guix/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch
Mark H Weaver 8830740643 gnu: icecat: Apply fixes for CVE-2015-{0822,0827,0831,0836}.
* gnu/packages/patches/icecat-CVE-2015-0822.patch,
  gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch,
  gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch,
  gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch,
  gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch,
  gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch,
  gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch,
  gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch,
  gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch,
  gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch,
  gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch,
  gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch,
  gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch,
  gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch,
  gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch,
  gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch,
  gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
2015-02-26 00:39:31 -05:00

53 lines
2 KiB
Diff

From 4920c5c447d1153dffa623dd70d8b535b9ca6795 Mon Sep 17 00:00:00 2001
From: Jan de Mooij <jdemooij@mozilla.com>
Date: Mon, 26 Jan 2015 12:59:47 +0100
Subject: [PATCH] Bug 1115776 - Fix LApplyArgsGeneric to always emit the
has-script check. r=shu, a=sledru
---
js/src/jit/CodeGenerator.cpp | 24 ++++++++----------------
1 file changed, 8 insertions(+), 16 deletions(-)
diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
index ba14f86..0669692 100644
--- a/js/src/jit/CodeGenerator.cpp
+++ b/js/src/jit/CodeGenerator.cpp
@@ -2448,27 +2448,19 @@ CodeGenerator::visitApplyArgsGeneric(LApplyArgsGeneric *apply)
masm.checkStackAlignment();
- // If the function is known to be uncompilable, only emit the call to InvokeFunction.
+ // If the function is native, only emit the call to InvokeFunction.
ExecutionMode executionMode = gen->info().executionMode();
- if (apply->hasSingleTarget()) {
- JSFunction *target = apply->getSingleTarget();
- if (target->isNative()) {
- if (!emitCallInvokeFunction(apply, copyreg))
- return false;
- emitPopArguments(apply, copyreg);
- return true;
- }
+ if (apply->hasSingleTarget() && apply->getSingleTarget()->isNative()) {
+ if (!emitCallInvokeFunction(apply, copyreg))
+ return false;
+ emitPopArguments(apply, copyreg);
+ return true;
}
Label end, invoke;
- // Guard that calleereg is an interpreted function with a JSScript:
- if (!apply->hasSingleTarget()) {
- masm.branchIfFunctionHasNoScript(calleereg, &invoke);
- } else {
- // Native single targets are handled by LCallNative.
- JS_ASSERT(!apply->getSingleTarget()->isNative());
- }
+ // Guard that calleereg is an interpreted function with a JSScript.
+ masm.branchIfFunctionHasNoScript(calleereg, &invoke);
// Knowing that calleereg is a non-native function, load the JSScript.
masm.loadPtr(Address(calleereg, JSFunction::offsetOfNativeOrScript()), objreg);
--
2.2.1