dde2a94c09
* gnu/packages/patches/icecat-CVE-2016-2805.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt1.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt2.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt3.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt4.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt5.patch, gnu/packages/patches/icecat-CVE-2016-2808.patch, gnu/packages/patches/icecat-CVE-2016-2814.patch, gnu/packages/patches/icecat-update-bundled-graphite2: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches. icecat fixup
36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
Copied from https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/3fdd280fa099
|
|
|
|
# HG changeset patch
|
|
# User Carsten "Tomcat" Book <cbook@mozilla.com>
|
|
# Date 1461123938 -7200
|
|
# Node ID 3fdd280fa099b6453ce9fd9905af883bc2ebce24
|
|
# Parent 52dfdd37150d62f708dc5bf61dd28f3967596788
|
|
Bug 1252707 - a=sylvestre
|
|
|
|
diff --git a/js/src/vm/Shape.cpp b/js/src/vm/Shape.cpp
|
|
--- a/js/src/vm/Shape.cpp
|
|
+++ b/js/src/vm/Shape.cpp
|
|
@@ -382,18 +382,20 @@ NativeObject::getChildPropertyOnDictiona
|
|
|
|
if (obj->inDictionaryMode()) {
|
|
MOZ_ASSERT(parent == obj->lastProperty());
|
|
RootedGeneric<StackShape*> childRoot(cx, &child);
|
|
shape = childRoot->isAccessorShape() ? NewGCAccessorShape(cx) : NewGCShape(cx);
|
|
if (!shape)
|
|
return nullptr;
|
|
if (childRoot->hasSlot() && childRoot->slot() >= obj->lastProperty()->base()->slotSpan()) {
|
|
- if (!obj->setSlotSpan(cx, childRoot->slot() + 1))
|
|
+ if (!obj->setSlotSpan(cx, childRoot->slot() + 1)) {
|
|
+ new (shape) Shape(obj->lastProperty()->base()->unowned(), 0);
|
|
return nullptr;
|
|
+ }
|
|
}
|
|
shape->initDictionaryShape(*childRoot, obj->numFixedSlots(), &obj->shape_);
|
|
}
|
|
|
|
return shape;
|
|
}
|
|
|
|
/* static */ Shape*
|
|
|