diff options
| author | Mark H Weaver <mhw@netris.org> | 2016-01-28 00:22:49 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2016-01-28 00:34:20 -0500 |
| commit | 29a780147d066d5ce218d1fa2678a0a36a1145e3 (patch) | |
| tree | 447a0dd62011ec61c4fb5b39a72612e24ae3bdf6 /gnu/packages/patches/icecat-bug-1146335-pt2.patch | |
| parent | a394c60aa381d2284e382b48af990b6bdc5f33b4 (diff) | |
gnu: icecat: Add fixes for CVE-2016-{1930,1935} and other bugs.
* gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch,
gnu/packages/patches/icecat-CVE-2016-1935.patch,
gnu/packages/patches/icecat-bug-1146335-pt1.patch,
gnu/packages/patches/icecat-bug-1146335-pt2.patch,
gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch: New
files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-bug-1146335-pt2.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-bug-1146335-pt2.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-bug-1146335-pt2.patch b/gnu/packages/patches/icecat-bug-1146335-pt2.patch new file mode 100644 index 0000000000..240e0cfc66 --- /dev/null +++ b/gnu/packages/patches/icecat-bug-1146335-pt2.patch @@ -0,0 +1,43 @@ +Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/8bfaa27698ca +Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1146335 + +# HG changeset patch +# User Seth Fowler <mark.seth.fowler@gmail.com> +# Date 1428627143 25200 +# Node ID 8bfaa27698ca0720d5c9f3910ab7148b38db0625 +# Parent 9d14787bd10e6f3013263a2cae0bcc78bebde1db +Bug 1146335 (Part 2) - Fix an off-by-one error in image::Downscaler. r=tn a=lizzard + +diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp +--- a/image/src/Downscaler.cpp ++++ b/image/src/Downscaler.cpp +@@ -160,20 +160,26 @@ Downscaler::CommitRow() + int32_t inLineToRead = filterOffset + mLinesInBuffer; + MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input"); + if (mCurrentInLine == inLineToRead) { + skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter, + mWindow[mLinesInBuffer++], mHasAlpha, + /* use_sse2 = */ true); + } + +- while (mLinesInBuffer == filterLength && +- mCurrentOutLine < mTargetSize.height) { ++ MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, ++ "Writing past end of output"); ++ ++ while (mLinesInBuffer == filterLength) { + DownscaleInputLine(); + ++ if (mCurrentOutLine == mTargetSize.height) { ++ break; // We're done. ++ } ++ + GetFilterOffsetAndLength(mYFilter, mCurrentOutLine, + &filterOffset, &filterLength); + } + + mCurrentInLine += 1; + } + + bool + |