aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2016-05-25 21:21:42 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2016-05-25 21:22:54 +0000
commitd4346ba273a38e0de47a4a858a281a5dc4f692f0 (patch)
tree8e5c719a95d1235689199c351274f7fc7b78140a
parent3d491c7d11c2856c46f397a1004c7ba47676c4d1 (diff)
downloadaports-d4346ba273a38e0de47a4a858a281a5dc4f692f0.tar.bz2
aports-d4346ba273a38e0de47a4a858a281a5dc4f692f0.tar.xz
testing/firefox: fix stack overflow in brotli decompressor
fixes #5559 https://bugzilla.mozilla.org/show_bug.cgi?id=1274732
-rw-r--r--testing/firefox/APKBUILD6
-rw-r--r--testing/firefox/fix-stack-overflow.patch45
2 files changed, 50 insertions, 1 deletions
diff --git a/testing/firefox/APKBUILD b/testing/firefox/APKBUILD
index 404b8d3785..42cb186b00 100644
--- a/testing/firefox/APKBUILD
+++ b/testing/firefox/APKBUILD
@@ -4,7 +4,7 @@ pkgname=firefox
pkgver=46.0.1
_pkgver=$pkgver
_xulver=$pkgver
-pkgrel=0
+pkgrel=1
pkgdesc="Firefox web browser"
url="http://www.firefox.com"
arch="all"
@@ -71,6 +71,7 @@ source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkg
libavutil.patch
mallinfo.patch
firefox-gtk3-20.patch
+ fix-stack-overflow.patch
firefox.desktop
firefox-safe.desktop"
@@ -188,6 +189,7 @@ f29e0036edc7b3a4158a82fa97bde500 fix-fortify-inline.patch
b8b2a3cdb38f402e4eb4885908233811 libavutil.patch
0db0cce8350d59a91ae2c4f0400f7146 mallinfo.patch
4398feb7543ef216a9f4a3690ea97180 firefox-gtk3-20.patch
+0538d10d2a14576c5aad6048c942a42c fix-stack-overflow.patch
ba96924ece1d77453e462429037a2ce5 firefox.desktop
6f38a5899034b7786cb1f75ad42032b8 firefox-safe.desktop"
sha256sums="98b8292a31b7e3e426f3204de1fed2a6ab38dcf64dd27bdfae556b407a198bf9 firefox-46.0.1.source.tar.xz
@@ -208,6 +210,7 @@ a1ba79ec0c50c19edcfb24bb2686a718a77b02035e412989b9208b9b818abe14 allow-utf8-fal
83113f1fbc0389602b3623e8a5428d41837c4ec9557615c37ca05619526a7404 libavutil.patch
2f564fa5f347f3c7f20d589ef273f000ca9c9aeca2c6ad0fb5b15bfc715d8b81 mallinfo.patch
440c3e22d98ecf8c44dcedbe90bbb302da3a059e3fc3fba205d89f0eca329cbf firefox-gtk3-20.patch
+e568adf5d43220b831fd538b4387c14c046efc1bdab4257467fbfd86ee5830aa fix-stack-overflow.patch
b571c4a49884a3c98806246c9cc3e60c73d5a8f4aeb7f96217db0be1d6210eda firefox.desktop
4b6de45753856a890f4482055666e77f9b01bdfb7e0df08bafaa3a4d9937eed3 firefox-safe.desktop"
sha512sums="c58642774f93ceaef4f99bc3fe578db6e4f6de7f1d23080da97b61bc4fc6b516ce99fa04368893c0fa2cb9cd0b36e96955656daa97d0bd0d8f4da6a2d364cb98 firefox-46.0.1.source.tar.xz
@@ -228,5 +231,6 @@ ebbc2b1336197c289e9b7c073d196fb5734e1dad0109fe70538f8089b1873e4b55305cd39cefcf95
2213dbd7eb36f954add09977c0bb979aea79376164bc98d7e8957ecf584776bc11cc88b6d8235f9e04ac69d5975a47c2f52fd9aff9076326f15997657af8c9f3 libavutil.patch
bdcd1b402d2ec94957ba5d08cbad7b1a7f59c251c311be9095208491a05abb05a956c79f27908e1f26b54a3679387b2f33a51e945b650671ad85c0a2d59a5a29 mallinfo.patch
ee891acc644bea7eeccea8414292ada80d813864ce003d03189c9ef4f7e2c97e7209301725b1d55a02dd7af497eb9c7493fafc208b5a5fde574ddcf1bf7870c4 firefox-gtk3-20.patch
+c815131b04e25162d8b32e75e58c3f670492996a41a0cc27a72432ed37fb3a5488a6eb474c2a1bf455d3546cde3b6871b46bcdbef8e2f37d1133c40819aa6f11 fix-stack-overflow.patch
f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454 firefox.desktop
5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed firefox-safe.desktop"
diff --git a/testing/firefox/fix-stack-overflow.patch b/testing/firefox/fix-stack-overflow.patch
new file mode 100644
index 0000000000..e164fc69b6
--- /dev/null
+++ b/testing/firefox/fix-stack-overflow.patch
@@ -0,0 +1,45 @@
+https://bugs.alpinelinux.org/issues/5559
+https://bugzilla.mozilla.org/show_bug.cgi?id=1274732
+
+diff --git a/netwerk/streamconv/converters/nsHTTPCompressConv.cpp b/netwerk/streamconv/converters/nsHTTPCompressConv.cpp
+index 1193529..aeb96b5 100644
+--- a/netwerk/streamconv/converters/nsHTTPCompressConv.cpp
++++ b/netwerk/streamconv/converters/nsHTTPCompressConv.cpp
+@@ -165,9 +165,8 @@ nsHTTPCompressConv::BrotliHandler(nsIInputStream *stream, void *closure, const c
+ nsHTTPCompressConv *self = static_cast<nsHTTPCompressConv *>(closure);
+ *countRead = 0;
+
+- const uint32_t kOutSize = 128 * 1024; // just a chunk size, we call in a loop
+- unsigned char outBuffer[kOutSize];
+- unsigned char *outPtr;
++ const size_t kOutSize = 128 * 1024; // just a chunk size, we call in a loop
++ uint8_t *outPtr;
+ size_t outSize;
+ size_t avail = aAvail;
+ BrotliResult res;
+@@ -177,9 +176,15 @@ nsHTTPCompressConv::BrotliHandler(nsIInputStream *stream, void *closure, const c
+ return NS_OK;
+ }
+
++ auto outBuffer = MakeUniqueFallible<uint8_t[]>(kOutSize);
++ if (outBuffer == nullptr) {
++ self->mBrotli->mStatus = NS_ERROR_OUT_OF_MEMORY;
++ return self->mBrotli->mStatus;
++ }
++
+ do {
+ outSize = kOutSize;
+- outPtr = outBuffer;
++ outPtr = outBuffer.get();
+
+ // brotli api is documented in brotli/dec/decode.h and brotli/dec/decode.c
+ LOG(("nsHttpCompresssConv %p brotlihandler decompress %d\n", self, avail));
+@@ -210,7 +215,7 @@ nsHTTPCompressConv::BrotliHandler(nsIInputStream *stream, void *closure, const c
+ nsresult rv = self->do_OnDataAvailable(self->mBrotli->mRequest,
+ self->mBrotli->mContext,
+ self->mBrotli->mSourceOffset,
+- reinterpret_cast<const char *>(outBuffer),
++ reinterpret_cast<const char *>(outBuffer.get()),
+ outSize);
+ LOG(("nsHttpCompressConv %p BrotliHandler ODA rv=%x", self, rv));
+ if (NS_FAILED(rv)) {