diff options
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch | 89 |
1 files changed, 0 insertions, 89 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch deleted file mode 100644 index 58e61d080c..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 97ba04bf95606b409b1b3035504a41c274ecffe2 Mon Sep 17 00:00:00 2001 -From: Shu-yu Guo <shu@rfrn.org> -Date: Mon, 26 Jan 2015 18:26:25 -0800 -Subject: [PATCH] Bug 1119579 - Don't GC while iterating compartments in - findAllGlobals. r=sfink, a=abillings - ---- - js/src/vm/Debugger.cpp | 56 ++++++++++++++++++++++++++++++-------------------- - 1 file changed, 34 insertions(+), 22 deletions(-) - -diff --git a/js/src/vm/Debugger.cpp b/js/src/vm/Debugger.cpp -index 27e993d..a8decef 100644 ---- a/js/src/vm/Debugger.cpp -+++ b/js/src/vm/Debugger.cpp -@@ -2825,37 +2825,49 @@ Debugger::findAllGlobals(JSContext *cx, unsigned argc, Value *vp) - { - THIS_DEBUGGER(cx, argc, vp, "findAllGlobals", args, dbg); - -- RootedObject result(cx, NewDenseEmptyArray(cx)); -- if (!result) -- return false; -+ AutoObjectVector globals(cx); - -- for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) { -- if (c->options().invisibleToDebugger()) -- continue; -+ { -+ // Accumulate the list of globals before wrapping them, because -+ // wrapping can GC and collect compartments from under us, while -+ // iterating. - -- c->zone()->scheduledForDestruction = false; -+ for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) { -+ if (c->options().invisibleToDebugger()) -+ continue; - -- GlobalObject *global = c->maybeGlobal(); -+ c->zone()->scheduledForDestruction = false; - -- if (cx->runtime()->isSelfHostingGlobal(global)) -- continue; -+ GlobalObject *global = c->maybeGlobal(); - -- if (global) { -- /* -- * We pulled |global| out of nowhere, so it's possible that it was -- * marked gray by XPConnect. Since we're now exposing it to JS code, -- * we need to mark it black. -- */ -- JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT); -+ if (cx->runtime()->isSelfHostingGlobal(global)) -+ continue; - -- RootedValue globalValue(cx, ObjectValue(*global)); -- if (!dbg->wrapDebuggeeValue(cx, &globalValue)) -- return false; -- if (!NewbornArrayPush(cx, result, globalValue)) -- return false; -+ if (global) { -+ /* -+ * We pulled |global| out of nowhere, so it's possible that it was -+ * marked gray by XPConnect. Since we're now exposing it to JS code, -+ * we need to mark it black. -+ */ -+ JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT); -+ if (!globals.append(global)) -+ return false; -+ } - } - } - -+ RootedObject result(cx, NewDenseEmptyArray(cx)); -+ if (!result) -+ return false; -+ -+ for (size_t i = 0; i < globals.length(); i++) { -+ RootedValue globalValue(cx, ObjectValue(*globals[i])); -+ if (!dbg->wrapDebuggeeValue(cx, &globalValue)) -+ return false; -+ if (!NewbornArrayPush(cx, result, globalValue)) -+ return false; -+ } -+ - args.rval().setObject(*result); - return true; - } --- -2.2.1 - |