forked from pool/MozillaFirefox
a7f369b4c2
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
* MFSA 2012-36/CVE-2012-1944 (bmo#751422)
Content Security Policy inline-script bypass
* MFSA 2012-37/CVE-2012-1945 (bmo#670514)
Information disclosure though Windows file shares and shortcut
files
* MFSA 2012-38/CVE-2012-1946 (bmo#750109)
Use-after-free while replacing/inserting a node in a document
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using Address
Sanitizer
- require NSS 3.13.4
* MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- fix sound notifications when filename/path contains a whitespace
(bmo#749739)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=280
213 lines
6.1 KiB
Diff
213 lines
6.1 KiB
Diff
diff --git a/js/src/Makefile.in b/js/src/Makefile.in
|
|
--- a/js/src/Makefile.in
|
|
+++ b/js/src/Makefile.in
|
|
@@ -332,30 +332,33 @@ CPPSRCS += checks.cc \
|
|
platform.cc \
|
|
utils.cc \
|
|
$(NONE)
|
|
|
|
#
|
|
# END enclude sources for V8 dtoa
|
|
#############################################
|
|
|
|
-# For architectures without YARR JIT, PCRE is faster than the YARR
|
|
-# interpreter (bug 684559).
|
|
-
|
|
ifeq (,$(filter arm% sparc %86 x86_64 mips%,$(TARGET_CPU)))
|
|
|
|
-VPATH += $(srcdir)/yarr/pcre \
|
|
+VPATH += $(srcdir)/assembler \
|
|
+ $(srcdir)/assembler/wtf \
|
|
+ $(srcdir)/assembler/jit \
|
|
+ $(srcdir)/yarr \
|
|
$(NULL)
|
|
|
|
-CPPSRCS += \
|
|
- pcre_compile.cpp \
|
|
- pcre_exec.cpp \
|
|
- pcre_tables.cpp \
|
|
- pcre_xclass.cpp \
|
|
- pcre_ucp_searchfuncs.cpp \
|
|
+CPPSRCS += ExecutableAllocator.cpp \
|
|
+ ExecutableAllocatorPosix.cpp \
|
|
+ OSAllocatorOS2.cpp \
|
|
+ OSAllocatorPosix.cpp \
|
|
+ OSAllocatorWin.cpp \
|
|
+ PageBlock.cpp \
|
|
+ YarrInterpreter.cpp \
|
|
+ YarrPattern.cpp \
|
|
+ YarrSyntaxChecker.cpp \
|
|
$(NULL)
|
|
else
|
|
|
|
###############################################
|
|
# BEGIN include sources for the Nitro assembler
|
|
#
|
|
|
|
ENABLE_YARR_JIT = 1
|
|
diff --git a/js/src/assembler/jit/ExecutableAllocator.h b/js/src/assembler/jit/ExecutableAllocator.h
|
|
--- a/js/src/assembler/jit/ExecutableAllocator.h
|
|
+++ b/js/src/assembler/jit/ExecutableAllocator.h
|
|
@@ -462,18 +462,16 @@ public:
|
|
: "r" (code), "r" (reinterpret_cast<char*>(code) + size)
|
|
: "r0", "r1", "r2");
|
|
}
|
|
#elif WTF_CPU_SPARC
|
|
static void cacheFlush(void* code, size_t size)
|
|
{
|
|
sync_instruction_memory((caddr_t)code, size);
|
|
}
|
|
-#else
|
|
- #error "The cacheFlush support is missing on this platform."
|
|
#endif
|
|
|
|
private:
|
|
|
|
#if ENABLE_ASSEMBLER_WX_EXCLUSIVE
|
|
static void reprotectRegion(void*, size_t, ProtectionSetting);
|
|
#endif
|
|
|
|
diff --git a/js/src/vm/RegExpObject-inl.h b/js/src/vm/RegExpObject-inl.h
|
|
--- a/js/src/vm/RegExpObject-inl.h
|
|
+++ b/js/src/vm/RegExpObject-inl.h
|
|
@@ -132,16 +132,17 @@ RegExpObject::setMultiline(bool enabled)
|
|
}
|
|
|
|
inline void
|
|
RegExpObject::setSticky(bool enabled)
|
|
{
|
|
setSlot(STICKY_FLAG_SLOT, BooleanValue(enabled));
|
|
}
|
|
|
|
+#if ENABLE_YARR_JIT
|
|
/* This function should be deleted once bad Android platforms phase out. See bug 604774. */
|
|
inline bool
|
|
detail::RegExpCode::isJITRuntimeEnabled(JSContext *cx)
|
|
{
|
|
#if defined(ANDROID) && defined(JS_METHODJIT)
|
|
return cx->methodJitEnabled;
|
|
#else
|
|
return true;
|
|
diff --git a/js/src/vm/RegExpObject.cpp b/js/src/vm/RegExpObject.cpp
|
|
--- a/js/src/vm/RegExpObject.cpp
|
|
+++ b/js/src/vm/RegExpObject.cpp
|
|
@@ -162,17 +162,16 @@ MatchPairs::checkAgainst(size_t inputLen
|
|
continue;
|
|
JS_ASSERT(size_t(p.limit) <= inputLength);
|
|
}
|
|
#endif
|
|
}
|
|
|
|
/* detail::RegExpCode */
|
|
|
|
-#if ENABLE_YARR_JIT
|
|
void
|
|
RegExpCode::reportYarrError(JSContext *cx, TokenStream *ts, ErrorCode error)
|
|
{
|
|
switch (error) {
|
|
case JSC::Yarr::NoError:
|
|
JS_NOT_REACHED("Called reportYarrError with value for no error");
|
|
return;
|
|
#define COMPILE_EMSG(__code, __msg) \
|
|
@@ -194,52 +193,16 @@ RegExpCode::reportYarrError(JSContext *c
|
|
COMPILE_EMSG(QuantifierTooLarge, JSMSG_BAD_QUANTIFIER);
|
|
COMPILE_EMSG(EscapeUnterminated, JSMSG_TRAILING_SLASH);
|
|
#undef COMPILE_EMSG
|
|
default:
|
|
JS_NOT_REACHED("Unknown Yarr error code");
|
|
}
|
|
}
|
|
|
|
-#else /* !ENABLE_YARR_JIT */
|
|
-
|
|
-void
|
|
-RegExpCode::reportPCREError(JSContext *cx, int error)
|
|
-{
|
|
-#define REPORT(msg_) \
|
|
- JS_ReportErrorFlagsAndNumberUC(cx, JSREPORT_ERROR, js_GetErrorMessage, NULL, msg_); \
|
|
- return
|
|
- switch (error) {
|
|
- case -2: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- case 0: JS_NOT_REACHED("Precondition violation: an error must have occurred.");
|
|
- case 1: REPORT(JSMSG_TRAILING_SLASH);
|
|
- case 2: REPORT(JSMSG_TRAILING_SLASH);
|
|
- case 3: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- case 4: REPORT(JSMSG_BAD_QUANTIFIER);
|
|
- case 5: REPORT(JSMSG_BAD_QUANTIFIER);
|
|
- case 6: REPORT(JSMSG_BAD_CLASS_RANGE);
|
|
- case 7: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- case 8: REPORT(JSMSG_BAD_CLASS_RANGE);
|
|
- case 9: REPORT(JSMSG_BAD_QUANTIFIER);
|
|
- case 10: REPORT(JSMSG_UNMATCHED_RIGHT_PAREN);
|
|
- case 11: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- case 12: REPORT(JSMSG_UNMATCHED_RIGHT_PAREN);
|
|
- case 13: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- case 14: REPORT(JSMSG_MISSING_PAREN);
|
|
- case 15: REPORT(JSMSG_BAD_BACKREF);
|
|
- case 16: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- case 17: REPORT(JSMSG_REGEXP_TOO_COMPLEX);
|
|
- default:
|
|
- JS_NOT_REACHED("Precondition violation: unknown PCRE error code.");
|
|
- }
|
|
-#undef REPORT
|
|
-}
|
|
-
|
|
-#endif /* ENABLE_YARR_JIT */
|
|
-
|
|
bool
|
|
RegExpCode::compile(JSContext *cx, JSLinearString &pattern, unsigned *parenCount, RegExpFlag flags)
|
|
{
|
|
#if ENABLE_YARR_JIT
|
|
/* Parse the pattern. */
|
|
ErrorCode yarrError;
|
|
YarrPattern yarrPattern(pattern, bool(flags & IgnoreCaseFlag), bool(flags & MultilineFlag),
|
|
&yarrError);
|
|
diff --git a/js/src/vm/RegExpObject.h b/js/src/vm/RegExpObject.h
|
|
--- a/js/src/vm/RegExpObject.h
|
|
+++ b/js/src/vm/RegExpObject.h
|
|
@@ -46,20 +46,18 @@
|
|
#include <stddef.h>
|
|
#include "jsobj.h"
|
|
|
|
#include "js/TemplateLib.h"
|
|
|
|
#include "yarr/Yarr.h"
|
|
#if ENABLE_YARR_JIT
|
|
#include "yarr/YarrJIT.h"
|
|
+#endif
|
|
#include "yarr/YarrSyntaxChecker.h"
|
|
-#else
|
|
-#include "yarr/pcre/pcre.h"
|
|
-#endif
|
|
|
|
/*
|
|
* JavaScript Regular Expressions
|
|
*
|
|
* There are several engine concepts associated with a single logical regexp:
|
|
*
|
|
* RegExpObject - The JS-visible object whose .[[Class]] equals "RegExp"
|
|
*
|
|
diff --git a/js/src/yarr/wtfbridge.h b/js/src/yarr/wtfbridge.h
|
|
--- a/js/src/yarr/wtfbridge.h
|
|
+++ b/js/src/yarr/wtfbridge.h
|
|
@@ -44,19 +44,17 @@
|
|
* WTF compatibility layer. This file provides various type and data
|
|
* definitions for use by Yarr.
|
|
*/
|
|
|
|
#include "jsstr.h"
|
|
#include "jsprvtd.h"
|
|
#include "vm/String.h"
|
|
#include "assembler/wtf/Platform.h"
|
|
-#if ENABLE_YARR_JIT
|
|
#include "assembler/jit/ExecutableAllocator.h"
|
|
-#endif
|
|
|
|
namespace JSC { namespace Yarr {
|
|
|
|
/*
|
|
* Basic type definitions.
|
|
*/
|
|
|
|
typedef jschar UChar;
|