guix/gnu/packages/patches/icecat-CVE-2016-1935.patch
Mark H Weaver 29a780147d gnu: icecat: Add fixes for CVE-2016-{1930,1935} and other bugs.
* gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch,
  gnu/packages/patches/icecat-CVE-2016-1935.patch,
  gnu/packages/patches/icecat-bug-1146335-pt1.patch,
  gnu/packages/patches/icecat-bug-1146335-pt2.patch,
  gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch: New
  files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
2016-01-28 00:34:20 -05:00

78 lines
2.7 KiB
Diff

Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/f9aad6c0253a
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1220450
# HG changeset patch
# User Jeff Gilbert <jgilbert@mozilla.com>
# Date 1452570660 28800
# Node ID f9aad6c0253a3b81699a3d7a05e78615dd814ea3
# Parent c47640f24251b48c0bba9d2f0f6ee059eca58362
Bug 1220450 - Clear length on cache OOM. r=kamidphish, a=ritu
diff --git a/dom/canvas/WebGLContextBuffers.cpp b/dom/canvas/WebGLContextBuffers.cpp
--- a/dom/canvas/WebGLContextBuffers.cpp
+++ b/dom/canvas/WebGLContextBuffers.cpp
@@ -185,16 +185,17 @@ WebGLContext::BufferData(GLenum target,
if (error) {
GenerateWarning("bufferData generated error %s", ErrorName(error));
return;
}
boundBuffer->SetByteLength(size);
if (!boundBuffer->ElementArrayCacheBufferData(nullptr, size)) {
+ boundBuffer->SetByteLength(0);
return ErrorOutOfMemory("bufferData: out of memory");
}
}
void
WebGLContext::BufferData(GLenum target,
const dom::Nullable<dom::ArrayBuffer>& maybeData,
GLenum usage)
@@ -234,18 +235,20 @@ WebGLContext::BufferData(GLenum target,
GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage);
if (error) {
GenerateWarning("bufferData generated error %s", ErrorName(error));
return;
}
boundBuffer->SetByteLength(data.Length());
- if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length()))
+ if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length())) {
+ boundBuffer->SetByteLength(0);
return ErrorOutOfMemory("bufferData: out of memory");
+ }
}
void
WebGLContext::BufferData(GLenum target, const dom::ArrayBufferView& data,
GLenum usage)
{
if (IsContextLost())
return;
@@ -274,18 +277,20 @@ WebGLContext::BufferData(GLenum target,
GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage);
if (error) {
GenerateWarning("bufferData generated error %s", ErrorName(error));
return;
}
boundBuffer->SetByteLength(data.Length());
- if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length()))
+ if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length())) {
+ boundBuffer->SetByteLength(0);
return ErrorOutOfMemory("bufferData: out of memory");
+ }
}
void
WebGLContext::BufferSubData(GLenum target, WebGLsizeiptr byteOffset,
const dom::Nullable<dom::ArrayBuffer>& maybeData)
{
if (IsContextLost())
return;