guix/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch
Mark H Weaver 29a780147d gnu: icecat: Add fixes for CVE-2016-{1930,1935} and other bugs.
* gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch,
  gnu/packages/patches/icecat-CVE-2016-1935.patch,
  gnu/packages/patches/icecat-bug-1146335-pt1.patch,
  gnu/packages/patches/icecat-bug-1146335-pt2.patch,
  gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch: New
  files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
2016-01-28 00:34:20 -05:00

56 lines
2.3 KiB
Diff

Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/750e4cfc90f8
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233152
# HG changeset patch
# User Jan de Mooij <jdemooij@mozilla.com>
# Date 1451478493 -3600
# Node ID 750e4cfc90f80df657e44c9c63b1865023d88682
# Parent 93617c30c0df35f719dead526b78649d564f5ac3
Bug 1233152 - Use PersistentRooted for ParseTask script and sourceObject. r=terrence a=abillings
diff --git a/js/src/vm/HelperThreads.cpp b/js/src/vm/HelperThreads.cpp
--- a/js/src/vm/HelperThreads.cpp
+++ b/js/src/vm/HelperThreads.cpp
@@ -198,17 +198,17 @@ static const JSClass parseTaskGlobalClas
ParseTask::ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal, JSContext* initCx,
const char16_t* chars, size_t length,
JS::OffThreadCompileCallback callback, void* callbackData)
: cx(cx), options(initCx), chars(chars), length(length),
alloc(JSRuntime::TEMP_LIFO_ALLOC_PRIMARY_CHUNK_SIZE),
exclusiveContextGlobal(initCx, exclusiveContextGlobal),
callback(callback), callbackData(callbackData),
- script(nullptr), errors(cx), overRecursed(false)
+ script(initCx->runtime(), nullptr), errors(cx), overRecursed(false)
{
}
bool
ParseTask::init(JSContext* cx, const ReadOnlyCompileOptions& options)
{
if (!this->options.copy(cx, options))
return false;
diff --git a/js/src/vm/HelperThreads.h b/js/src/vm/HelperThreads.h
--- a/js/src/vm/HelperThreads.h
+++ b/js/src/vm/HelperThreads.h
@@ -472,17 +472,17 @@ struct ParseTask
// Callback invoked off the main thread when the parse finishes.
JS::OffThreadCompileCallback callback;
void* callbackData;
// Holds the final script between the invocation of the callback and the
// point where FinishOffThreadScript is called, which will destroy the
// ParseTask.
- JSScript* script;
+ PersistentRootedScript script;
// Any errors or warnings produced during compilation. These are reported
// when finishing the script.
Vector<frontend::CompileError*> errors;
bool overRecursed;
ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal,
JSContext* initCx, const char16_t* chars, size_t length,