HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gnu: icecat: Add fixes for CVE-2016-{2818,2819,2821,2824,2828,2831}.
[jackhill/guix/guix.git] / gnu / packages / patches / icecat-CVE-2016-2819.patch
1 changeset: 312054:072992bf176d
2 user: Henri Sivonen <hsivonen@hsivonen.fi>
3 Date: Sun May 15 17:03:06 2016 +0300
4 summary: Bug 1270381. r=wchen. a=ritu
5
6 diff -r d30748143c21 -r 072992bf176d parser/html/javasrc/TreeBuilder.java
7 --- a/parser/html/javasrc/TreeBuilder.java Mon May 09 18:05:32 2016 -0700
8 +++ b/parser/html/javasrc/TreeBuilder.java Sun May 15 17:03:06 2016 +0300
9 @@ -39,6 +39,11 @@
10 import java.util.HashMap;
11 import java.util.Map;
12
13 +import org.xml.sax.ErrorHandler;
14 +import org.xml.sax.Locator;
15 +import org.xml.sax.SAXException;
16 +import org.xml.sax.SAXParseException;
17 +
18 import nu.validator.htmlparser.annotation.Auto;
19 import nu.validator.htmlparser.annotation.Const;
20 import nu.validator.htmlparser.annotation.IdType;
21 @@ -54,11 +59,6 @@
22 import nu.validator.htmlparser.common.TokenHandler;
23 import nu.validator.htmlparser.common.XmlViolationPolicy;
24
25 -import org.xml.sax.ErrorHandler;
26 -import org.xml.sax.Locator;
27 -import org.xml.sax.SAXException;
28 -import org.xml.sax.SAXParseException;
29 -
30 public abstract class TreeBuilder<T> implements TokenHandler,
31 TreeBuilderState<T> {
32
33 @@ -1924,7 +1924,6 @@
34 break starttagloop;
35 }
36 generateImpliedEndTags();
37 - // XXX is the next if dead code?
38 if (errorHandler != null && !isCurrent("table")) {
39 errNoCheckUnclosedElementsOnStack();
40 }
41 @@ -2183,11 +2182,11 @@
42 pop();
43 }
44 break;
45 - } else if (node.isSpecial()
46 + } else if (eltPos == 0 || (node.isSpecial()
47 && (node.ns != "http://www.w3.org/1999/xhtml"
48 - || (node.name != "p"
49 - && node.name != "address"
50 - && node.name != "div"))) {
51 + || (node.name != "p"
52 + && node.name != "address"
53 + && node.name != "div")))) {
54 break;
55 }
56 eltPos--;
57 @@ -3878,7 +3877,7 @@
58 pop();
59 }
60 break endtagloop;
61 - } else if (node.isSpecial()) {
62 + } else if (eltPos == 0 || node.isSpecial()) {
63 errStrayEndTag(name);
64 break endtagloop;
65 }
66 @@ -4745,6 +4744,7 @@
67 int furthestBlockPos = formattingEltStackPos + 1;
68 while (furthestBlockPos <= currentPtr) {
69 StackNode<T> node = stack[furthestBlockPos]; // weak ref
70 + assert furthestBlockPos > 0: "How is formattingEltStackPos + 1 not > 0?";
71 if (node.isSpecial()) {
72 break;
73 }
74 diff -r d30748143c21 -r 072992bf176d parser/html/nsHtml5TreeBuilder.cpp
75 --- a/parser/html/nsHtml5TreeBuilder.cpp Mon May 09 18:05:32 2016 -0700
76 +++ b/parser/html/nsHtml5TreeBuilder.cpp Sun May 15 17:03:06 2016 +0300
77 @@ -1102,7 +1102,7 @@
78 pop();
79 }
80 break;
81 - } else if (node->isSpecial() && (node->ns != kNameSpaceID_XHTML || (node->name != nsHtml5Atoms::p && node->name != nsHtml5Atoms::address && node->name != nsHtml5Atoms::div))) {
82 + } else if (!eltPos || (node->isSpecial() && (node->ns != kNameSpaceID_XHTML || (node->name != nsHtml5Atoms::p && node->name != nsHtml5Atoms::address && node->name != nsHtml5Atoms::div)))) {
83 break;
84 }
85 eltPos--;
86 @@ -2749,7 +2749,7 @@
87 pop();
88 }
89 NS_HTML5_BREAK(endtagloop);
90 - } else if (node->isSpecial()) {
91 + } else if (!eltPos || node->isSpecial()) {
92 errStrayEndTag(name);
93 NS_HTML5_BREAK(endtagloop);
94 }
95 @@ -3593,6 +3593,7 @@
96 int32_t furthestBlockPos = formattingEltStackPos + 1;
97 while (furthestBlockPos <= currentPtr) {
98 nsHtml5StackNode* node = stack[furthestBlockPos];
99 + MOZ_ASSERT(furthestBlockPos > 0, "How is formattingEltStackPos + 1 not > 0?");
100 if (node->isSpecial()) {
101 break;
102 }
jackhill's copy of GNU Guix: https://guix.gnu.org/