This is an automated email from the git hooks/post-receive script.
richard pushed a change to branch tor-browser-91.13.0esr-11.5-1 in repository tor-browser.
from 8c726e5410ee fixup! Bug 10760: Integrate TorButton to TorBrowser core new 42daa55746cc Bug 1789128 - Always call LoadInfo::GetPerformanceStorage(). r=smaug, a=RyanVM new a64caa96bc9f Bug 1791520: Add some keep alive annotations. r=jandem a=pascalc new b0dab0834f6b Bug 1789439 - Don't allow reentrant programmatic print calls. r=smaug,peterv a=pascalc new bb7b3aa30418 Bug 1789439 - Throw rather than logging an error when tab-modal print is already open. r=mstriemer a=pascalc new 4c3730eeca57 Bug 1789439 - Fix browser_modal_print.js after previous patch. a=pascalc new dfbfb21bef07 Bug 1789729 - Implement webgl.max-size-per-texture-mib r=jgilbert a=RyanVM new 58b189015a44 Bug 1792041 - Add a value for DEL to kBase64URLDecodeTable and have static asserts for lookup tables' length. r=xpcom-reviewers,nika a=RyanVM new 9cdb667c62f2 Bug 1791598 - Ensure raw tagnames are safe exiting internalEntityParser. r=mccr8
The 8 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
Summary of changes: dom/base/nsGlobalWindowOuter.cpp | 7 +++-- dom/canvas/WebGLTextureUpload.cpp | 33 +++++++++++++++++----- dom/ipc/ContentChild.cpp | 22 +++++++++------ dom/ipc/ContentChild.h | 5 ++-- dom/ipc/ContentParent.cpp | 10 +++++-- dom/ipc/ContentParent.h | 5 ++-- dom/ipc/PContent.ipdl | 3 +- js/src/jit/IonAnalysis.cpp | 4 +++ modules/libpref/init/StaticPrefList.yaml | 5 ++++ netwerk/protocol/http/HttpBaseChannel.cpp | 19 +++++-------- netwerk/protocol/http/HttpBaseChannel.h | 1 - parser/expat/lib/xmlparse.c | 10 +++++-- toolkit/components/printing/content/printUtils.js | 2 +- .../printing/tests/browser_modal_print.js | 15 ++++++---- xpcom/io/Base64.cpp | 24 ++++++++-------- 15 files changed, 107 insertions(+), 58 deletions(-)
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1 in repository tor-browser.
commit 42daa55746cc9cbe7d1ef63cb0d547e7b6eaf2ab Author: Valentin Gosu valentin.gosu@gmail.com AuthorDate: Tue Sep 20 15:27:44 2022 +0000
Bug 1789128 - Always call LoadInfo::GetPerformanceStorage(). r=smaug, a=RyanVM --- dom/ipc/ContentChild.cpp | 22 ++++++++++++++-------- dom/ipc/ContentChild.h | 5 +++-- dom/ipc/ContentParent.cpp | 10 +++++++--- dom/ipc/ContentParent.h | 5 +++-- dom/ipc/PContent.ipdl | 3 ++- netwerk/protocol/http/HttpBaseChannel.cpp | 19 +++++++------------ netwerk/protocol/http/HttpBaseChannel.h | 1 - 7 files changed, 36 insertions(+), 29 deletions(-)
diff --git a/dom/ipc/ContentChild.cpp b/dom/ipc/ContentChild.cpp index 4f971ce8c5d3..c2f518542ee3 100644 --- a/dom/ipc/ContentChild.cpp +++ b/dom/ipc/ContentChild.cpp @@ -4138,24 +4138,30 @@ mozilla::ipc::IPCResult ContentChild::RecvScriptError( }
mozilla::ipc::IPCResult ContentChild::RecvReportFrameTimingData( - uint64_t innerWindowId, const nsString& entryName, + const mozilla::Maybe<LoadInfoArgs>& loadInfoArgs, const nsString& entryName, const nsString& initiatorType, UniquePtr<PerformanceTimingData>&& aData) { if (!aData) { return IPC_FAIL(this, "aData should not be null"); }
- auto* innerWindow = nsGlobalWindowInner::GetInnerWindowWithId(innerWindowId); - if (!innerWindow) { - return IPC_OK(); + if (loadInfoArgs.isNothing()) { + return IPC_FAIL(this, "loadInfoArgs should not be null"); }
- mozilla::dom::Performance* performance = innerWindow->GetPerformance(); - if (!performance) { + nsCOMPtr<nsILoadInfo> loadInfo; + nsresult rv = mozilla::ipc::LoadInfoArgsToLoadInfo(loadInfoArgs, + getter_AddRefs(loadInfo)); + if (NS_FAILED(rv)) { + MOZ_DIAGNOSTIC_ASSERT(false, "LoadInfoArgsToLoadInfo failed"); return IPC_OK(); }
- performance->AsPerformanceStorage()->AddEntry(entryName, initiatorType, - std::move(aData)); + // It is important to call LoadInfo::GetPerformanceStorage instead of simply + // getting the performance object via the innerWindowID in order to perform + // necessary cross origin checks. + if (PerformanceStorage* storage = loadInfo->GetPerformanceStorage()) { + storage->AddEntry(entryName, initiatorType, std::move(aData)); + } return IPC_OK(); }
diff --git a/dom/ipc/ContentChild.h b/dom/ipc/ContentChild.h index 2babe20eb6f7..b55c11ad2a2c 100644 --- a/dom/ipc/ContentChild.h +++ b/dom/ipc/ContentChild.h @@ -757,8 +757,9 @@ class ContentChild final : public PContentChild, const uint64_t& aInnerWindowId, const bool& aFromChromeContext);
mozilla::ipc::IPCResult RecvReportFrameTimingData( - uint64_t innerWindowId, const nsString& entryName, - const nsString& initiatorType, UniquePtr<PerformanceTimingData>&& aData); + const mozilla::Maybe<LoadInfoArgs>& loadInfoArgs, + const nsString& entryName, const nsString& initiatorType, + UniquePtr<PerformanceTimingData>&& aData);
mozilla::ipc::IPCResult RecvLoadURI( const MaybeDiscarded<BrowsingContext>& aContext, diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp index 9e11d81a395d..c5eeba70b029 100644 --- a/dom/ipc/ContentParent.cpp +++ b/dom/ipc/ContentParent.cpp @@ -4680,14 +4680,18 @@ mozilla::ipc::IPCResult ContentParent::RecvConsoleMessage( }
mozilla::ipc::IPCResult ContentParent::RecvReportFrameTimingData( - uint64_t aInnerWindowId, const nsString& entryName, + const mozilla::Maybe<LoadInfoArgs>& loadInfoArgs, const nsString& entryName, const nsString& initiatorType, UniquePtr<PerformanceTimingData>&& aData) { if (!aData) { return IPC_FAIL(this, "aData should not be null"); }
+ if (loadInfoArgs.isNothing()) { + return IPC_FAIL(this, "loadInfoArgs should not be null"); + } + RefPtr<WindowGlobalParent> parent = - WindowGlobalParent::GetByInnerWindowId(aInnerWindowId); + WindowGlobalParent::GetByInnerWindowId(loadInfoArgs->innerWindowID()); if (!parent || !parent->GetContentParent()) { return IPC_OK(); } @@ -4696,7 +4700,7 @@ mozilla::ipc::IPCResult ContentParent::RecvReportFrameTimingData( "No need to bounce around if in the same process");
Unused << parent->GetContentParent()->SendReportFrameTimingData( - aInnerWindowId, entryName, initiatorType, std::move(aData)); + loadInfoArgs, entryName, initiatorType, std::move(aData)); return IPC_OK(); }
diff --git a/dom/ipc/ContentParent.h b/dom/ipc/ContentParent.h index 98e9f70a7b47..5239b6f2934a 100644 --- a/dom/ipc/ContentParent.h +++ b/dom/ipc/ContentParent.h @@ -1099,8 +1099,9 @@ class ContentParent final const uint64_t& aInnerWindowId, const bool& aIsFromChromeContext);
mozilla::ipc::IPCResult RecvReportFrameTimingData( - uint64_t innerWindowId, const nsString& entryName, - const nsString& initiatorType, UniquePtr<PerformanceTimingData>&& aData); + const mozilla::Maybe<LoadInfoArgs>& loadInfoArgs, + const nsString& entryName, const nsString& initiatorType, + UniquePtr<PerformanceTimingData>&& aData);
mozilla::ipc::IPCResult RecvScriptErrorWithStack( const nsString& aMessage, const nsString& aSourceName, diff --git a/dom/ipc/PContent.ipdl b/dom/ipc/PContent.ipdl index 01a38cfb2e96..b4747302f50f 100644 --- a/dom/ipc/PContent.ipdl +++ b/dom/ipc/PContent.ipdl @@ -1719,9 +1719,10 @@ both: * another process. Child frame will send data to its ContentParent which * will then identify the ContentParent for the innerWindowId and pass * the data to the correct process. + * loadInfo is passed in order to enforce same-origin security checks * aData must be non-null. */ - async ReportFrameTimingData(uint64_t innerWindowId, nsString entryName, + async ReportFrameTimingData(LoadInfoArgs? loadInfo, nsString entryName, nsString initiatorType, UniquePtr<PerformanceTimingData> aData);
diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp index e77789105095..7044f92829d7 100644 --- a/netwerk/protocol/http/HttpBaseChannel.cpp +++ b/netwerk/protocol/http/HttpBaseChannel.cpp @@ -5013,29 +5013,22 @@ IMPL_TIMING_ATTR(RedirectEnd)
#undef IMPL_TIMING_ATTR
-mozilla::dom::PerformanceStorage* HttpBaseChannel::GetPerformanceStorage() { +void HttpBaseChannel::MaybeReportTimingData() { // If performance timing is disabled, there is no need for the Performance // object anymore. if (!LoadTimingEnabled()) { - return nullptr; + return; }
// There is no point in continuing, since the performance object in the parent // isn't the same as the one in the child which will be reporting resource // performance. - if (XRE_IsE10sParentProcess()) { - return nullptr; - } - return mLoadInfo->GetPerformanceStorage(); -} - -void HttpBaseChannel::MaybeReportTimingData() { if (XRE_IsE10sParentProcess()) { return; }
mozilla::dom::PerformanceStorage* documentPerformance = - GetPerformanceStorage(); + mLoadInfo->GetPerformanceStorage(); if (documentPerformance) { documentPerformance->AddEntry(this, this); return; @@ -5058,8 +5051,10 @@ void HttpBaseChannel::MaybeReportTimingData() { if (!performanceTimingData) { return; } - child->SendReportFrameTimingData(mLoadInfo->GetInnerWindowID(), entryName, - initiatorType, + + Maybe<LoadInfoArgs> loadInfoArgs; + mozilla::ipc::LoadInfoToLoadInfoArgs(mLoadInfo, &loadInfoArgs); + child->SendReportFrameTimingData(loadInfoArgs, entryName, initiatorType, std::move(performanceTimingData)); } } diff --git a/netwerk/protocol/http/HttpBaseChannel.h b/netwerk/protocol/http/HttpBaseChannel.h index c6517298c33f..64e0e283f2e9 100644 --- a/netwerk/protocol/http/HttpBaseChannel.h +++ b/netwerk/protocol/http/HttpBaseChannel.h @@ -545,7 +545,6 @@ class HttpBaseChannel : public nsHashPropertyBag, // was fired. void NotifySetCookie(const nsACString& aCookie);
- mozilla::dom::PerformanceStorage* GetPerformanceStorage(); void MaybeReportTimingData(); nsIURI* GetReferringPage(); nsPIDOMWindowInner* GetInnerDOMWindow();
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1 in repository tor-browser.
commit a64caa96bc9f1ebfb01c9dd74eb656f3837a85a4 Author: André Bargull andre.bargull@gmail.com AuthorDate: Thu Oct 6 18:22:12 2022 +0000
Bug 1791520: Add some keep alive annotations. r=jandem a=pascalc
Differential Revision: https://phabricator.services.mozilla.com/D157735 --- js/src/jit/IonAnalysis.cpp | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/js/src/jit/IonAnalysis.cpp b/js/src/jit/IonAnalysis.cpp index fe8fede6852e..1bc941d44230 100644 --- a/js/src/jit/IonAnalysis.cpp +++ b/js/src/jit/IonAnalysis.cpp @@ -3392,6 +3392,10 @@ static bool NeedsKeepAlive(MInstruction* slotsOrElements, MInstruction* use) { return true; }
+ if (use->type() == MIRType::BigInt) { + return true; + } + MBasicBlock* block = use->block(); MInstructionIterator iter(block->begin(slotsOrElements)); MOZ_ASSERT(*iter == slotsOrElements);
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1 in repository tor-browser.
commit b0dab0834f6b13356c897f74711d47250addbcb5 Author: Emilio Cobos Álvarez emilio@crisal.io AuthorDate: Thu Sep 15 15:37:56 2022 +0000
Bug 1789439 - Don't allow reentrant programmatic print calls. r=smaug,peterv a=pascalc
Differential Revision: https://phabricator.services.mozilla.com/D156682 --- dom/base/nsGlobalWindowOuter.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/dom/base/nsGlobalWindowOuter.cpp b/dom/base/nsGlobalWindowOuter.cpp index e981573e9822..08fbebd4bc03 100644 --- a/dom/base/nsGlobalWindowOuter.cpp +++ b/dom/base/nsGlobalWindowOuter.cpp @@ -5220,14 +5220,17 @@ void nsGlobalWindowOuter::PrintOuter(ErrorResult& aError) { #ifdef NS_PRINTING RefPtr<BrowsingContext> top = mBrowsingContext ? mBrowsingContext->Top() : nullptr; - bool oldIsPrinting = top && top->GetIsPrinting(); + if (NS_WARN_IF(top && top->GetIsPrinting())) { + return; + } + if (top) { Unused << top->SetIsPrinting(true); }
auto unset = MakeScopeExit([&] { if (top) { - Unused << top->SetIsPrinting(oldIsPrinting); + Unused << top->SetIsPrinting(false); } });
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1 in repository tor-browser.
commit bb7b3aa304180e97b76ecc775f6c6b209db91711 Author: Emilio Cobos Álvarez emilio@crisal.io AuthorDate: Thu Sep 15 15:37:57 2022 +0000
Bug 1789439 - Throw rather than logging an error when tab-modal print is already open. r=mstriemer a=pascalc
If we succeed but return null, we end up retargeting to a new window here:
https://searchfox.org/mozilla-central/rev/3aaca0a12a2d1463da54933bdbdae2f06f...
Which is bad.
Depends on D156682
Differential Revision: https://phabricator.services.mozilla.com/D156683 --- toolkit/components/printing/content/printUtils.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/toolkit/components/printing/content/printUtils.js b/toolkit/components/printing/content/printUtils.js index 6355affb1fcc..99ab4aef2148 100644 --- a/toolkit/components/printing/content/printUtils.js +++ b/toolkit/components/printing/content/printUtils.js @@ -197,7 +197,7 @@ var PrintUtils = { // XXX This can be racy can't it? getPreviewBrowser looks at browser that // we set up after opening the dialog. But I guess worst case we just // open two dialogs so... - return { promise: Promise.reject(), browser: null }; + throw new Error("Tab-modal print UI already open"); }
// Create the print preview dialog.
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1 in repository tor-browser.
commit 4c3730eeca570e181388d23b2bf5d2aa5e1a89f2 Author: Emilio Cobos Álvarez emilio@crisal.io AuthorDate: Thu Sep 15 09:48:12 2022 -0700
Bug 1789439 - Fix browser_modal_print.js after previous patch. a=pascalc
MANUAL PUSH: Orange fix CLOSED TREE --- toolkit/components/printing/tests/browser_modal_print.js | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/toolkit/components/printing/tests/browser_modal_print.js b/toolkit/components/printing/tests/browser_modal_print.js index e1f09894bf01..1b57d4caa101 100644 --- a/toolkit/components/printing/tests/browser_modal_print.js +++ b/toolkit/components/printing/tests/browser_modal_print.js @@ -40,12 +40,15 @@ add_task(async function testPrintMultiple() { assertExpectedPrintPage(helper);
// Trigger the command a few more times, verify the overlay still exists. - await helper.startPrint(); - helper.assertDialogOpen(); - await helper.startPrint(); - helper.assertDialogOpen(); - await helper.startPrint(); - helper.assertDialogOpen(); + ignoreAllUncaughtExceptions(true); + for (let i = 0; i < 3; ++i) { + try { + await helper.startPrint(); + } finally { + helper.assertDialogOpen(); + } + } + ignoreAllUncaughtExceptions(false);
// Verify it's still the correct page. assertExpectedPrintPage(helper);
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1 in repository tor-browser.
commit dfbfb21bef071a5504b5a67c6f384683b5cd37ae Author: Ashly Hale ahale@mozilla.com AuthorDate: Mon Oct 3 13:27:12 2022 +0000
Bug 1789729 - Implement webgl.max-size-per-texture-mib r=jgilbert a=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D156903 --- dom/canvas/WebGLTextureUpload.cpp | 33 +++++++++++++++++++++++++------- modules/libpref/init/StaticPrefList.yaml | 5 +++++ 2 files changed, 31 insertions(+), 7 deletions(-)
diff --git a/dom/canvas/WebGLTextureUpload.cpp b/dom/canvas/WebGLTextureUpload.cpp index 56d29e1c3e97..fd70799e6777 100644 --- a/dom/canvas/WebGLTextureUpload.cpp +++ b/dom/canvas/WebGLTextureUpload.cpp @@ -752,9 +752,27 @@ static bool ValidateCompressedTexImageRestrictions( return true; }
-static bool ValidateTargetForFormat(const WebGLContext* webgl, - TexImageTarget target, - const webgl::FormatInfo* format) { +static bool ValidateFormatAndSize(const WebGLContext* webgl, + TexImageTarget target, + const webgl::FormatInfo* format, + const uvec3& size) { + // Check if texture size will likely be rejected by the driver and give a more + // meaningful error message. + auto baseImageSize = CheckedInt<uint64_t>(format->estimatedBytesPerPixel) * + (uint32_t)size.x * (uint32_t)size.y * (uint32_t)size.z; + if (target == LOCAL_GL_TEXTURE_CUBE_MAP) { + baseImageSize *= 6; + } + if (!baseImageSize.isValid() || + baseImageSize.value() > + (uint64_t)StaticPrefs::webgl_max_size_per_texture_mib() * + (1024 * 1024)) { + webgl->ErrorOutOfMemory( + "Texture size too large; base image mebibytes > " + "webgl.max-size-per-texture-mib"); + return false; + } + // GLES 3.0.4 p127: // "Textures with a base internal format of DEPTH_COMPONENT or DEPTH_STENCIL // are supported by texture image specification commands only if `target` is @@ -822,7 +840,7 @@ void WebGLTexture::TexStorage(TexTarget target, uint32_t levels, } auto dstFormat = dstUsage->format;
- if (!ValidateTargetForFormat(mContext, testTarget, dstFormat)) return; + if (!ValidateFormatAndSize(mContext, testTarget, dstFormat, size)) return;
if (dstFormat->compression) { if (!ValidateCompressedTexImageRestrictions(mContext, testTarget, 0, @@ -987,7 +1005,7 @@ void WebGLTexture::TexImage(uint32_t level, GLenum respecFormat, }
const auto& dstFormat = dstUsage->format; - if (!ValidateTargetForFormat(mContext, imageTarget, dstFormat)) return; + if (!ValidateFormatAndSize(mContext, imageTarget, dstFormat, size)) return;
if (!mContext->IsWebGL2() && dstFormat->d) { if (imageTarget != LOCAL_GL_TEXTURE_2D || blob->HasData() || level != 0) { @@ -1179,7 +1197,8 @@ void WebGLTexture::CompressedTexImage(bool sub, GLenum imageTarget, } MOZ_ASSERT(imageInfo);
- if (!ValidateTargetForFormat(mContext, imageTarget, usage->format)) return; + if (!ValidateFormatAndSize(mContext, imageTarget, usage->format, size)) + return; if (!ValidateCompressedTexImageRestrictions(mContext, imageTarget, level, usage->format, size)) { return; @@ -1815,7 +1834,7 @@ void WebGLTexture::CopyTexImage(GLenum imageTarget, uint32_t level, dstUsage = ValidateCopyDestUsage(mContext, srcFormat, respecFormat); if (!dstUsage) return;
- if (!ValidateTargetForFormat(mContext, imageTarget, dstUsage->format)) + if (!ValidateFormatAndSize(mContext, imageTarget, dstUsage->format, size)) return; } else { if (!ValidateTexImageSelection(imageTarget, level, dstOffset, size, diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml index 243585deecbf..b87714065456 100644 --- a/modules/libpref/init/StaticPrefList.yaml +++ b/modules/libpref/init/StaticPrefList.yaml @@ -11419,6 +11419,11 @@ value: 300 mirror: always
+- name: webgl.max-size-per-texture-mib + type: RelaxedAtomicUint32 + value: 1024 + mirror: always + - name: webgl.max-warnings-per-context type: RelaxedAtomicUint32 value: 32
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1 in repository tor-browser.
commit 58b189015a443ed8240317710b349bb277a0ec15 Author: Jens Stutte jstutte@mozilla.com AuthorDate: Thu Sep 29 21:56:28 2022 +0000
Bug 1792041 - Add a value for DEL to kBase64URLDecodeTable and have static asserts for lookup tables' length. r=xpcom-reviewers,nika a=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D158239 --- xpcom/io/Base64.cpp | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/xpcom/io/Base64.cpp b/xpcom/io/Base64.cpp index d7a07a102920..d490e4120a2b 100644 --- a/xpcom/io/Base64.cpp +++ b/xpcom/io/Base64.cpp @@ -276,26 +276,23 @@ static const uint8_t kBase64DecodeTable[] = { /* 112 */ 41, 42, 43, 44, 45, 46, 47, 48, /* 120 */ 49, 50, 51, 255, 255, 255, 255, 255, }; +static_assert(mozilla::ArrayLength(kBase64DecodeTable) == 0x80); // clang-format on
template <typename T> [[nodiscard]] bool Base64CharToValue(T aChar, uint8_t* aValue) { - static const size_t mask = 0x7f; - static_assert( - (mask + 1) == sizeof(kBase64DecodeTable) / sizeof(kBase64DecodeTable[0]), - "wrong mask"); size_t index = static_cast<uint8_t>(aChar); - - if (index & ~mask) { + if (index >= mozilla::ArrayLength(kBase64DecodeTable)) { + *aValue = 255; return false; } - *aValue = kBase64DecodeTable[index & mask]; - + *aValue = kBase64DecodeTable[index]; return *aValue != 255; }
static const char kBase64URLAlphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; +static_assert(mozilla::ArrayLength(kBase64URLAlphabet) == 0x41);
// Maps an encoded character to a value in the Base64 URL alphabet, per // RFC 4648, Table 2. Invalid input characters map to UINT8_MAX. @@ -318,14 +315,19 @@ static const uint8_t kBase64URLDecodeTable[] = { 255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, /* a - z */ - 255, 255, 255, 255, + 255, 255, 255, 255, 255, }; +static_assert(mozilla::ArrayLength(kBase64URLDecodeTable) == 0x80); // clang-format on
bool Base64URLCharToValue(char aChar, uint8_t* aValue) { uint8_t index = static_cast<uint8_t>(aChar); - *aValue = kBase64URLDecodeTable[index & 0x7f]; - return (*aValue != 255) && !(index & ~0x7f); + if (index >= mozilla::ArrayLength(kBase64URLDecodeTable)) { + *aValue = 255; + return false; + } + *aValue = kBase64URLDecodeTable[index]; + return *aValue != 255; }
} // namespace
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1 in repository tor-browser.
commit 9cdb667c62f2ab1e16be55f64f7091272ed98306 Author: Peter Van der Beken peterv@propagandism.org AuthorDate: Mon Oct 10 12:15:38 2022 +0000
Bug 1791598 - Ensure raw tagnames are safe exiting internalEntityParser. r=mccr8
Differential Revision: https://phabricator.services.mozilla.com/D158770 --- parser/expat/lib/xmlparse.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/parser/expat/lib/xmlparse.c b/parser/expat/lib/xmlparse.c index 46919e985e72..05d5f0221e47 100644 --- a/parser/expat/lib/xmlparse.c +++ b/parser/expat/lib/xmlparse.c @@ -5642,8 +5642,14 @@ internalEntityProcessor(XML_Parser parser, { processor = contentProcessor; /* see externalEntityContentProcessor vs contentProcessor */ - return doContent(parser, parentParser ? 1 : 0, encoding, s, end, - nextPtr, (XML_Bool)!ps_finalBuffer); + result = doContent(parser, parser->m_parentParser ? 1 : 0, + parser->m_encoding, s, end, nextPtr, + (XML_Bool)! parser->m_parsingStatus.finalBuffer); + if (result == XML_ERROR_NONE) { + if (! storeRawNames(parser)) + return XML_ERROR_NO_MEMORY; + } + return result; } }
tbb-commits@lists.torproject.org