summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/icecat-CVE-2015-2740.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2740.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2740.patch52
1 files changed, 0 insertions, 52 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2740.patch b/gnu/packages/patches/icecat-CVE-2015-2740.patch
deleted file mode 100644
index caafa52a23..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2740.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From ccbae7ff07c2e72c48e0676adaa3e798990f33a1 Mon Sep 17 00:00:00 2001
-From: Andrea Marchesini <amarchesini@mozilla.com>
-Date: Tue, 23 Jun 2015 10:47:38 -0400
-Subject: [PATCH] Bug 1170809 - Improve the buffer size check in
- nsXMLHttpRequest::AppendToResponseText. r=ehsan, r=bz, a=abillings
-
----
- content/base/src/nsXMLHttpRequest.cpp | 15 +++++++++++----
- 1 file changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/content/base/src/nsXMLHttpRequest.cpp b/content/base/src/nsXMLHttpRequest.cpp
-index 56d1aa3..86425d7 100644
---- a/content/base/src/nsXMLHttpRequest.cpp
-+++ b/content/base/src/nsXMLHttpRequest.cpp
-@@ -655,13 +655,18 @@ nsXMLHttpRequest::AppendToResponseText(const char * aSrcBuffer,
- &destBufferLen);
- NS_ENSURE_SUCCESS(rv, rv);
-
-- if (!mResponseText.SetCapacity(mResponseText.Length() + destBufferLen, fallible_t())) {
-+ uint32_t size = mResponseText.Length() + destBufferLen;
-+ if (size < (uint32_t)destBufferLen) {
-+ return NS_ERROR_OUT_OF_MEMORY;
-+ }
-+
-+ if (!mResponseText.SetCapacity(size, fallible_t())) {
- return NS_ERROR_OUT_OF_MEMORY;
- }
-
- char16_t* destBuffer = mResponseText.BeginWriting() + mResponseText.Length();
-
-- int32_t totalChars = mResponseText.Length();
-+ CheckedInt32 totalChars = mResponseText.Length();
-
- // This code here is basically a copy of a similar thing in
- // nsScanner::Append(const char* aBuffer, uint32_t aLen).
-@@ -674,9 +679,11 @@ nsXMLHttpRequest::AppendToResponseText(const char * aSrcBuffer,
- MOZ_ASSERT(NS_SUCCEEDED(rv));
-
- totalChars += destlen;
-+ if (!totalChars.isValid()) {
-+ return NS_ERROR_OUT_OF_MEMORY;
-+ }
-
-- mResponseText.SetLength(totalChars);
--
-+ mResponseText.SetLength(totalChars.value());
- return NS_OK;
- }
-
---
-2.4.3
-
generated by cgit v1.2.3 (git 2.45.2) at 2024-07-13 10:49:54 +0000