diff options
Diffstat (limited to 'ipc/chromium/src/third_party/libevent/patches/backport-upstream-fixes.patch')
-rw-r--r-- | ipc/chromium/src/third_party/libevent/patches/backport-upstream-fixes.patch | 280 |
1 files changed, 280 insertions, 0 deletions
diff --git a/ipc/chromium/src/third_party/libevent/patches/backport-upstream-fixes.patch b/ipc/chromium/src/third_party/libevent/patches/backport-upstream-fixes.patch new file mode 100644 index 000000000..2334d814b --- /dev/null +++ b/ipc/chromium/src/third_party/libevent/patches/backport-upstream-fixes.patch @@ -0,0 +1,280 @@ +Bug 1343453 - Backport fixes for upstream issues #317, #318, #332, and #335. + +diff --git a/ipc/chromium/src/third_party/libevent/README.mozilla b/ipc/chromium/src/third_party/libevent/README.mozilla +--- a/ipc/chromium/src/third_party/libevent/README.mozilla ++++ b/ipc/chromium/src/third_party/libevent/README.mozilla +@@ -36,8 +36,11 @@ ipc/chromium/src/third_party/libevent/pa + architecture (which does not provide deprecated syscalls). + + - "dont-use-issetugid-on-android.patch". This fixes the build on Android L + preview. + + - "avoid-empty-sighandler.patch". This fixes some OS X crashes. + + - "android64_support.patch". This fixes Android 64-bit support. ++ ++- "backport-upstream-fixes.patch". Backports a few upstream fixes from 2.1.x ++ to our in-tree copy of 2.0.21. +diff --git a/ipc/chromium/src/third_party/libevent/buffer.c b/ipc/chromium/src/third_party/libevent/buffer.c +--- a/ipc/chromium/src/third_party/libevent/buffer.c ++++ b/ipc/chromium/src/third_party/libevent/buffer.c +@@ -1539,17 +1539,21 @@ evbuffer_add(struct evbuffer *buf, const + int result = -1; + + EVBUFFER_LOCK(buf); + + if (buf->freeze_end) { + goto done; + } + +- chain = buf->last; ++ if (*buf->last_with_datap == NULL) { ++ chain = buf->last; ++ } else { ++ chain = *buf->last_with_datap; ++ } + + /* If there are no chains allocated for this buffer, allocate one + * big enough to hold all the data. */ + if (chain == NULL) { + chain = evbuffer_chain_new(datlen); + if (!chain) + goto done; + evbuffer_chain_insert(buf, chain); +diff --git a/ipc/chromium/src/third_party/libevent/evdns.c b/ipc/chromium/src/third_party/libevent/evdns.c +--- a/ipc/chromium/src/third_party/libevent/evdns.c ++++ b/ipc/chromium/src/third_party/libevent/evdns.c +@@ -947,17 +947,16 @@ name_parse(u8 *packet, int length, int * + /* Normally, names are a series of length prefixed strings terminated */ + /* with a length of 0 (the lengths are u8's < 63). */ + /* However, the length can start with a pair of 1 bits and that */ + /* means that the next 14 bits are a pointer within the current */ + /* packet. */ + + for (;;) { + u8 label_len; +- if (j >= length) return -1; + GET8(label_len); + if (!label_len) break; + if (label_len & 0xc0) { + u8 ptr_low; + GET8(ptr_low); + if (name_end < 0) name_end = j; + j = (((int)label_len & 0x3f) << 8) + ptr_low; + /* Make sure that the target offset is in-bounds. */ +@@ -968,16 +967,17 @@ name_parse(u8 *packet, int length, int * + continue; + } + if (label_len > 63) return -1; + if (cp != name_out) { + if (cp + 1 >= end) return -1; + *cp++ = '.'; + } + if (cp + label_len >= end) return -1; ++ if (j + label_len > length) return -1; + memcpy(cp, packet + j, label_len); + cp += label_len; + j += label_len; + } + if (cp >= end) return -1; + *cp = '\0'; + if (name_end < 0) + *idx = j; +@@ -3102,19 +3102,22 @@ search_set_from_hostname(struct evdns_ba + if (!domainname) return; + search_postfix_add(base, domainname); + } + + /* warning: returns malloced string */ + static char * + search_make_new(const struct search_state *const state, int n, const char *const base_name) { + const size_t base_len = strlen(base_name); +- const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; ++ char need_to_append_dot; + struct search_domain *dom; + ++ if (!base_len) return NULL; ++ need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; ++ + for (dom = state->head; dom; dom = dom->next) { + if (!n--) { + /* this is the postfix we want */ + /* the actual postfix string is kept at the end of the structure */ + const u8 *const postfix = ((u8 *) dom) + sizeof(struct search_domain); + const int postfix_len = dom->len; + char *const newname = (char *) mm_malloc(base_len + need_to_append_dot + postfix_len + 1); + if (!newname) return NULL; +diff --git a/ipc/chromium/src/third_party/libevent/evutil.c b/ipc/chromium/src/third_party/libevent/evutil.c +--- a/ipc/chromium/src/third_party/libevent/evutil.c ++++ b/ipc/chromium/src/third_party/libevent/evutil.c +@@ -1803,22 +1803,22 @@ evutil_parse_sockaddr_port(const char *i + * ipv6 + * [ipv6] + * ipv4:port + * ipv4 + */ + + cp = strchr(ip_as_string, ':'); + if (*ip_as_string == '[') { +- int len; ++ size_t len; + if (!(cp = strchr(ip_as_string, ']'))) { + return -1; + } +- len = (int) ( cp-(ip_as_string + 1) ); +- if (len > (int)sizeof(buf)-1) { ++ len = ( cp-(ip_as_string + 1) ); ++ if (len > sizeof(buf)-1) { + return -1; + } + memcpy(buf, ip_as_string+1, len); + buf[len] = '\0'; + addr_part = buf; + if (cp[1] == ':') + port_part = cp+2; + else +diff --git a/ipc/chromium/src/third_party/libevent/patches/backport-upstream-fixes.patch b/ipc/chromium/src/third_party/libevent/patches/backport-upstream-fixes.patch +new file mode 100644 +--- /dev/null ++++ b/ipc/chromium/src/third_party/libevent/patches/backport-upstream-fixes.patch +@@ -0,0 +1,140 @@ ++Bug 1343453 - Backport fixes for upstream issues #317, #318, #332, #335, and #340. ++ ++diff --git a/ipc/chromium/src/third_party/libevent/buffer.c b/ipc/chromium/src/third_party/libevent/buffer.c ++--- a/ipc/chromium/src/third_party/libevent/buffer.c +++++ b/ipc/chromium/src/third_party/libevent/buffer.c ++@@ -1553,17 +1553,21 @@ evbuffer_add(struct evbuffer *buf, const ++ if (buf->freeze_end) { ++ goto done; ++ } ++ /* Prevent buf->total_len overflow */ ++ if (datlen > EV_SIZE_MAX - buf->total_len) { ++ goto done; ++ } ++ ++- chain = buf->last; +++ if (*buf->last_with_datap == NULL) { +++ chain = buf->last; +++ } else { +++ chain = *buf->last_with_datap; +++ } ++ ++ /* If there are no chains allocated for this buffer, allocate one ++ * big enough to hold all the data. */ ++ if (chain == NULL) { ++ chain = evbuffer_chain_new(datlen); ++ if (!chain) ++ goto done; ++ evbuffer_chain_insert(buf, chain); ++@@ -1795,18 +1799,17 @@ evbuffer_expand_singlechain(struct evbuf ++ * it, use the next chunk after it, or If we add a new chunk, we waste ++ * CHAIN_SPACE_LEN(chain) bytes in the former last chunk. If we ++ * resize, we have to copy chain->off bytes. ++ */ ++ ++ /* Would expanding this chunk be affordable and worthwhile? */ ++ if (CHAIN_SPACE_LEN(chain) < chain->buffer_len / 8 || ++ chain->off > MAX_TO_COPY_IN_EXPAND || ++- (datlen < EVBUFFER_CHAIN_MAX && ++- EVBUFFER_CHAIN_MAX - datlen >= chain->off)) { +++ datlen >= (EVBUFFER_CHAIN_MAX - chain->off)) { ++ /* It's not worth resizing this chain. Can the next one be ++ * used? */ ++ if (chain->next && CHAIN_SPACE_LEN(chain->next) >= datlen) { ++ /* Yes, we can just use the next chain (which should ++ * be empty. */ ++ result = chain->next; ++ goto ok; ++ } else { ++diff --git a/ipc/chromium/src/third_party/libevent/evdns.c b/ipc/chromium/src/third_party/libevent/evdns.c ++--- a/ipc/chromium/src/third_party/libevent/evdns.c +++++ b/ipc/chromium/src/third_party/libevent/evdns.c ++@@ -955,17 +955,16 @@ name_parse(u8 *packet, int length, int * ++ /* Normally, names are a series of length prefixed strings terminated */ ++ /* with a length of 0 (the lengths are u8's < 63). */ ++ /* However, the length can start with a pair of 1 bits and that */ ++ /* means that the next 14 bits are a pointer within the current */ ++ /* packet. */ ++ ++ for (;;) { ++ u8 label_len; ++- if (j >= length) return -1; ++ GET8(label_len); ++ if (!label_len) break; ++ if (label_len & 0xc0) { ++ u8 ptr_low; ++ GET8(ptr_low); ++ if (name_end < 0) name_end = j; ++ j = (((int)label_len & 0x3f) << 8) + ptr_low; ++ /* Make sure that the target offset is in-bounds. */ ++@@ -976,16 +975,17 @@ name_parse(u8 *packet, int length, int * ++ continue; ++ } ++ if (label_len > 63) return -1; ++ if (cp != name_out) { ++ if (cp + 1 >= end) return -1; ++ *cp++ = '.'; ++ } ++ if (cp + label_len >= end) return -1; +++ if (j + label_len > length) return -1; ++ memcpy(cp, packet + j, label_len); ++ cp += label_len; ++ j += label_len; ++ } ++ if (cp >= end) return -1; ++ *cp = '\0'; ++ if (name_end < 0) ++ *idx = j; ++@@ -3117,19 +3117,22 @@ search_set_from_hostname(struct evdns_ba ++ if (!domainname) return; ++ search_postfix_add(base, domainname); ++ } ++ ++ /* warning: returns malloced string */ ++ static char * ++ search_make_new(const struct search_state *const state, int n, const char *const base_name) { ++ const size_t base_len = strlen(base_name); ++- const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; +++ char need_to_append_dot; ++ struct search_domain *dom; ++ +++ if (!base_len) return NULL; +++ need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; +++ ++ for (dom = state->head; dom; dom = dom->next) { ++ if (!n--) { ++ /* this is the postfix we want */ ++ /* the actual postfix string is kept at the end of the structure */ ++ const u8 *const postfix = ((u8 *) dom) + sizeof(struct search_domain); ++ const int postfix_len = dom->len; ++ char *const newname = (char *) mm_malloc(base_len + need_to_append_dot + postfix_len + 1); ++ if (!newname) return NULL; ++diff --git a/ipc/chromium/src/third_party/libevent/evutil.c b/ipc/chromium/src/third_party/libevent/evutil.c ++--- a/ipc/chromium/src/third_party/libevent/evutil.c +++++ b/ipc/chromium/src/third_party/libevent/evutil.c ++@@ -1803,22 +1803,22 @@ evutil_parse_sockaddr_port(const char *i ++ * ipv6 ++ * [ipv6] ++ * ipv4:port ++ * ipv4 ++ */ ++ ++ cp = strchr(ip_as_string, ':'); ++ if (*ip_as_string == '[') { ++- int len; +++ size_t len; ++ if (!(cp = strchr(ip_as_string, ']'))) { ++ return -1; ++ } ++- len = (int) ( cp-(ip_as_string + 1) ); ++- if (len > (int)sizeof(buf)-1) { +++ len = ( cp-(ip_as_string + 1) ); +++ if (len > sizeof(buf)-1) { ++ return -1; ++ } ++ memcpy(buf, ip_as_string+1, len); ++ buf[len] = '\0'; ++ addr_part = buf; ++ if (cp[1] == ':') ++ port_part = cp+2; ++ else |