
||||
int32_t newFilterOffset = 0;
|
||||
int32_t newFilterLength = 0;
|
||||
- mYFilter->FilterForValue(mCurrentOutLine, &newFilterOffset, &newFilterLength);
|
||||
+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
|
||||
+ &newFilterOffset, &newFilterLength);
|
||||
|
||||
int diff = newFilterOffset - filterOffset;
|
||||
MOZ_ASSERT(diff >= 0, "Moving backwards in the filter?");
|
||||
|
||||
// Shift the buffer. We're just moving pointers here, so this is cheap.
|
||||
mLinesInBuffer -= diff;
|
||||
mLinesInBuffer = max(mLinesInBuffer, 0);
|
||||
for (int32_t i = 0; i < mLinesInBuffer; ++i) {
|
||||
|
43
gnu/packages/patches/icecat-bug-1146335-pt2.patch
Normal file
43
gnu/packages/patches/icecat-bug-1146335-pt2.patch
Normal file
|
@ -0,0 +1,43 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/8bfaa27698ca
|
||||
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1146335
|
||||
|
||||
# HG changeset patch
|
||||
# User Seth Fowler <mark.seth.fowler@gmail.com>
|
||||
# Date 1428627143 25200
|
||||
# Node ID 8bfaa27698ca0720d5c9f3910ab7148b38db0625
|
||||
# Parent 9d14787bd10e6f3013263a2cae0bcc78bebde1db
|
||||
Bug 1146335 (Part 2) - Fix an off-by-one error in image::Downscaler. r=tn a=lizzard
|
||||
|
||||
diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp
|
||||
--- a/image/src/Downscaler.cpp
|
||||
+++ b/image/src/Downscaler.cpp
|
||||
@@ -160,20 +160,26 @@ Downscaler::CommitRow()
|
||||
int32_t inLineToRead = filterOffset + mLinesInBuffer;
|
||||
MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input");
|
||||
if (mCurrentInLine == inLineToRead) {
|
||||
skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter,
|
||||
mWindow[mLinesInBuffer++], mHasAlpha,
|
||||
/* use_sse2 = */ true);
|
||||
}
|
||||
|
||||
- while (mLinesInBuffer == filterLength &&
|
||||
- mCurrentOutLine < mTargetSize.height) {
|
||||
+ MOZ_ASSERT(mCurrentOutLine < mTargetSize.height,
|
||||
+ "Writing past end of output");
|
||||
+
|
||||
+ while (mLinesInBuffer == filterLength) {
|
||||
DownscaleInputLine();
|
||||
|
||||
+ if (mCurrentOutLine == mTargetSize.height) {
|
||||
+ break; // We're done.
|
||||
+ }
|
||||
+
|
||||
GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
|
||||
&filterOffset, &filterLength);
|
||||
}
|
||||
|
||||
mCurrentInLine += 1;
|
||||
}
|
||||
|
||||
bool
|
||||
|
|
@ -0,0 +1,73 @@
|
|||
Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/9632375c6aac
|
||||
|
||||
# HG changeset patch
|
||||
# User Jeff Gilbert <jdashg@gmail.com>
|
||||
# Date 1453320785 28800
|
||||
# Node ID 9632375c6aacbf673b996b53231d70b91e480fb5
|
||||
# Parent ee68c3dae5f639fdd439f69ef2f724067fce0ea6
|
||||
Limit max buffers size for ANGLE. r=jrmuizel a=lizzard
|
||||
|
||||
diff --git a/dom/canvas/WebGLContextBuffers.cpp b/dom/canvas/WebGLContextBuffers.cpp
|
||||
--- a/dom/canvas/WebGLContextBuffers.cpp
|
||||
+++ b/dom/canvas/WebGLContextBuffers.cpp
|
||||
@@ -164,16 +164,19 @@ WebGLContext::BufferData(GLenum target,
|
||||
|
||||
if (!ValidateBufferUsageEnum(usage, "bufferData: usage"))
|
||||
return;
|
||||
|
||||
// careful: WebGLsizeiptr is always 64-bit, but GLsizeiptr is like intptr_t.
|
||||
if (!CheckedInt<GLsizeiptr>(size).isValid())
|
||||
return ErrorOutOfMemory("bufferData: bad size");
|
||||
|
||||
+ if (gl->IsANGLE() && size > UINT32_MAX)
|
||||
+ return ErrorOutOfMemory("bufferData: size too large");
|
||||
+
|
||||
WebGLBuffer* boundBuffer = bufferSlot.get();
|
||||
|
||||
if (!boundBuffer)
|
||||
return ErrorInvalidOperation("bufferData: no buffer bound!");
|
||||
|
||||
UniquePtr<uint8_t> zeroBuffer((uint8_t*)moz_calloc(size, 1));
|
||||
if (!zeroBuffer)
|
||||
return ErrorOutOfMemory("bufferData: out of memory");
|
||||
@@ -216,16 +219,19 @@ WebGLContext::BufferData(GLenum target,
|
||||
const dom::ArrayBuffer& data = maybeData.Value();
|
||||
data.ComputeLengthAndData();
|
||||
|
||||
// Careful: data.Length() could conceivably be any uint32_t, but GLsizeiptr
|
||||
// is like intptr_t.
|
||||
if (!CheckedInt<GLsizeiptr>(data.Length()).isValid())
|
||||
return ErrorOutOfMemory("bufferData: bad size");
|
||||
|
||||
+ if (gl->IsANGLE() && data.Length() > UINT32_MAX)
|
||||
+ return ErrorOutOfMemory("bufferData: size too large");
|
||||
+
|
||||
if (!ValidateBufferUsageEnum(usage, "bufferData: usage"))
|
||||
return;
|
||||
|
||||
WebGLBuffer* boundBuffer = bufferSlot.get();
|
||||
|
||||
if (!boundBuffer)
|
||||
return ErrorInvalidOperation("bufferData: no buffer bound!");
|
||||
|
||||
@@ -267,16 +273,19 @@ WebGLContext::BufferData(GLenum target,
|
||||
|
||||
data.ComputeLengthAndData();
|
||||
|
||||
// Careful: data.Length() could conceivably be any uint32_t, but GLsizeiptr
|
||||
// is like intptr_t.
|
||||
if (!CheckedInt<GLsizeiptr>(data.Length()).isValid())
|
||||
return ErrorOutOfMemory("bufferData: bad size");
|
||||
|
||||
+ if (gl->IsANGLE() && data.Length() > UINT32_MAX)
|
||||
+ return ErrorOutOfMemory("bufferData: size too large");
|
||||
+
|
||||
InvalidateBufferFetching();
|
||||
MakeContextCurrent();
|
||||
|
||||
GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage);
|
||||
if (error) {
|
||||
GenerateWarning("bufferData generated error %s", ErrorName(error));
|
||||
return;
|
||||
}
|
||||
|
Loading…
Reference in a new issue