guix-play/gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch
Mark H Weaver 98d9182205
gnu: icecat: Add fixes for CVE-2016-{2818,2819,2821,2824,2828,2831}.
* gnu/packages/patches/icecat-CVE-2016-2818-pt1.patch,
gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch,
gnu/packages/patches/icecat-CVE-2016-2818-pt3.patch,
gnu/packages/patches/icecat-CVE-2016-2818-pt4.patch,
gnu/packages/patches/icecat-CVE-2016-2818-pt5.patch,
gnu/packages/patches/icecat-CVE-2016-2818-pt6.patch,
gnu/packages/patches/icecat-CVE-2016-2818-pt7.patch,
gnu/packages/patches/icecat-CVE-2016-2818-pt8.patch,
gnu/packages/patches/icecat-CVE-2016-2818-pt9.patch,
gnu/packages/patches/icecat-CVE-2016-2819.patch,
gnu/packages/patches/icecat-CVE-2016-2821.patch,
gnu/packages/patches/icecat-CVE-2016-2824.patch,
gnu/packages/patches/icecat-CVE-2016-2828.patch,
gnu/packages/patches/icecat-CVE-2016-2831.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
2016-06-08 14:26:54 -04:00

30 lines
1.1 KiB
Diff

changeset: 312044:09418166fd77
user: Jon Coppeard <jcoppeard@mozilla.com>
Date: Wed May 11 10:14:45 2016 +0100
summary: Bug 1264575 - Add missing pre-barrier in Ion r=jandem a=ritu
diff -r 9cc65cca1f71 -r 09418166fd77 js/src/jit-test/tests/self-hosting/bug1264575.js
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/js/src/jit-test/tests/self-hosting/bug1264575.js Wed May 11 10:14:45 2016 +0100
@@ -0,0 +1,7 @@
+function f(x, [y]) {}
+f(0, []);
+// jsfunfuzz-generated
+let i = 0;
+for (var z of [0, 0, 0]) {
+ verifyprebarriers();
+}
diff -r 9cc65cca1f71 -r 09418166fd77 js/src/jit/MCallOptimize.cpp
--- a/js/src/jit/MCallOptimize.cpp Mon May 16 15:11:24 2016 -0400
+++ b/js/src/jit/MCallOptimize.cpp Wed May 11 10:14:45 2016 +0100
@@ -2263,7 +2263,8 @@
callInfo.setImplicitlyUsedUnchecked();
- MStoreFixedSlot* store = MStoreFixedSlot::New(alloc(), callInfo.getArg(0), slot, callInfo.getArg(2));
+ MStoreFixedSlot* store =
+ MStoreFixedSlot::NewBarriered(alloc(), callInfo.getArg(0), slot, callInfo.getArg(2));
current->add(store);
current->push(store);