futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b9da375999
guix-play/gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch
Mark H Weaver 29a780147d gnu: icecat: Add fixes for CVE-2016-{1930,1935} and other bugs. 
* gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch,
  gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch,
  gnu/packages/patches/icecat-CVE-2016-1935.patch,
  gnu/packages/patches/icecat-bug-1146335-pt1.patch,
  gnu/packages/patches/icecat-bug-1146335-pt2.patch,
  gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch: New
  files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
2016-01-28 00:34:20 -05:00

49 lines
1.7 KiB
Diff
Raw Blame History

Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/4444e94a99cb
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1221385
# HG changeset patch
# User Jan de Mooij <jdemooij@mozilla.com>
# Date 1451478429 -3600
# Node ID 4444e94a99cb9b00c0351cc8bf5459739cc036a5
# Parent 750e4cfc90f80df657e44c9c63b1865023d88682
Bug 1221385 - Handle OOM during JitRuntime initialization a bit better. r=bhackett a=abillings
diff --git a/js/src/jscompartment.cpp b/js/src/jscompartment.cpp
--- a/js/src/jscompartment.cpp
+++ b/js/src/jscompartment.cpp
@@ -138,28 +138,20 @@ JSRuntime::createJitRuntime(JSContext* c
// Protect jitRuntime_ from being observed (by InterruptRunningJitCode)
// while it is being initialized. Unfortunately, initialization depends on
// jitRuntime_ being non-null, so we can't just wait to assign jitRuntime_.
JitRuntime::AutoMutateBackedges amb(jrt);
jitRuntime_ = jrt;
if (!jitRuntime_->initialize(cx)) {
- js_ReportOutOfMemory(cx);
-
- js_delete(jitRuntime_);
- jitRuntime_ = nullptr;
-
- JSCompartment* comp = cx->runtime()->atomsCompartment();
- if (comp->jitCompartment_) {
- js_delete(comp->jitCompartment_);
- comp->jitCompartment_ = nullptr;
- }
-
- return nullptr;
+ // Handling OOM here is complicated: if we delete jitRuntime_ now, we
+ // will destroy the ExecutableAllocator, even though there may still be
+ // JitCode instances holding references to ExecutablePools.
+ CrashAtUnhandlableOOM("OOM in createJitRuntime");
}
return jitRuntime_;
}
bool
JSCompartment::ensureJitCompartmentExists(JSContext* cx)
{
Reference in New Issue View Git Blame Copy Permalink