packages/firefox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!206 Fix CVE-2024-0745

Browse Source 
From: @jackssir 
Reviewed-by: @wk333 
Signed-off-by: @wk333
This commit is contained in:
openeuler-ci-bot 2024-08-29 03:12:03 +00:00 committed by Gitee
commit 398f070801
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 41 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
CVE-2024-0745.patch Normal file
View File

@ -0,0 +1,34 @@
From ac6bc755e84784d3bea75eb63b9156c49e95019c Mon Sep 17 00:00:00 2001
From: Karl Tomlinson <karlt+@karlt.net>
Date: Sun, 07 Jan 2024 23:24:05 +0000 (7 months ago)
Subject: [PATCH] CVE-2024-0745
---
dom/media/webaudio/OscillatorNode.cpp | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/dom/media/webaudio/OscillatorNode.cpp b/dom/media/webaudio/OscillatorNode.cpp
index 2089ce170c..1427f9ece0 100644
--- a/dom/media/webaudio/OscillatorNode.cpp
+++ b/dom/media/webaudio/OscillatorNode.cpp
@@ -293,7 +293,8 @@ class OscillatorNodeEngine final : public AudioNodeEngine {
return;
}
- if (ticks + WEBAUDIO_BLOCK_SIZE <= mStart || ticks >= mStop) {
+ if (ticks + WEBAUDIO_BLOCK_SIZE <= mStart || ticks >= mStop ||
+ mStop <= mStart) {
ComputeSilence(aOutput);
} else {
@@ -302,6 +303,7 @@ class OscillatorNodeEngine final : public AudioNodeEngine {
uint32_t start, end;
FillBounds(output, ticks, start, end);
+ MOZ_ASSERT(start < end);
// Synthesize the correct waveform.
switch (mType) {
--
2.33.0

9
firefox.spec
View File

@ -88,7 +88,7 @@
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 79.0 Version: 79.0
Release: 30 Release: 31
URL: https://www.mozilla.org/firefox/ URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@ -211,6 +211,7 @@ Patch667: CVE-2021-29984.patch
Patch668: CVE-2021-29988.patch Patch668: CVE-2021-29988.patch
Patch669: CVE-2021-23998.patch Patch669: CVE-2021-23998.patch
Patch670: CVE-2022-29912.patch Patch670: CVE-2022-29912.patch
Patch671: CVE-2024-0745.patch
%if %{?system_nss} %if %{?system_nss}
BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version} BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version}
@ -416,6 +417,7 @@ tar -xf %{SOURCE3}
%patch668 -p1 %patch668 -p1
%patch669 -p1 %patch669 -p1
%patch670 -p1 %patch670 -p1
%patch671 -p1
%{__rm} -f .mozconfig %{__rm} -f .mozconfig
%{__cp} %{SOURCE10} .mozconfig %{__cp} %{SOURCE10} .mozconfig
@ -864,8 +866,11 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%endif %endif
%changelog %changelog
* Wed Aug 14 2024 lvfei <lvfei@kylinos.cn> - 79.0-31
- Fix CVE-2024-0745
* Sat Aug 03 2024 lvfei <lvfei@kylinos.cn> - 79.0-30 * Sat Aug 03 2024 lvfei <lvfei@kylinos.cn> - 79.0-30
- Fix CVE-2022-29912.patch - Fix CVE-2022-29912
* Mon Jul 22 2024 technology208 <technology@208suo.com> - 79.0-29 * Mon Jul 22 2024 technology208 <technology@208suo.com> - 79.0-29
- Fix CVE-2021-23998 - Fix CVE-2021-23998