gnu: icecat: Add fixes for CVE-2016-{1930,1935} and other bugs.

* gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch, gnu/packages/patches/icecat-CVE-2016-1935.patch, gnu/packages/patches/icecat-bug-1146335-pt1.patch, gnu/packages/patches/icecat-bug-1146335-pt2.patch, gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
author: Mark H Weaver <mhw@netris.org> 2016-01-28 00:22:49 -0500
committer: Mark H Weaver <mhw@netris.org> 2016-01-28 00:34:20 -0500
commit: 29a780147d066d5ce218d1fa2678a0a36a1145e3 (patch)
tree: 447a0dd62011ec61c4fb5b39a72612e24ae3bdf6 /gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch
parent: a394c60aa381d2284e382b48af990b6bdc5f33b4 (diff)
download: guix-29a780147d066d5ce218d1fa2678a0a36a1145e3.tar.gz
guix-29a780147d066d5ce218d1fa2678a0a36a1145e3.zip
1 files changed, 73 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch b/gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch
new file mode 100644
index 0000000000..5a3a934dba
--- /dev/null
+++ b/gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch
@@ -0,0 +1,73 @@
+Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/9632375c6aac
+
+# HG changeset patch
+# User Jeff Gilbert <jdashg@gmail.com>
+# Date 1453320785 28800
+# Node ID 9632375c6aacbf673b996b53231d70b91e480fb5
+# Parent  ee68c3dae5f639fdd439f69ef2f724067fce0ea6
+Limit max buffers size for ANGLE. r=jrmuizel a=lizzard
+
+diff --git a/dom/canvas/WebGLContextBuffers.cpp b/dom/canvas/WebGLContextBuffers.cpp
+--- a/dom/canvas/WebGLContextBuffers.cpp
++++ b/dom/canvas/WebGLContextBuffers.cpp
+@@ -164,16 +164,19 @@ WebGLContext::BufferData(GLenum target, 
+ 
+     if (!ValidateBufferUsageEnum(usage, "bufferData: usage"))
+         return;
+ 
+     // careful: WebGLsizeiptr is always 64-bit, but GLsizeiptr is like intptr_t.
+     if (!CheckedInt<GLsizeiptr>(size).isValid())
+         return ErrorOutOfMemory("bufferData: bad size");
+ 
++    if (gl->IsANGLE() && size > UINT32_MAX)
++        return ErrorOutOfMemory("bufferData: size too large");
++
+     WebGLBuffer* boundBuffer = bufferSlot.get();
+ 
+     if (!boundBuffer)
+         return ErrorInvalidOperation("bufferData: no buffer bound!");
+ 
+     UniquePtr<uint8_t> zeroBuffer((uint8_t*)moz_calloc(size, 1));
+     if (!zeroBuffer)
+         return ErrorOutOfMemory("bufferData: out of memory");
+@@ -216,16 +219,19 @@ WebGLContext::BufferData(GLenum target,
+     const dom::ArrayBuffer& data = maybeData.Value();
+     data.ComputeLengthAndData();
+ 
+     // Careful: data.Length() could conceivably be any uint32_t, but GLsizeiptr
+     // is like intptr_t.
+     if (!CheckedInt<GLsizeiptr>(data.Length()).isValid())
+         return ErrorOutOfMemory("bufferData: bad size");
+ 
++    if (gl->IsANGLE() && data.Length() > UINT32_MAX)
++        return ErrorOutOfMemory("bufferData: size too large");
++
+     if (!ValidateBufferUsageEnum(usage, "bufferData: usage"))
+         return;
+ 
+     WebGLBuffer* boundBuffer = bufferSlot.get();
+ 
+     if (!boundBuffer)
+         return ErrorInvalidOperation("bufferData: no buffer bound!");
+ 
+@@ -267,16 +273,19 @@ WebGLContext::BufferData(GLenum target, 
+ 
+     data.ComputeLengthAndData();
+ 
+     // Careful: data.Length() could conceivably be any uint32_t, but GLsizeiptr
+     // is like intptr_t.
+     if (!CheckedInt<GLsizeiptr>(data.Length()).isValid())
+         return ErrorOutOfMemory("bufferData: bad size");
+ 
++    if (gl->IsANGLE() && data.Length() > UINT32_MAX)
++        return ErrorOutOfMemory("bufferData: size too large");
++
+     InvalidateBufferFetching();
+     MakeContextCurrent();
+ 
+     GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage);
+     if (error) {
+         GenerateWarning("bufferData generated error %s", ErrorName(error));
+         return;
+     }
+
author	Mark H Weaver <mhw@netris.org>	2016-01-28 00:22:49 -0500
committer	Mark H Weaver <mhw@netris.org>	2016-01-28 00:34:20 -0500
commit	29a780147d066d5ce218d1fa2678a0a36a1145e3 (patch)
tree	447a0dd62011ec61c4fb5b39a72612e24ae3bdf6 /gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch
parent	a394c60aa381d2284e382b48af990b6bdc5f33b4 (diff)
download	guix-29a780147d066d5ce218d1fa2678a0a36a1145e3.tar.gz guix-29a780147d066d5ce218d1fa2678a0a36a1145e3.zip