guix/gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch
Mark H Weaver 9f8552fab5 gnu: icecat: Apply security updates for CVE-2014-{1587,1590,1592,1593,1594}.
* gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch,
  gnu/packages/patches/icecat-CVE-2014-1587-bug-1072847.patch,
  gnu/packages/patches/icecat-CVE-2014-1587-bug-1079729.patch,
  gnu/packages/patches/icecat-CVE-2014-1587-bug-1080312.patch,
  gnu/packages/patches/icecat-CVE-2014-1587-bug-1089207.patch,
  gnu/packages/patches/icecat-CVE-2014-1590.patch,
  gnu/packages/patches/icecat-CVE-2014-1592.patch,
  gnu/packages/patches/icecat-CVE-2014-1593.patch,
  gnu/packages/patches/icecat-CVE-2014-1594.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat): Add them.
2014-12-15 20:42:53 -05:00

31 lines
1.4 KiB
Diff

commit 60529fc02cf10482d8fecd699eea271ddc22bcb9
Author: Jason Orendorff <jorendorff@mozilla.com>
Date: Thu Aug 28 15:43:57 2014 -0500
Bug 1042567 - Reflect JSPropertyOp properties more consistently as data properties. r=efaust, a=lmandel
Modified js/src/jsobj.cpp
diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp
index 2745509..ad336f3 100644
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -235,11 +235,18 @@ js::GetOwnPropertyDescriptor(JSContext *cx, HandleObject obj, HandleId id,
if (pobj->isNative()) {
desc.setAttributes(GetShapeAttributes(pobj, shape));
if (desc.hasGetterOrSetterObject()) {
+ MOZ_ASSERT(desc.isShared());
doGet = false;
if (desc.hasGetterObject())
desc.setGetterObject(shape->getterObject());
if (desc.hasSetterObject())
desc.setSetterObject(shape->setterObject());
+ } else {
+ // This is either a straight-up data property or (rarely) a
+ // property with a JSPropertyOp getter/setter. The latter must be
+ // reported to the caller as a plain data property, so don't
+ // populate desc.getter/setter, and mask away the SHARED bit.
+ desc.attributesRef() &= ~JSPROP_SHARED;
}
} else {
if (!JSObject::getGenericAttributes(cx, pobj, id, &desc.attributesRef()))