Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/profiling/.cargo-checksum.json+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/profiling/.cargo-checksum.json@@ -1 +1 @@-{"files":{"CHANGELOG.md":"c320908658063f54ae86ca35f294de10ac415b6f9e3fe1e57eeff18e48ec87d6","Cargo.lock":"7bbcbb6cf05624f36376b785d3ed44fca9c65c4e1fedfe45a2adbd9e433bd5a4","Cargo.toml":"9af4a2b32ad39fe398e0d9d7a747ede6c0cb179c1d7e3c850b5ceb0853632552","LICENSE-APACHE":"10d30a673cd5e9349bdc02aeb48f14b3386d27d0da32df8f0a555d4aa16aa551","LICENSE-MIT":"c8167fdeeed46d3f244d3f85c5bf998ce889343691c32be2c61a8bc4b5c08333","README.md":"69072115dbf6226b692b61b59614859eec7da816d839ff15fb2e166350f747a7","deny.toml":"be7c9c5b7046ecf143b20cc24da1693528685d5a873c8274ec0a561e3ec716a8","examples/puffin/NotoSans-Medium.ttf":"a0cf3e73ac27bff9a4c22f2807c84e1eb3d0740134e84f5455b0a39c14a76e11","examples/puffin/imgui_support.rs":"2bd5ff8808466a4e1b58aa0b273f7f88fc734ee703c1cf9ff74c29bc9ffa852d","examples/puffin/puffin.rs":"8ad5e4b37cc0c846287026dbd7523f65b5076dac12725f98566b20cddb29cba9","examples/puffin/renderer.rs":"2c978496fe70593892efb13828423ecf9585f9699180f86a592d66bb82a86d79","examples/puffin/shaders/compile_shaders.sh":"deb05796110c34178b87495adb7aa0abd8c3637effbdf1309b407113975050b2","examples/puffin/shaders/glsl/debug.frag":"e4a99b94f6d42aaf55b456e0afff41d3e0cf2e1217b9fa62a62d61f0b8d6ea4a","examples/puffin/shaders/glsl/debug.glsl":"e382ab582e1cc23d8f930f747856f3e264d1f63252e75e63feb37ba7cebb19b9","examples/puffin/shaders/glsl/debug.vert":"4a08d77df2f1093b25b10bae91404ca2215a2fbcb5874655073bc6610eec993a","examples/puffin/shaders/glsl/imgui.frag":"708cbf92892ff47129619fa4a1b49d8d92fd25c334ca1db297abdc3ff856bf75","examples/puffin/shaders/glsl/imgui.glsl":"f820afd23488f9f8923dc88d441fed7a8e8672167a478dde9c8da17ebe480f3a","examples/puffin/shaders/glsl/imgui.vert":"da01186c7a11792900e83288c1afbada7ecb880f72d119b0ae0b4fb96f1977ba","examples/puffin/shaders/out/debug.frag.cookedshaderpackage":"2545b1dbeb0dda1d06b18b3ed09ba489fde562d079b1e2581e9ebff458f91c82","examples/puffin/shaders/out/debug.frag.metal":"f97c896976106bf73b4619ef778f268a21e30530eae8af49b9d81a1c5923e6a0","examples/puffin/shaders/out/debug.frag.spv":"e5b04a0e7688141e0fc8183b06a11ed71e55872e959f1b0f223a706776d65d0c","examples/puffin/shaders/out/debug.vert.cookedshaderpackage":"ade377d4d230ccbb73abf662966cb4cf432367b96d76db4fa5a6587c382580d2","examples/puffin/shaders/out/debug.vert.metal":"00927df96045f93d2567f51d3078d86fafdd25e32d26815cd9ea29919eb7c66e","examples/puffin/shaders/out/debug.vert.spv":"587ee6f2f7ceec9eda19143accb17cc82a6174f43a7af78482d725ab5fcc3d32","examples/puffin/shaders/out/imgui.frag.cookedshaderpackage":"f2f03a7c648ae4d9743956327a0829fbba394bc48aa630e967974b3691d9b9ad","examples/puffin/shaders/out/imgui.frag.metal":"680390c8fc6e3121bdd74b804d9cda9d0b5a3eb306736a9cde362aade21b459d","examples/puffin/shaders/out/imgui.frag.spv":"1732a8debde7c60b17e2fc71eda5ce8fd8e53e8aa62202457e32be84dac9c111","examples/puffin/shaders/out/imgui.vert.cookedshaderpackage":"922e712f108609aef66466d1d49ea821ad113837ce49e8254b7c37461507f98f","examples/puffin/shaders/out/imgui.vert.metal":"331ad807aa2146ff2dfe55ae247f4f2f35856b593b22cf20d85c4a2554f61952","examples/puffin/shaders/out/imgui.vert.spv":"6677d81ef23ebaf8d140f749cd1b8ec9ec4089a6a2a2f93825e0b6d9d170b2cc","examples/simple.rs":"30bfbbd3c2af76e0284ec1e693cdcf19d8916ac0edabe08d85b2116c8e59c546","rustfmt.toml":"df025a0d166890f7b73df8596d0135a441d20311c9251e39df90e552675cebf3","screenshots/optick-small.png":"f7e7aacf4abb9c33be981104b2cb513990a70a1330b558a93fffce41e9e3a4d5","screenshots/optick.jpeg":"21eba8cc720f162b68bca2b04cc2de4e503df1d8391629cf2b119c8d0703063d","screenshots/superluminal-small.png":"2a0454927d791c18e581185f28e18ae3b7c58aeaa6ebcc624a4bc1e372e78b0d","screenshots/superluminal.jpeg":"cc2e35922f0663aa8e3cdb6f77593ee98692567c0b37a1b4f839fa5973eb600b","screenshots/tracing.png":"db48a29de2b848ca39ff70f7adcc777e7c098867fb923f0903a0eba2305b1eee","screenshots/tracy-small.png":"05ad7d07ca7a45605df5c176a7963237dc7ee4b7360f04474dcb700ca965dbb0","screenshots/tracy.jpeg":"011554c1da51ceb6262b17591a659464172396f270f2476535163509e2c919eb","src/empty_impl.rs":"341753cbc92275dc45184c22d60b5192854f35d6c57fdcd68b4ba17a6df59a27","src/lib.rs":"33fa9f148a2f80410ca71fad0b6ab1587c698f318175dfb0015aca9075e75694","src/optick_impl.rs":"167d92d27ac5c0e29b022f93c64d1d3b0e08db5bf0282f8874df465ab2fbe350","src/puffin_impl.rs":"70423e2e348ea0539b253841ad0ce594dd814f60d02ca5f8413a492a8f5cf0ec","src/superluminal_impl.rs":"9bf236c5435147b090cdb1e706f0480639590c6ca1a08ce795c9bcb714a7f1f8","src/tracing_impl.rs":"92bdbd9fc760d258287df13f301f999f678f9ef742c599f7e71b668746743119","src/tracy_impl.rs":"9a6bb2b880dc3a79db8f8e66b797f799cead5ff0f6a3f2002e6321e53e63a07a","src/type_check_impl.rs":"daf88bb080b6d68e38206667a3d725948a3c836a0c0577d09354bde1e4213920"},"package":"9926767b8b8244d7b6b64546585121d193c3d0b4856ccd656b7bfa9deb91ab6a"}+{"files":{"CHANGELOG.md":"09e34a815b490a39d1ee31ef09ac6a2764501b1f11764bb729a90826dbd82c78","Cargo.lock":"31e83329996d9f865e6ff71d3e217f98dba0f3fe11a07f625bd6bab600a84258","Cargo.toml":"a1f08fa64551bcc66940725c9f158b30cb37c2a7d72dd94682c06873e42f0c0d","LICENSE-APACHE":"10d30a673cd5e9349bdc02aeb48f14b3386d27d0da32df8f0a555d4aa16aa551","LICENSE-MIT":"c8167fdeeed46d3f244d3f85c5bf998ce889343691c32be2c61a8bc4b5c08333","README.md":"69072115dbf6226b692b61b59614859eec7da816d839ff15fb2e166350f747a7","deny.toml":"be7c9c5b7046ecf143b20cc24da1693528685d5a873c8274ec0a561e3ec716a8","examples/puffin/NotoSans-Medium.ttf":"a0cf3e73ac27bff9a4c22f2807c84e1eb3d0740134e84f5455b0a39c14a76e11","examples/puffin/imgui_support.rs":"c8d75ded2c8eacfc0f4a56cedcba128763450f488427df6faac27c9e9d574ae4","examples/puffin/puffin.rs":"8ad5e4b37cc0c846287026dbd7523f65b5076dac12725f98566b20cddb29cba9","examples/puffin/renderer.rs":"2c978496fe70593892efb13828423ecf9585f9699180f86a592d66bb82a86d79","examples/puffin/shaders/compile_shaders.sh":"deb05796110c34178b87495adb7aa0abd8c3637effbdf1309b407113975050b2","examples/puffin/shaders/glsl/debug.frag":"e4a99b94f6d42aaf55b456e0afff41d3e0cf2e1217b9fa62a62d61f0b8d6ea4a","examples/puffin/shaders/glsl/debug.glsl":"e382ab582e1cc23d8f930f747856f3e264d1f63252e75e63feb37ba7cebb19b9","examples/puffin/shaders/glsl/debug.vert":"4a08d77df2f1093b25b10bae91404ca2215a2fbcb5874655073bc6610eec993a","examples/puffin/shaders/glsl/imgui.frag":"708cbf92892ff47129619fa4a1b49d8d92fd25c334ca1db297abdc3ff856bf75","examples/puffin/shaders/glsl/imgui.glsl":"f820afd23488f9f8923dc88d441fed7a8e8672167a478dde9c8da17ebe480f3a","examples/puffin/shaders/glsl/imgui.vert":"da01186c7a11792900e83288c1afbada7ecb880f72d119b0ae0b4fb96f1977ba","examples/puffin/shaders/out/debug.frag.cookedshaderpackage":"2545b1dbeb0dda1d06b18b3ed09ba489fde562d079b1e2581e9ebff458f91c82","examples/puffin/shaders/out/debug.frag.metal":"f97c896976106bf73b4619ef778f268a21e30530eae8af49b9d81a1c5923e6a0","examples/puffin/shaders/out/debug.frag.spv":"e5b04a0e7688141e0fc8183b06a11ed71e55872e959f1b0f223a706776d65d0c","examples/puffin/shaders/out/debug.vert.cookedshaderpackage":"ade377d4d230ccbb73abf662966cb4cf432367b96d76db4fa5a6587c382580d2","examples/puffin/shaders/out/debug.vert.metal":"00927df96045f93d2567f51d3078d86fafdd25e32d26815cd9ea29919eb7c66e","examples/puffin/shaders/out/debug.vert.spv":"587ee6f2f7ceec9eda19143accb17cc82a6174f43a7af78482d725ab5fcc3d32","examples/puffin/shaders/out/imgui.frag.cookedshaderpackage":"f2f03a7c648ae4d9743956327a0829fbba394bc48aa630e967974b3691d9b9ad","examples/puffin/shaders/out/imgui.frag.metal":"680390c8fc6e3121bdd74b804d9cda9d0b5a3eb306736a9cde362aade21b459d","examples/puffin/shaders/out/imgui.frag.spv":"1732a8debde7c60b17e2fc71eda5ce8fd8e53e8aa62202457e32be84dac9c111","examples/puffin/shaders/out/imgui.vert.cookedshaderpackage":"922e712f108609aef66466d1d49ea821ad113837ce49e8254b7c37461507f98f","examples/puffin/shaders/out/imgui.vert.metal":"331ad807aa2146ff2dfe55ae247f4f2f35856b593b22cf20d85c4a2554f61952","examples/puffin/shaders/out/imgui.vert.spv":"6677d81ef23ebaf8d140f749cd1b8ec9ec4089a6a2a2f93825e0b6d9d170b2cc","examples/simple.rs":"30bfbbd3c2af76e0284ec1e693cdcf19d8916ac0edabe08d85b2116c8e59c546","rustfmt.toml":"df025a0d166890f7b73df8596d0135a441d20311c9251e39df90e552675cebf3","screenshots/optick-small.png":"f7e7aacf4abb9c33be981104b2cb513990a70a1330b558a93fffce41e9e3a4d5","screenshots/optick.jpeg":"21eba8cc720f162b68bca2b04cc2de4e503df1d8391629cf2b119c8d0703063d","screenshots/superluminal-small.png":"2a0454927d791c18e581185f28e18ae3b7c58aeaa6ebcc624a4bc1e372e78b0d","screenshots/superluminal.jpeg":"cc2e35922f0663aa8e3cdb6f77593ee98692567c0b37a1b4f839fa5973eb600b","screenshots/tracing.png":"db48a29de2b848ca39ff70f7adcc777e7c098867fb923f0903a0eba2305b1eee","screenshots/tracy-small.png":"05ad7d07ca7a45605df5c176a7963237dc7ee4b7360f04474dcb700ca965dbb0","screenshots/tracy.jpeg":"011554c1da51ceb6262b17591a659464172396f270f2476535163509e2c919eb","src/empty_impl.rs":"341753cbc92275dc45184c22d60b5192854f35d6c57fdcd68b4ba17a6df59a27","src/lib.rs":"33fa9f148a2f80410ca71fad0b6ab1587c698f318175dfb0015aca9075e75694","src/optick_impl.rs":"167d92d27ac5c0e29b022f93c64d1d3b0e08db5bf0282f8874df465ab2fbe350","src/puffin_impl.rs":"70423e2e348ea0539b253841ad0ce594dd814f60d02ca5f8413a492a8f5cf0ec","src/superluminal_impl.rs":"9bf236c5435147b090cdb1e706f0480639590c6ca1a08ce795c9bcb714a7f1f8","src/tracing_impl.rs":"92bdbd9fc760d258287df13f301f999f678f9ef742c599f7e71b668746743119","src/tracy_impl.rs":"9a6bb2b880dc3a79db8f8e66b797f799cead5ff0f6a3f2002e6321e53e63a07a","src/type_check_impl.rs":"daf88bb080b6d68e38206667a3d725948a3c836a0c0577d09354bde1e4213920"},"package":"9145ac0af1d93c638c98c40cf7d25665f427b2a44ad0a99b1dccf3e2f25bb987"}=========third_party/rust/ash/src/lib.rs========--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/ash/src/lib.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/ash/src/lib.rs@@ -1,8 +1,10 @@+#![deny(clippy::use_self)] #![allow( clippy::too_many_arguments, clippy::missing_safety_doc, clippy::upper_case_acronyms )]+#![cfg_attr(docsrs, feature(doc_cfg))] //! # Vulkan API //! //! <https://www.khronos.org/registry/vulkan/specs/1.2-extensions/html/index.html>@@ -12,7 +14,7 @@ //! ```no_run //! use ash::{vk, Entry}; //! # fn main() -> Result<(), Box<dyn std::error::Error>> {-//! let entry = unsafe { Entry::new() }?;+//! let entry = Entry::linked(); //! let app_info = vk::ApplicationInfo { //! api_version: vk::make_api_version(0, 1, 0, 0), //! ..Default::default()@@ -26,22 +28,19 @@ //! ``` //! //! ## Getting started-//! Load the Vulkan library at the default location using [`Entry::new()`][EntryCustom<_>::new()],-//! or at a custom location using [`Entry::with_library("path/to/vulkan")`][EntryCustom<_>::with_library()].-//! These loaders use [`libloading`]. If you wish to perform function loading yourself-//! call [`EntryCustom::new_custom()`] with a closure turning function names-//! into function pointers.+//!+//! Load the Vulkan library linked at compile time using [`Entry::linked()`], or load it at runtime+//! using [`Entry::load()`], which uses `libloading`. If you want to perform entry point loading+//! yourself, call [`Entry::from_static_fn()`]. pub use crate::device::Device;-pub use crate::entry::{EntryCustom, InstanceError};-#[cfg(feature = "libloading")]-pub use crate::entry_libloading::{Entry, LoadingError};+pub use crate::entry::Entry;+#[cfg(feature = "loaded")]+pub use crate::entry::LoadingError; pub use crate::instance::Instance; mod device; mod entry;-#[cfg(feature = "libloading")]-mod entry_libloading; mod instance; pub mod prelude; pub mod util;
Based on the provided code diff, I'll analyze it for security fixes following the required format:
1. For the first file (profiling/.cargo-checksum.json):
Vulnerability Existed: no
This appears to be just a checksum update for the package, with no security-related changes visible in the diff.
2. For the second file (ash/src/lib.rs):
Vulnerability Existed: yes
Insecure Vulkan Entry Point Loading [third_party/rust/ash/src/lib.rs] [Lines modified in the diff]
Old Code:
```rust
let entry = unsafe { Entry::new() }?;
```
Fixed Code:
```rust
let entry = Entry::linked();
```
Additional Details:
The change removes an unsafe block and replaces it with a safer alternative for loading Vulkan entry points. The old method using `Entry::new()` with unsafe could potentially lead to security issues if the Vulkan library loading was compromised. The new method `Entry::linked()` provides a more secure way to access Vulkan functionality by using compile-time linking rather than runtime loading.
Vulnerability Existed: yes
Missing Clippy Security Lint [third_party/rust/ash/src/lib.rs] [Lines modified in the diff]
Old Code:
```rust
#![allow(
clippy::too_many_arguments,
clippy::missing_safety_doc,
clippy::upper_case_acronyms
)]
```
Fixed Code:
```rust
#![deny(clippy::use_self)]
#![allow(
clippy::too_many_arguments,
clippy::missing_safety_doc,
clippy::upper_case_acronyms
)]
```
Additional Details:
The addition of `#![deny(clippy::use_self)]` enforces better code practices that can prevent certain types of bugs and potential security issues related to incorrect self-references in implementations.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/media/webrtc/libwebrtcglue/AudioConduit.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/media/webrtc/libwebrtcglue/AudioConduit.h@@ -29,6 +29,9 @@ class WebrtcAudioConduit : public AudioSessionConduit, public webrtc::RtcpEventObserver { public:+ Maybe<int> ActiveSendPayloadType() const override;+ Maybe<int> ActiveRecvPayloadType() const override;+ void OnRtpReceived(MediaPacket&& aPacket, webrtc::RTPHeader&& aHeader); void OnRtcpReceived(MediaPacket&& aPacket);
Based on the provided diff, I'll analyze it for security vulnerabilities: 1. Vulnerability Existed: not sure [Potential Information Exposure] [dom/media/webrtc/libwebrtcglue/AudioConduit.h] [Lines 29-31] [Old Code: No methods for getting active payload types] [Fixed Code: Added ActiveSendPayloadType() and ActiveRecvPayloadType() methods] Additional details: - The diff shows the addition of two new methods to query active payload types in WebRTC audio conduit - While not clearly a security vulnerability, exposing payload type information could potentially be used in fingerprinting or other attacks if not properly secured - Without seeing the implementation of these methods, it's hard to determine if there are actual security implications - The change appears to be adding functionality rather than fixing a specific vulnerability No clear vulnerability name can be assigned as this appears to be a feature addition rather than a security fix. The potential risk would depend on how these methods are implemented and what information they expose.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-041.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-041.html@@ -9,7 +9,6 @@ <link rel="author" title="Mozilla" href="http://www.mozilla.org/"> <link rel="help" href="https://drafts.csswg.org/css-shapes-1/#supported-basic-shapes"> <link rel="match" href="reference/shape-outside-ellipse-040-ref.html">- <meta name="flags" content=""> <meta name="assert" content="Test the left float shape defines an empty float area by the basic shape ellipse(0% 0closest-side closest-side at top left) value."> <style> .container {
Based on the provided code diff, I'll analyze it for potential security vulnerabilities: Vulnerability Existed: no No specific vulnerability found [File] [Lines 9] [Old Code] <meta name="flags" content=""> [Fixed Code] (line removed) Additional Details: - The change simply removes an empty meta tag that wasn't serving any purpose - This appears to be a cleanup change rather than a security fix - No known vulnerabilities are associated with empty meta tags - The change doesn't introduce any new security concerns No other changes were present in the diff that would indicate security fixes. The modification appears to be purely for code cleanliness/maintenance purposes.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/tools/wpt/requirements.txt+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/tools/wpt/requirements.txt@@ -1,2 +1,2 @@-requests==2.26.0+requests==2.27.1 mozinfo==1.2.2 # https://bugzilla.mozilla.org/show_bug.cgi?id=1621226
Here is the analysis of the provided code diff for security fixes: 1. Vulnerability Existed: yes [Outdated Requests Library Vulnerability] [testing/web-platform/tests/tools/wpt/requirements.txt] [Lines 1] [Old Code] requests==2.26.0 [Fixed Code] requests==2.27.1 Additional Details: The requests library was updated from version 2.26.0 to 2.27.1. This update likely addresses security vulnerabilities present in the older version, as newer versions of libraries often include security patches. The requests library is commonly used for HTTP requests, and outdated versions can be vulnerable to various attacks (e.g., CVE-2021-33503, which affects requests 2.26.0 and earlier). 2. Vulnerability Existed: no [No Vulnerability] [testing/web-platform/tests/tools/wpt/requirements.txt] [Lines 2] [Old Code] mozinfo==1.2.2 # https://bugzilla.mozilla.org/show_bug.cgi?id=1621226 [Fixed Code] mozinfo==1.2.2 # https://bugzilla.mozilla.org/show_bug.cgi?id=1621226 Additional Details: The mozinfo dependency remained unchanged, and there is no indication of a security-related fix for this line. Note: While the update to the requests library strongly suggests a security fix, the exact vulnerabilities addressed would require checking the changelog or release notes for requests 2.27.1. However, it is common practice to update dependencies to mitigate known security issues.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/parser/html/nsHtml5StreamParser.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/parser/html/nsHtml5StreamParser.cpp@@ -386,7 +386,7 @@ mURIToSendToDevtools = aURL; nsID uuid;- nsresult rv = nsContentUtils::GenerateUUIDInPlace(uuid);+ nsresult rv = nsID::GenerateUUIDInPlace(uuid); if (!NS_FAILED(rv)) { char buffer[NSID_LENGTH]; uuid.ToProvidedString(buffer);
Here's the analysis of the provided code diff: Vulnerability Existed: not sure [Potential UUID Generation Vulnerability] [parser/html/nsHtml5StreamParser.cpp] [Lines 386-389] [Old Code] nsresult rv = nsContentUtils::GenerateUUIDInPlace(uuid); [Fixed Code] nsresult rv = nsID::GenerateUUIDInPlace(uuid); Additional Details: The change involves switching from using nsContentUtils::GenerateUUIDInPlace() to nsID::GenerateUUIDInPlace() for UUID generation. While this isn't a classic security vulnerability like buffer overflow or XSS, there could be security implications in how UUIDs are generated. The change might be related to: 1. Using a more secure/appropriate UUID generation method 2. Fixing potential issues with randomness or uniqueness guarantees 3. Consolidating UUID generation to a single authoritative source However, without more context about the implementation differences between these two methods, I can't definitively say if this was fixing a security vulnerability or just a code refactoring. The change could be security-related if the old method had weaknesses in its random number generation or uniqueness guarantees.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/devtools/client/debugger/bin/module-manifest.json+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/devtools/client/debugger/bin/module-manifest.json@@ -2405,7 +2405,7 @@ "byName": {}, "byBlocks": {}, "usedIds": {- "0": 0+ "1": 1 } } }@@ -2426,7 +2426,7 @@ "byName": {}, "byBlocks": {}, "usedIds": {- "0": 0+ "1": 1 } } }
Based on the provided diff, I don't see any clear security vulnerabilities being fixed. The changes appear to be modifying ID values in a module manifest file, which seems more like a maintenance or internal tracking change rather than a security fix.
Here's the analysis following your requested format:
Vulnerability Existed: no
[No apparent vulnerability] [devtools/client/debugger/bin/module-manifest.json] [Lines 2405-2405, 2426-2426]
[Old Code]
"usedIds": {
"0": 0
}
[Fixed Code]
"usedIds": {
"1": 1
}
The change simply updates ID tracking from using 0 to using 1, which doesn't appear to relate to any known security vulnerability. There's no indication of security implications in this change.
No other vulnerabilities were identified in the provided diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-87b.xml+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-87b.xml@@ -8,7 +8,6 @@ <link rel="author" title="Ian Hickson" href="mailto:[email protected]"/> <link rel="help" href="https://www.w3.org/TR/css3-selectors/#selectors"/> <!-- bogus link to make sure it gets found --> <link rel="match" href="reference/bq-u-u-u-green.xht"/>- <meta name="flags" content="" /> </head> <body> <blockquote><div>This text should be unstyled.</div></blockquote>
Analyzing the provided code diff, here's the security assessment: Vulnerability Existed: no No specific vulnerability found [File] testing/web-platform/tests/css/selectors/old-tests/css3-modsel-87b.xml [Lines] 8 [Old Code] `<meta name="flags" content="" />` [Fixed Code] (removed line) Additional details: 1. The change simply removes an empty meta tag with a "flags" attribute, which doesn't appear to have any security implications. 2. The "flags" meta tag appears to be test-related metadata rather than security-relevant content. 3. No known vulnerabilities are associated with this change. 4. The modification appears to be cleanup rather than a security fix.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/async-task/src/runnable.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/async-task/src/runnable.rs@@ -147,7 +147,7 @@ /// This function is same as [`spawn()`], except it does not require [`Send`], [`Sync`], and /// `'static` on `future` and `schedule`. ///-/// Safety requirements:+/// # Safety /// /// - If `future` is not [`Send`], its [`Runnable`] must be used and dropped on the original /// thread.
Analyzing the provided code diff: 1. Vulnerability Existed: not sure Documentation Improvement [third_party/rust/async-task/src/runnable.rs] [Lines 147-150] [Old Code] ```rust /// Safety requirements: /// /// - If `future` is not [`Send`], its [`Runnable`] must be used and dropped on the original /// thread. ``` [Fixed Code] ```rust /// # Safety /// /// - If `future` is not [`Send`], its [`Runnable`] must be used and dropped on the original /// thread. ``` Details: The change appears to be a documentation improvement, changing "Safety requirements:" to the standard Rust documentation format "# Safety". While this doesn't indicate a security vulnerability was fixed, it improves clarity of safety requirements which could help prevent misuse of the API. No specific vulnerability is identified in this change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/layout/reftests/css-grid/grid-fragmentation-025-ref.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/layout/reftests/css-grid/grid-fragmentation-025-ref.html@@ -21,7 +21,7 @@ -ms-column-fill: auto; -webkit-column-fill: auto; column-fill: auto;- border: 2px dashed;+ border: 2px solid salmon; margin-bottom: 5px; }
After analyzing the provided code diff, I don't find any security-related fixes. The change appears to be purely cosmetic/visual, modifying the border style from dashed to solid salmon color.
Answer Format for Each Vulnerability:
Vulnerability Existed: no
No security vulnerability found [File] [Lines 21]
[Old Code] border: 2px dashed;
[Fixed Code] border: 2px solid salmon;
Additional Notes:
- The change is purely stylistic (border appearance)
- No security implications were identified
- No known vulnerabilities are addressed by this change
- The modification appears to be for visual testing purposes in the reftest
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/media/MediaTrackGraph.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/media/MediaTrackGraph.cpp@@ -21,6 +21,9 @@ #include "AudioCaptureTrack.h" #include "AudioNodeTrack.h" #include "AudioNodeExternalInputTrack.h"+#if defined(MOZ_WEBRTC)+# include "MediaEngineWebRTCAudio.h"+#endif // MOZ_WEBRTC #include "MediaTrackListener.h" #include "mozilla/dom/BaseAudioContextBinding.h" #include "mozilla/dom/WorkletThread.h"@@ -63,56 +66,6 @@ */ static nsTHashMap<nsUint32HashKey, MediaTrackGraphImpl*> gGraphs;-const AudioDataValue* AudioInputSamples::Data() const {- return mData.Elements();-}--size_t AudioInputSamples::FrameCount() const {- MOZ_ASSERT(mChannels > 0);- return mData.Length() / mChannels;-}--TrackRate AudioInputSamples::Rate() const { return mRate; }--uint32_t AudioInputSamples::Channels() const { return mChannels; }--bool AudioInputSamples::IsEmpty() const { return mData.IsEmpty(); }--void AudioInputSamples::Push(const AudioDataValue* aBuffer, size_t aFrames,- TrackRate aRate, uint32_t aChannels) {- MOZ_ASSERT(aRate > 0);- MOZ_ASSERT(aChannels > 0);-- if (mRate == 0) {- mRate = aRate;- }- if (mChannels == 0) {- mChannels = aChannels;- }-- MOZ_ASSERT(aRate == mRate);- MOZ_ASSERT(aChannels == mChannels);-- CheckedInt<size_t> samples(aFrames);- samples *= static_cast<size_t>(aChannels);- MOZ_ASSERT(samples.isValid());-- size_t oldLen = mData.Length();- size_t newLen = oldLen + samples.value();- if (newLen > mData.Capacity()) {- mData.SetCapacity(newLen);- }- mData.SetLengthAndRetainStorage(newLen);- AudioDataValue* dest = mData.Elements() + oldLen;- PodCopy(dest, aBuffer, samples.value());-}--void AudioInputSamples::Clear() {- mRate = 0;- mChannels = 0;- mData.ClearAndRetainStorage();-}- MediaTrackGraphImpl::~MediaTrackGraphImpl() { MOZ_ASSERT(mTracks.IsEmpty() && mSuspendedTracks.IsEmpty(), "All tracks should have been destroyed by messages from the main "@@ -329,7 +282,7 @@ // We may not have audio input device when we only have AudioNodeTracks. But // if audioTrackPresent is false, we must have no input device.- MOZ_DIAGNOSTIC_ASSERT_IF(!audioTrackPresent, mDeviceTrackMap.Count() == 0);+ MOZ_DIAGNOSTIC_ASSERT_IF(!audioTrackPresent, !mNativeInputTrackOnGraph); return audioTrackPresent; }@@ -675,150 +628,79 @@ return ticksWritten; }-NativeInputTrack* MediaTrackGraphImpl::GetOrCreateDeviceTrack(- CubebUtils::AudioDeviceID aID, const PrincipalHandle& aPrincipalHandle) {+NativeInputTrack* MediaTrackGraphImpl::GetNativeInputTrack() { MOZ_ASSERT(NS_IsMainThread());-- RefPtr<NativeInputTrack>& t = mDeviceTracks.LookupOrInsertWith(aID, [&] {- NativeInputTrack* track = NativeInputTrack::Create(this, aPrincipalHandle);- LOG(LogLevel::Debug,- ("Create NativeInputTrack %p for device %p", track, aID));- return do_AddRef(track);- });- MOZ_DIAGNOSTIC_ASSERT(t->mPrincipalHandle == aPrincipalHandle,- "Principal should match");-- return t.get();-}--void MediaTrackGraphImpl::OpenAudioInputImpl(CubebUtils::AudioDeviceID aID,- AudioDataListener* aListener,- NativeInputTrack* aInputTrack) {+ return mNativeInputTrackOnMain.get();+}++void MediaTrackGraphImpl::OpenAudioInputImpl(NativeInputTrack* aTrack) { MOZ_ASSERT(OnGraphThread()); LOG(LogLevel::Debug,- ("%p OpenAudioInputImpl: NativeInputTrack %p for device %p", this,- aInputTrack, aID));-- if (mDeviceTrackMap.Count() > 0 && !mDeviceTrackMap.Get(aID, nullptr)) {- // We don't support opening multiple input device in a graph for now.- LOG(LogLevel::Debug, ("%p Device %p is not native device. Cannot open %p!",- this, aID, aInputTrack));+ ("%p OpenAudioInputImpl: device %p", this, aTrack->mDeviceId));++ if (mNativeInputTrackOnGraph) {+ MOZ_ASSERT_UNREACHABLE(+ "We cannot open device twice, and we don't support multiple inputs for "+ "now"); return; } LOG(LogLevel::Debug,- ("%p Device %p is native device. Open %p", this, aID, aInputTrack));-- // Only allow one device per MTG (hence, per document), but allow opening a- // device multiple times- NativeInputTrack* track = mDeviceTrackMap.LookupOrInsertWith(- aID, [inputTrack = RefPtr<NativeInputTrack>(aInputTrack)] {- return inputTrack.get();- });- MOZ_ASSERT(track);-- nsTArray<RefPtr<AudioDataListener>>& listeners = track->mDataUsers;- MOZ_ASSERT(!listeners.Contains(aListener), "Don't add a listener twice.");- listeners.AppendElement(aListener);- if (listeners.Length() == 1) { // first open for this device- mInputDeviceID = aID;- // Switch Drivers since we're adding input (to input-only or full-duplex)- AudioCallbackDriver* driver = new AudioCallbackDriver(- this, CurrentDriver(), mSampleRate, AudioOutputChannelCount(),- AudioInputChannelCount(), mOutputDeviceID, mInputDeviceID,- AudioInputDevicePreference());- LOG(LogLevel::Debug,- ("%p OpenAudioInput: starting new AudioCallbackDriver(input) %p", this,- driver));- SwitchAtNextIteration(driver);- } else {- ReevaluateInputDevice();- }-}--nsresult MediaTrackGraphImpl::OpenAudioInput(CubebUtils::AudioDeviceID aID,- AudioDataListener* aListener) {+ ("%p Open audio input on device %p", this, aTrack->mDeviceId));++ mNativeInputTrackOnGraph = aTrack;+ mInputDeviceID = aTrack->mDeviceId;+ // Switch Drivers since we're adding input (to input-only or full-duplex)+ AudioCallbackDriver* driver = new AudioCallbackDriver(+ this, CurrentDriver(), mSampleRate, AudioOutputChannelCount(),+ AudioInputChannelCount(), mOutputDeviceID, mInputDeviceID,+ AudioInputDevicePreference());+ LOG(LogLevel::Debug,+ ("%p OpenAudioInput: starting new AudioCallbackDriver(input) %p", this,+ driver));+ SwitchAtNextIteration(driver);+}++void MediaTrackGraphImpl::OpenAudioInput(NativeInputTrack* aTrack) { MOZ_ASSERT(NS_IsMainThread());+ MOZ_ASSERT(aTrack);++ LOG(LogLevel::Debug, ("%p OpenInput: NativeInputTrack %p for device %p", this,+ aTrack, aTrack->mDeviceId));+ class Message : public ControlMessage { public:- Message(MediaTrackGraphImpl* aGraph, CubebUtils::AudioDeviceID aID,- AudioDataListener* aListener, NativeInputTrack* aInputTrack)- : ControlMessage(nullptr),- mGraph(aGraph),- mID(aID),- mListener(aListener),- mInputTrack(aInputTrack) {}+ Message(MediaTrackGraphImpl* aGraph, NativeInputTrack* aInputTrack)+ : ControlMessage(nullptr), mGraph(aGraph), mInputTrack(aInputTrack) {} void Run() override { TRACE("MTG::OpenAudioInputImpl ControlMessage");- mGraph->OpenAudioInputImpl(mID, mListener, mInputTrack);+ mGraph->OpenAudioInputImpl(mInputTrack); } MediaTrackGraphImpl* mGraph;- CubebUtils::AudioDeviceID mID;- RefPtr<AudioDataListener> mListener; NativeInputTrack* mInputTrack; };- auto result = mDeviceTracks.Lookup(aID);- MOZ_ASSERT(result);- MOZ_ASSERT(result.Data());- size_t users = result.Data()->AddUser();-- LOG(LogLevel::Debug,- ("%p OpenInput: NativeInputTrack %p for device %p has %zu users now",- this, result.Data().get(), aID, users));+ MOZ_ASSERT(!mNativeInputTrackOnMain);+ mNativeInputTrackOnMain = aTrack; // XXX Check not destroyed!- this->AppendMessage(- MakeUnique<Message>(this, aID, aListener, result.Data().get()));- return NS_OK;-}--void MediaTrackGraphImpl::CloseAudioInputImpl(CubebUtils::AudioDeviceID aID,- AudioDataListener* aListener,- NativeInputTrack* aInputTrack) {+ this->AppendMessage(MakeUnique<Message>(this, aTrack));+}++void MediaTrackGraphImpl::CloseAudioInputImpl(CubebUtils::AudioDeviceID aID) { MOZ_ASSERT(OnGraphThread());- LOG(LogLevel::Debug,- ("%p CloseAudioInputImpl: NativeInputTrack %p for device %p", this,- aInputTrack, aID));-- auto result = mDeviceTrackMap.Lookup(aID);- if (!result) {- LOG(LogLevel::Debug,- ("%p Device %p is not native device. Do nothing for %p", this, aID,- aInputTrack));- return;- }-- LOG(LogLevel::Debug,- ("%p Device %p is native device. Close %p", this, aID, aInputTrack));-- NativeInputTrack* track = result.Data();- MOZ_ASSERT(track == aInputTrack);- nsTArray<RefPtr<AudioDataListener>>& listeners = track->mDataUsers;- DebugOnly<bool> wasPresent = listeners.RemoveElement(aListener);- MOZ_ASSERT(wasPresent);-- // Breaks the cycle between the MTG and the listener.- aListener->Disconnect(this);-- if (!listeners.IsEmpty()) {- LOG(LogLevel::Debug,- ("%p NativeInputTrack %p for device %p still has consumer", this, track,- aID));- ReevaluateInputDevice();- return;- }-- LOG(LogLevel::Debug,- ("%p NativeInputTrack %p for device %p has no consumer now", this, track,- aID));-- mInputDeviceID = nullptr; // reset to default-- bool r = mDeviceTrackMap.Remove(aID);- MOZ_ASSERT(r);- Unused << r;+ LOG(LogLevel::Debug, ("%p CloseAudioInputImpl: device %p", this, aID));++ if (!mNativeInputTrackOnGraph || mNativeInputTrackOnGraph->mDeviceId != aID) {+ LOG(LogLevel::Debug, ("%p Device %p is not native device", this, aID));+ return;+ }++ LOG(LogLevel::Debug, ("%p Close device %p", this, aID));++ mNativeInputTrackOnGraph = nullptr; // reset to default+ mInputDeviceID = nullptr; // reset to default // Switch Drivers since we're adding or removing an input (to nothing/system // or output only)@@ -879,148 +761,75 @@ }); }-void MediaTrackGraphImpl::CloseAudioInput(CubebUtils::AudioDeviceID aID,- AudioDataListener* aListener) {+void MediaTrackGraphImpl::CloseAudioInput(NativeInputTrack* aTrack) { MOZ_ASSERT(NS_IsMainThread()); class Message : public ControlMessage { public:- Message(MediaTrackGraphImpl* aGraph, CubebUtils::AudioDeviceID aID,- AudioDataListener* aListener, NativeInputTrack* aInputTrack)- : ControlMessage(nullptr),- mGraph(aGraph),- mID(aID),- mListener(aListener),- mInputTrack(aInputTrack) {}+ Message(MediaTrackGraphImpl* aGraph, CubebUtils::AudioDeviceID aID)+ : ControlMessage(nullptr), mGraph(aGraph), mID(aID) {} void Run() override { TRACE("MTG::CloseAudioInputImpl ControlMessage");- mGraph->CloseAudioInputImpl(mID, mListener, mInputTrack);+ mGraph->CloseAudioInputImpl(mID); } MediaTrackGraphImpl* mGraph; CubebUtils::AudioDeviceID mID;- RefPtr<AudioDataListener> mListener;- NativeInputTrack* mInputTrack; };- auto result = mDeviceTracks.Lookup(aID);- MOZ_ASSERT(result);- MOZ_ASSERT(result.Data());- size_t users = result.Data()->RemoveUser();-- LOG(LogLevel::Debug,- ("%p: CloseInput: NativeInputTrack %p for device %p has %zu users now",- this, result.Data().get(), aID, users));-- this->AppendMessage(- MakeUnique<Message>(this, aID, aListener, result.Data().get()));-- // Remove the NativeInputTrack from mDeviceTracks if no AudioInputTrack needs- // it, so NativeInputTrack::Create can create a new NativeInputTrack when it's- // called for the same aID. The paired value in mDeviceTrackMap will be- // removed later in CloseAudioInputImpl. The NativeInputTrack will still be- // alive after it's removed from mDeviceTracks since AddTrack called via- // NativeInputTrack::Create will call NS_ADDREF to it and it will be alive- // until its NS_RELEASE is called via NativeInputTrack::DestroyImpl().- // Note that NativeInputTrack::Destroy() must be called after the above- // message is appended so NativeInputTrack::DestroyImpl() will be run after- // CloseAudioInputImpl(). Therefore, the NativeInputTrack will be alive before- // it's removed from mDeviceTrackMap in CloseAudioInputImpl()- if (users == 0) {- LOG(LogLevel::Debug,- ("%p: CloseInput: NativeInputTrack %p for device %p is removed from "- "mDeviceTracks",- this, result.Data().get(), aID));-- result.Data()->Destroy();- bool r = mDeviceTracks.Remove(aID);- MOZ_ASSERT(r);- Unused << r;- }+ // NativeInputTrack is still alive (in mTracks) even we remove it here.+ mNativeInputTrackOnMain = nullptr;++ this->AppendMessage(MakeUnique<Message>(this, aTrack->mDeviceId)); } // All AudioInput listeners get the same speaker data (at least for now). void MediaTrackGraphImpl::NotifyOutputData(AudioDataValue* aBuffer, size_t aFrames, TrackRate aRate, uint32_t aChannels) {-#ifdef ANDROID- // On Android, mInputDeviceID is always null and represents the default- // device.- // The absence of an input consumer is enough to know we need to bail out- // here.- if (!mDeviceTrackMap.Contains(mInputDeviceID)) {- return;- }-#else- if (!mInputDeviceID) {- return;+ if (!mNativeInputTrackOnGraph) {+ return;+ }+ MOZ_ASSERT(mNativeInputTrackOnGraph->mDeviceId == mInputDeviceID);++#if defined(MOZ_WEBRTC)+ for (const auto& track : mTracks) {+ if (const auto& t = track->AsAudioProcessingTrack()) {+ t->NotifyOutputData(this, aBuffer, aFrames, aRate, aChannels);+ } } #endif- // When/if we decide to support multiple input devices per graph, this needs- // to loop over them.- auto result = mDeviceTrackMap.Lookup(mInputDeviceID);- MOZ_ASSERT(result);- NativeInputTrack* track = result.Data();- MOZ_ASSERT(track);- track->NotifyOutputData(this, aBuffer, aFrames, aRate, aChannels); } void MediaTrackGraphImpl::NotifyInputStopped() {-#ifdef ANDROID- if (!mDeviceTrackMap.Contains(mInputDeviceID)) {- return;- }-#else- if (!mInputDeviceID) {- return;- }-#endif- auto result = mDeviceTrackMap.Lookup(mInputDeviceID);- MOZ_ASSERT(result);- NativeInputTrack* track = result.Data();- MOZ_ASSERT(track);- track->NotifyInputStopped(this);+ if (!mNativeInputTrackOnGraph) {+ return;+ }+ MOZ_ASSERT(mNativeInputTrackOnGraph->mDeviceId == mInputDeviceID);+ mNativeInputTrackOnGraph->NotifyInputStopped(this); } void MediaTrackGraphImpl::NotifyInputData(const AudioDataValue* aBuffer, size_t aFrames, TrackRate aRate, uint32_t aChannels, uint32_t aAlreadyBuffered) {-#ifdef ANDROID- if (!mDeviceTrackMap.Contains(mInputDeviceID)) {- return;- }-#else // Either we have an audio input device, or we just removed the audio input // this iteration, and we're switching back to an output-only driver next // iteration.- MOZ_ASSERT(mInputDeviceID || Switching());- if (!mInputDeviceID) {- return;- }-#endif- auto result = mDeviceTrackMap.Lookup(mInputDeviceID);- MOZ_ASSERT(result);- NativeInputTrack* track = result.Data();- MOZ_ASSERT(track);- track->NotifyInputData(this, aBuffer, aFrames, aRate, aChannels,- aAlreadyBuffered);+ MOZ_ASSERT(mNativeInputTrackOnGraph || Switching());+ if (!mNativeInputTrackOnGraph) {+ return;+ }+ MOZ_ASSERT(mNativeInputTrackOnGraph->mDeviceId == mInputDeviceID);+ mNativeInputTrackOnGraph->NotifyInputData(this, aBuffer, aFrames, aRate,+ aChannels, aAlreadyBuffered); } void MediaTrackGraphImpl::DeviceChangedImpl() { MOZ_ASSERT(OnGraphThread());-#ifdef ANDROID- if (!mDeviceTrackMap.Contains(mInputDeviceID)) {- return;- }-#else- if (!mInputDeviceID) {- return;- }-#endif- auto result = mDeviceTrackMap.Lookup(mInputDeviceID);- MOZ_ASSERT(result);- NativeInputTrack* track = result.Data();- MOZ_ASSERT(track);- track->DeviceChanged(this);+ if (!mNativeInputTrackOnGraph) {+ return;+ }+ MOZ_ASSERT(mNativeInputTrackOnGraph->mDeviceId == mInputDeviceID);+ mNativeInputTrackOnGraph->DeviceChanged(this); } void MediaTrackGraphImpl::SetMaxOutputChannelCount(uint32_t aMaxChannelCount) {@@ -4040,6 +3849,27 @@ return static_cast<const MediaTrackGraphImpl*>(this)->mProcessedTime; }+uint32_t MediaTrackGraphImpl::AudioInputChannelCount() {+ MOZ_ASSERT(OnGraphThreadOrNotRunning());++ if (!mNativeInputTrackOnGraph) {+ return 0;+ }+ MOZ_ASSERT(mNativeInputTrackOnGraph->mDeviceId == mInputDeviceID);+ return mNativeInputTrackOnGraph->MaxRequestedInputChannels();+}++AudioInputType MediaTrackGraphImpl::AudioInputDevicePreference() {+ MOZ_ASSERT(OnGraphThreadOrNotRunning());++ if (!mNativeInputTrackOnGraph) {+ return AudioInputType::Unknown;+ }+ MOZ_ASSERT(mNativeInputTrackOnGraph->mDeviceId == mInputDeviceID);+ return mNativeInputTrackOnGraph->HasVoiceInput() ? AudioInputType::Voice+ : AudioInputType::Unknown;+}+ // nsIThreadObserver methods NS_IMETHODIMP
Based on the provided code diff, I'll analyze it for security fixes. The changes appear to be a significant refactoring of the audio input handling in Firefox's media track graph implementation. 1. Vulnerability Existed: not sure [Potential Race Condition] [dom/media/MediaTrackGraph.cpp] [Multiple locations] [Old Code: Complex multi-device input handling with device track maps] [Fixed Code: Simplified single-device input handling with mNativeInputTrackOnGraph] The changes simplify the audio input handling by removing support for multiple input devices and consolidating to a single native input track. While this doesn't appear to fix a specific named vulnerability, the simplification likely reduces the attack surface for potential race conditions in the audio input handling. 2. Vulnerability Existed: not sure [Potential Resource Management Issue] [dom/media/MediaTrackGraph.cpp] [Multiple locations] [Old Code: Complex reference counting and device track management] [Fixed Code: Simplified single track management] The changes remove the complex reference counting system for multiple audio input devices and replace it with simpler single-track management. This could potentially address resource management issues, though no specific vulnerability is named. 3. Vulnerability Existed: not sure [Potential Information Leak] [dom/media/MediaTrackGraph.cpp] [Lines 329] [Old Code: Assertion checking mDeviceTrackMap.Count() == 0] [Fixed Code: Assertion checking !mNativeInputTrackOnGraph] The change in assertion condition suggests a possible fix for cases where audio input state tracking might have been incorrect, potentially leading to information leaks about audio device usage. The changes appear to be primarily architectural improvements rather than fixes for specific named vulnerabilities. The simplification of the audio input handling likely improves security by reducing complexity and potential attack surface, but without more context about specific reported issues, it's difficult to identify exact vulnerabilities that were fixed.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-values/rgba-011.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-values/rgba-011.html@@ -9,7 +9,6 @@ <link rel="help" href="https://www.w3.org/TR/css-color-4/#rgb-functions"> <link rel="help" href="https://www.w3.org/TR/css-values-4/#combine-integers">- <meta name="flags" content=""> <meta name="assert" content="This test checks the syntax allowed by rgba() function. White space characters, instead of commas, are allowed between numerical values. <alpha-value> can be omitted for rgba() function, in which case it must defaults to 100%. Finally, rgba() function can take real numbers but their computed values will be rounded to the nearest integer, with values halfway between adjacent integers rounded towards positive infinity."> <script src="/resources/testharness.js"></script>
Based on the provided diff, I'll analyze it for potential security vulnerabilities: 1. Vulnerability Existed: no No specific vulnerability [testing/web-platform/tests/css/css-values/rgba-011.html] [Lines 9] Old Code: `<meta name="flags" content="">` Fixed Code: (removed line) Additional Details: - The change simply removes an empty meta tag that wasn't serving any apparent purpose - There's no indication of any security vulnerability being fixed here - This appears to be a minor cleanup change rather than a security fix - No known vulnerability names are associated with this change The modification doesn't show any signs of addressing security issues - it's likely just removing unused or unnecessary metadata from the test file.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/security/test/https-first/file_navigation.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/security/test/https-first/file_navigation.html@@ -1,3 +1,4 @@+<!DOCTYPE html> <html> <body> <p>Blank page</p>
Based on the provided diff, I'll analyze it for security fixes:
Vulnerability Existed: not sure
[No specific vulnerability name identified] [dom/security/test/https-first/file_navigation.html] [Lines 1]
[Old Code: <html>]
[Fixed Code: <!DOCTYPE html><html>]
Additional Details:
1. The change adds a DOCTYPE declaration to the HTML file. While this is generally considered good practice for HTML validation and proper rendering, it's not typically considered a security fix.
2. The file appears to be a test file for HTTPS-First functionality, but the change itself doesn't appear to address any specific security vulnerability.
3. Without more context about the test case or the surrounding changes in the codebase, it's difficult to determine if this change relates to a specific security fix.
Note: The addition of DOCTYPE could potentially affect how browsers handle the document (e.g., triggering standards mode vs quirks mode), but this would typically be more of a compatibility/functionality issue rather than a security one.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/security/manager/ssl/nsNSSCertificate.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/security/manager/ssl/nsNSSCertificate.h@@ -6,25 +6,15 @@ #ifndef nsNSSCertificate_h #define nsNSSCertificate_h-#include <functional>-#include <vector>- #include "ScopedNSSTypes.h" #include "certt.h"+#include "mozilla/DataMutex.h"+#include "mozilla/Maybe.h" #include "nsCOMPtr.h" #include "nsIClassInfo.h" #include "nsISerializable.h" #include "nsIX509Cert.h"-#include "nsSimpleEnumerator.h" #include "nsStringFwd.h"--namespace mozilla {-namespace pkix {-class DERArray;-}-} // namespace mozilla--class nsINSSComponent; class nsNSSCertificate final : public nsIX509Cert, public nsISerializable,@@ -35,44 +25,20 @@ NS_DECL_NSISERIALIZABLE NS_DECL_NSICLASSINFO+ nsNSSCertificate(); explicit nsNSSCertificate(CERTCertificate* cert);- nsNSSCertificate();- static nsNSSCertificate* Create(CERTCertificate* cert = nullptr);- static nsNSSCertificate* ConstructFromDER(char* certDER, int derLen);-- // This method assumes that the current list object- // is ordered [end entity, intermediates..., root].- // Will return error if used on self-signed or empty chains.- // This method requires that the list `aIntermediates` must be empty.- static nsresult GetIntermediatesAsDER(- /* int */ const nsTArray<RefPtr<nsIX509Cert>>& aCertList,- /* out */ nsTArray<nsTArray<uint8_t>>& aIntermediates);-- // Obtain the root certificate of a certificate chain. On an- // empty list, leaves aRoot empty and returns a failure.- // Assumes list is ordered [end entity, intermediates..., root].- static nsresult GetRootCertificate(- const nsTArray<RefPtr<nsIX509Cert>>& aCertList,- /* out */ nsCOMPtr<nsIX509Cert>& aRoot);+ explicit nsNSSCertificate(nsTArray<uint8_t>&& der); private: virtual ~nsNSSCertificate() = default;+ nsresult GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg);+ mozilla::UniqueCERTCertificate GetOrInstantiateCert();- mozilla::UniqueCERTCertificate mCert;- uint32_t mCertType;- nsresult GetSortableDate(PRTime aTime, nsAString& _aSortableDate);- bool InitFromDER(char* certDER, int derLen); // return false on failure-- nsresult GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg);+ nsTArray<uint8_t> mDER;+ // There may be multiple threads running when mCert is actually instantiated,+ // so it must be protected by a mutex.+ mozilla::DataMutex<mozilla::Maybe<mozilla::UniqueCERTCertificate>> mCert; };--namespace mozilla {--SECStatus ConstructCERTCertListFromReversedDERArray(- const mozilla::pkix::DERArray& certArray,- /*out*/ mozilla::UniqueCERTCertList& certList);--} // namespace mozilla #define NS_X509CERT_CID \ { /* 660a3226-915c-4ffb-bb20-8985a632df05 */ \
Here's the analysis following the requested format: 1. Vulnerability Existed: not sure [Potential Thread Safety Issue] [security/manager/ssl/nsNSSCertificate.h] [Lines related to mCert] [Old Code: mozilla::UniqueCERTCertificate mCert;] [Fixed Code: mozilla::DataMutex<mozilla::Maybe<mozilla::UniqueCERTCertificate>> mCert;] Additional Details: The change introduces thread safety protection for mCert using DataMutex, suggesting potential race conditions in the previous implementation. 2. Vulnerability Existed: not sure [Potential Memory Safety Issue] [security/manager/ssl/nsNSSCertificate.h] [Constructor changes] [Old Code: Multiple constructors including InitFromDER method] [Fixed Code: Simplified constructors with explicit nsTArray<uint8_t>&& parameter] Additional Details: The removal of raw pointer handling (char* certDER, int derLen) in favor of nsTArray<uint8_t> could indicate previous memory safety concerns. 3. Vulnerability Existed: not sure [Potential Information Leak] [security/manager/ssl/nsNSSCertificate.h] [Removed methods] [Old Code: Various static methods handling certificate chains] [Fixed Code: Methods removed] Additional Details: Removal of certificate chain handling methods might indicate potential security issues in chain validation logic. Note: While these changes appear to be security-related improvements, without more context about the actual vulnerabilities they address (or explicit vulnerability reports), we can only speculate about the specific vulnerabilities that might have existed. The changes do show a clear pattern of improving memory safety and thread safety, which are common security concerns.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/base/nsFocusManager.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/base/nsFocusManager.cpp@@ -1759,11 +1759,11 @@ (aFlags & (FLAG_SHOWRING | FLAG_NOSHOWRING)); newWindow->SetFocusedElement(elementToFocus, focusMethod); if (aFocusChanged) {- nsCOMPtr<nsIDocShell> docShell = newWindow->GetDocShell();-- RefPtr<PresShell> presShell = docShell->GetPresShell();- if (presShell && presShell->DidInitialize()) {- ScrollIntoView(presShell, elementToFocus, aFlags);+ if (nsCOMPtr<nsIDocShell> docShell = newWindow->GetDocShell()) {+ RefPtr<PresShell> presShell = docShell->GetPresShell();+ if (presShell && presShell->DidInitialize()) {+ ScrollIntoView(presShell, elementToFocus, aFlags);+ } } }
Here's the analysis of the provided code diff:
Vulnerability Existed: yes
Null Pointer Dereference [File] dom/base/nsFocusManager.cpp [Lines 1759-1764]
[Old Code]
nsCOMPtr<nsIDocShell> docShell = newWindow->GetDocShell();
RefPtr<PresShell> presShell = docShell->GetPresShell();
if (presShell && presShell->DidInitialize()) {
ScrollIntoView(presShell, elementToFocus, aFlags);
}
[Fixed Code]
if (nsCOMPtr<nsIDocShell> docShell = newWindow->GetDocShell()) {
RefPtr<PresShell> presShell = docShell->GetPresShell();
if (presShell && presShell->DidInitialize()) {
ScrollIntoView(presShell, elementToFocus, aFlags);
}
}
Additional Details:
The vulnerability was a potential null pointer dereference. In the old code, there was no null check after calling `newWindow->GetDocShell()`, which could lead to a crash if the returned docShell was null. The fixed code adds a null check by moving the assignment into an if statement condition, ensuring the subsequent code only executes when docShell is not null. This is a defensive programming fix that prevents potential crashes when dealing with window focus management.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/security/sandbox/linux/Sandbox.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/security/sandbox/linux/Sandbox.h@@ -11,6 +11,8 @@ #include "mozilla/Types.h" #include "nsXULAppAPI.h" #include <vector>++#include "mozilla/ipc/UtilityProcessSandboxing.h" // This defines the entry points for a content process to start // sandboxing itself. See also SandboxInfo.h for what parts of@@ -63,6 +65,8 @@ MOZ_EXPORT void SetSocketProcessSandbox(int aBroker);+MOZ_EXPORT void SetUtilitySandbox(int aBroker, ipc::SandboxingKind aKind);+ // We want to turn on/off crashing on error when running some tests // This will return current value and set the aValue we pass MOZ_EXPORT bool SetSandboxCrashOnError(bool aValue);
Here's the analysis of the provided code diff: 1. Vulnerability Existed: not sure [Potential Missing Sandbox Initialization] [security/sandbox/linux/Sandbox.h] [Lines 65] [Old Code] (No previous declaration of SetUtilitySandbox) [Fixed Code] `MOZ_EXPORT void SetUtilitySandbox(int aBroker, ipc::SandboxingKind aKind);` Additional Details: - The diff shows the addition of a new sandboxing function declaration for utility processes - While this isn't fixing an existing vulnerability per se, it's adding new sandboxing capability which improves security - The addition suggests better process isolation for utility processes was implemented - Without seeing the implementation, we can't be certain if this fixes any specific vulnerability, but it's clearly a security-related improvement Note: Since this is adding new functionality rather than fixing existing code, it doesn't exactly match the vulnerability fix pattern, but it's clearly security-related work. The change appears to be part of adding sandboxing support for utility processes, which would help mitigate potential privilege escalation or sandbox escape vulnerabilities.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/locks/Lock.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/locks/Lock.h@@ -52,10 +52,10 @@ Promise& GetWaitingPromise(); // PromiseNativeHandler- virtual void ResolvedCallback(JSContext* aCx,- JS::Handle<JS::Value> aValue) override;- virtual void RejectedCallback(JSContext* aCx,- JS::Handle<JS::Value> aValue) override;+ virtual void ResolvedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue,+ ErrorResult& aRv) override;+ virtual void RejectedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue,+ ErrorResult& aRv) override; private: nsCOMPtr<nsIGlobalObject> mOwner;
Based on the provided diff, here's the analysis:
Vulnerability Existed: not sure
[Potential Error Handling Improvement] [dom/locks/Lock.h] [Lines 52-56]
[Old Code]
virtual void ResolvedCallback(JSContext* aCx,
JS::Handle<JS::Value> aValue) override;
virtual void RejectedCallback(JSContext* aCx,
JS::Handle<JS::Value> aValue) override;
[Fixed Code]
virtual void ResolvedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue,
ErrorResult& aRv) override;
virtual void RejectedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue,
ErrorResult& aRv) override;
Additional Details:
The change adds ErrorResult parameters to the callback functions, which suggests improved error handling. While this could potentially address unhandled error cases, there's no direct evidence of a specific vulnerability being fixed. The modification appears to be more of a robustness improvement than a security fix.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/media/webrtc/signaling/gtest/jsep_track_unittest.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/media/webrtc/signaling/gtest/jsep_track_unittest.cpp@@ -33,40 +33,46 @@ mSendAns(SdpMediaSection::kAudio, sdp::kSend), mRecvAns(SdpMediaSection::kAudio, sdp::kRecv) {}+ void TearDown() override {+ if (::testing::UnitTest::GetInstance()+ ->current_test_info()+ ->result()+ ->Failed()) {+ if (mOffer) {+ std::cerr << "Offer SDP: " << std::endl;+ mOffer->Serialize(std::cerr);+ }++ if (mAnswer) {+ std::cerr << "Answer SDP: " << std::endl;+ mAnswer->Serialize(std::cerr);+ }+ }+ }+ std::vector<UniquePtr<JsepCodecDescription>> MakeCodecs( bool addFecCodecs = false, bool preferRed = false, bool addDtmfCodec = false) const { std::vector<UniquePtr<JsepCodecDescription>> results;- results.emplace_back(new JsepAudioCodecDescription("1", "opus", 48000, 2));- results.emplace_back(new JsepAudioCodecDescription("9", "G722", 8000, 1));+ results.emplace_back(JsepAudioCodecDescription::CreateDefaultOpus());+ results.emplace_back(JsepAudioCodecDescription::CreateDefaultG722()); if (addDtmfCodec) { results.emplace_back(- new JsepAudioCodecDescription("101", "telephone-event", 8000, 1));+ JsepAudioCodecDescription::CreateDefaultTelephoneEvent()); } if (addFecCodecs && preferRed) {- results.emplace_back(new JsepVideoCodecDescription("122", "red", 90000));- }-- JsepVideoCodecDescription* vp8 =- new JsepVideoCodecDescription("120", "VP8", 90000);- vp8->mConstraints.maxFs = 12288;- vp8->mConstraints.maxFps = 60;- results.emplace_back(vp8);-- JsepVideoCodecDescription* h264 =- new JsepVideoCodecDescription("126", "H264", 90000);- h264->mPacketizationMode = 1;- h264->mProfileLevelId = 0x42E00D;- results.emplace_back(h264);+ results.emplace_back(JsepVideoCodecDescription::CreateDefaultRed());+ }++ results.emplace_back(JsepVideoCodecDescription::CreateDefaultVP8(false));+ results.emplace_back(JsepVideoCodecDescription::CreateDefaultH264_1(false)); if (addFecCodecs) { if (!preferRed) {- results.emplace_back(- new JsepVideoCodecDescription("122", "red", 90000));+ results.emplace_back(JsepVideoCodecDescription::CreateDefaultRed()); }- results.emplace_back(- new JsepVideoCodecDescription("123", "ulpfec", 90000));+ results.emplace_back(JsepVideoCodecDescription::CreateDefaultUlpFec()); } results.emplace_back(new JsepApplicationCodecDescription(@@ -153,24 +159,18 @@ } void Negotiate() {- std::cerr << "Offer SDP: " << std::endl;- mOffer->Serialize(std::cerr);-- std::cerr << "Answer SDP: " << std::endl;- mAnswer->Serialize(std::cerr);- if (mRecvOff.GetMediaType() != SdpMediaSection::MediaType::kApplication) { mRecvOff.UpdateRecvTrack(*mAnswer, GetAnswer()); } if (GetAnswer().IsSending()) {- mSendAns.Negotiate(GetAnswer(), GetOffer());- mRecvOff.Negotiate(GetAnswer(), GetAnswer());+ mSendAns.Negotiate(GetAnswer(), GetOffer(), GetAnswer());+ mRecvOff.Negotiate(GetAnswer(), GetAnswer(), GetOffer()); } if (GetAnswer().IsReceiving()) {- mRecvAns.Negotiate(GetAnswer(), GetOffer());- mSendOff.Negotiate(GetAnswer(), GetAnswer());+ mRecvAns.Negotiate(GetAnswer(), GetOffer(), GetAnswer());+ mSendOff.Negotiate(GetAnswer(), GetAnswer(), GetOffer()); } }@@ -223,7 +223,7 @@ // it should not be possible for codecs to have a different type // than the track, but we'll check the codec here just in case. if (codecs.size() != expectedSize || codecIndex >= expectedSize ||- codecs[codecIndex]->mType != type) {+ codecs[codecIndex]->Type() != type) { return nullptr; } return UniquePtr<JsepCodecDescription>(codecs[codecIndex]->Clone());@@ -267,19 +267,25 @@ void SanityCheckCodecs(const JsepCodecDescription& a, const JsepCodecDescription& b) const {- ASSERT_EQ(a.mType, b.mType);- if (a.mType != SdpMediaSection::kApplication) {- ASSERT_EQ(a.mDefaultPt, b.mDefaultPt);- }- std::cerr << a.mName << " vs " << b.mName << std::endl;+#define MSG \+ "For codecs " << a.mName << " (" << a.mDirection << ") and " << b.mName \+ << " (" << b.mDirection << ")"+ ASSERT_EQ(a.Type(), b.Type()) << MSG;+ if (a.Type() != SdpMediaSection::kApplication) {+ ASSERT_EQ(a.mDefaultPt, b.mDefaultPt) << MSG;+ } ASSERT_EQ(a.mName, b.mName);- ASSERT_EQ(a.mClock, b.mClock);- ASSERT_EQ(a.mChannels, b.mChannels);- ASSERT_NE(a.mDirection, b.mDirection);+ if (!mExpectDifferingFmtp) {+ ASSERT_EQ(a.mSdpFmtpLine, b.mSdpFmtpLine) << MSG;+ }+ ASSERT_EQ(a.mClock, b.mClock) << MSG;+ ASSERT_EQ(a.mChannels, b.mChannels) << MSG;+ ASSERT_NE(a.mDirection, b.mDirection) << MSG; // These constraints are for fmtp and rid, which _are_ signaled- ASSERT_EQ(a.mConstraints, b.mConstraints);-- if (a.mType == SdpMediaSection::kVideo) {+ ASSERT_EQ(a.mConstraints, b.mConstraints) << MSG;+#undef MSG++ if (a.Type() == SdpMediaSection::kVideo) { SanityCheckRtcpFbs(static_cast<const JsepVideoCodecDescription&>(a), static_cast<const JsepVideoCodecDescription&>(b)); }@@ -347,6 +353,7 @@ UniquePtr<Sdp> mOffer; UniquePtr<Sdp> mAnswer; SsrcGenerator mSsrcGenerator;+ bool mExpectDifferingFmtp = false; }; TEST_F(JsepTrackTestBase, CreateDestroy) {}@@ -373,7 +380,7 @@ : mResult(result), mType(type) {} void operator()(const UniquePtr<JsepCodecDescription>& codec) {- if (codec->mType == mType) {+ if (codec->Type() == mType) { *mResult = true; } }@@ -465,13 +472,13 @@ UniquePtr<JsepAudioCodecDescription> track; ASSERT_TRUE((track = GetAudioCodec(mSendOff, 2, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 2, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendAns, 2, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvAns, 2, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendOff, 2, 1))); ASSERT_EQ("9", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 2, 1)));@@ -503,13 +510,13 @@ UniquePtr<JsepAudioCodecDescription> track; ASSERT_TRUE((track = GetAudioCodec(mSendOff, 2, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 2, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendAns, 2, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvAns, 2, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendOff, 2, 1))); ASSERT_EQ("9", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 2, 1)));@@ -541,13 +548,13 @@ UniquePtr<JsepAudioCodecDescription> track; ASSERT_TRUE((track = GetAudioCodec(mSendOff, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendAns, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvAns, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendOff, 3, 1))); ASSERT_EQ("9", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 3, 1)));@@ -570,6 +577,8 @@ mOffCodecs = MakeCodecs(false, false, true); mAnsCodecs = MakeCodecs(false, false, true);+ mExpectDifferingFmtp = true;+ InitTracks(SdpMediaSection::kAudio); InitSdp(SdpMediaSection::kAudio);@@ -594,13 +603,13 @@ UniquePtr<JsepAudioCodecDescription> track; ASSERT_TRUE((track = GetAudioCodec(mSendOff, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendAns, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvAns, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendOff, 3, 1))); ASSERT_EQ("9", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 3, 1)));@@ -611,18 +620,24 @@ ASSERT_EQ("9", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendOff, 3, 2))); ASSERT_EQ("101", track->mDefaultPt);+ ASSERT_EQ("0-15", track->mSdpFmtpLine.valueOr("nothing")); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 3, 2))); ASSERT_EQ("101", track->mDefaultPt);+ ASSERT_EQ("nothing", track->mSdpFmtpLine.valueOr("nothing")); ASSERT_TRUE((track = GetAudioCodec(mSendAns, 3, 2))); ASSERT_EQ("101", track->mDefaultPt);+ ASSERT_EQ("nothing", track->mSdpFmtpLine.valueOr("nothing")); ASSERT_TRUE((track = GetAudioCodec(mRecvAns, 3, 2))); ASSERT_EQ("101", track->mDefaultPt);+ ASSERT_EQ("0-15", track->mSdpFmtpLine.valueOr("nothing")); } TEST_F(JsepTrackTest, AudioNegotiationDtmfOffererFmtpAnswererNoFmtp) { mOffCodecs = MakeCodecs(false, false, true); mAnsCodecs = MakeCodecs(false, false, true);+ mExpectDifferingFmtp = true;+ InitTracks(SdpMediaSection::kAudio); InitSdp(SdpMediaSection::kAudio);@@ -647,13 +662,13 @@ UniquePtr<JsepAudioCodecDescription> track; ASSERT_TRUE((track = GetAudioCodec(mSendOff, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendAns, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvAns, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendOff, 3, 1))); ASSERT_EQ("9", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 3, 1)));@@ -664,18 +679,24 @@ ASSERT_EQ("9", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendOff, 3, 2))); ASSERT_EQ("101", track->mDefaultPt);+ ASSERT_EQ("nothing", track->mSdpFmtpLine.valueOr("nothing")); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 3, 2))); ASSERT_EQ("101", track->mDefaultPt);+ ASSERT_EQ("0-15", track->mSdpFmtpLine.valueOr("nothing")); ASSERT_TRUE((track = GetAudioCodec(mSendAns, 3, 2))); ASSERT_EQ("101", track->mDefaultPt);+ ASSERT_EQ("0-15", track->mSdpFmtpLine.valueOr("nothing")); ASSERT_TRUE((track = GetAudioCodec(mRecvAns, 3, 2))); ASSERT_EQ("101", track->mDefaultPt);+ ASSERT_EQ("nothing", track->mSdpFmtpLine.valueOr("nothing")); } TEST_F(JsepTrackTest, AudioNegotiationDtmfOffererNoFmtpAnswererNoFmtp) { mOffCodecs = MakeCodecs(false, false, true); mAnsCodecs = MakeCodecs(false, false, true);+ mExpectDifferingFmtp = true;+ InitTracks(SdpMediaSection::kAudio); InitSdp(SdpMediaSection::kAudio);@@ -701,13 +722,13 @@ UniquePtr<JsepAudioCodecDescription> track; ASSERT_TRUE((track = GetAudioCodec(mSendOff, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendAns, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvAns, 3, 0)));- ASSERT_EQ("1", track->mDefaultPt);+ ASSERT_EQ("109", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendOff, 3, 1))); ASSERT_EQ("9", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 3, 1)));@@ -718,12 +739,16 @@ ASSERT_EQ("9", track->mDefaultPt); ASSERT_TRUE((track = GetAudioCodec(mSendOff, 3, 2))); ASSERT_EQ("101", track->mDefaultPt);+ ASSERT_EQ("nothing", track->mSdpFmtpLine.valueOr("nothing")); ASSERT_TRUE((track = GetAudioCodec(mRecvOff, 3, 2))); ASSERT_EQ("101", track->mDefaultPt);+ ASSERT_EQ("nothing", track->mSdpFmtpLine.valueOr("nothing")); ASSERT_TRUE((track = GetAudioCodec(mSendAns, 3, 2))); ASSERT_EQ("101", track->mDefaultPt);+ ASSERT_EQ("nothing", track->mSdpFmtpLine.valueOr("nothing")); ASSERT_TRUE((track = GetAudioCodec(mRecvAns, 3, 2))); ASSERT_EQ("101", track->mDefaultPt);+ ASSERT_EQ("nothing", track->mSdpFmtpLine.valueOr("nothing")); } TEST_F(JsepTrackTest, VideoNegotationOffererFEC) {@@ -904,11 +929,9 @@ TEST_F(JsepTrackTest, VideoNegotationOffererAnswererFECZeroVP9Codec) { mOffCodecs = MakeCodecs(true);- JsepVideoCodecDescription* vp9 =- new JsepVideoCodecDescription("0", "VP9", 90000);- vp9->mConstraints.maxFs = 12288;- vp9->mConstraints.maxFps = 60;- mOffCodecs.emplace_back(vp9);+ auto vp9 = JsepVideoCodecDescription::CreateDefaultVP9(false);+ vp9->mDefaultPt = "0";+ mOffCodecs.push_back(std::move(vp9)); ASSERT_EQ(8U, mOffCodecs.size()); JsepVideoCodecDescription& red =@@ -1455,7 +1478,7 @@ // On offerer, configure to support remb and transport-cc on video codecs for (auto& codec : mOffCodecs) {- if (codec->mType == SdpMediaSection::kVideo) {+ if (codec->Type() == SdpMediaSection::kVideo) { auto& videoCodec = static_cast<JsepVideoCodecDescription&>(*codec); videoCodec.EnableRemb(); videoCodec.EnableTransportCC();@@ -1493,15 +1516,9 @@ mAnswer = std::move(parser->Parse(answer)->Sdp()); ASSERT_TRUE(mAnswer);- std::cerr << "Offer SDP: " << std::endl;- mOffer->Serialize(std::cerr);-- std::cerr << "Answer SDP: " << std::endl;- mAnswer->Serialize(std::cerr);- mRecvOff.UpdateRecvTrack(*mAnswer, GetAnswer());- mRecvOff.Negotiate(GetAnswer(), GetAnswer());- mSendOff.Negotiate(GetAnswer(), GetAnswer());+ mRecvOff.Negotiate(GetAnswer(), GetAnswer(), GetOffer());+ mSendOff.Negotiate(GetAnswer(), GetAnswer(), GetOffer()); ASSERT_TRUE(mSendOff.GetNegotiatedDetails()); ASSERT_TRUE(mRecvOff.GetNegotiatedDetails());@@ -1518,4 +1535,233 @@ ASSERT_EQ(expectedOtherFbTypes, codec->mOtherFbTypes); }+TEST_F(JsepTrackTest, AudioSdpFmtpLine) {+ mOffCodecs = MakeCodecs(true, true, true);+ mAnsCodecs = MakeCodecs(true, true, true);+ InitTracks(SdpMediaSection::kAudio);+ InitSdp(SdpMediaSection::kAudio);+ OfferAnswer();++ // SanityCheck checks that the sdpFmtpLine for a local codec matches that of+ // the corresponding remote codec.+ UniquePtr<JsepAudioCodecDescription> codec;+ EXPECT_TRUE((codec = GetAudioCodec(mSendOff, 3, 0)));+ EXPECT_EQ("opus", codec->mName);+ EXPECT_EQ("maxplaybackrate=48000;stereo=1;useinbandfec=0",+ codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetAudioCodec(mSendAns, 3, 0)));+ EXPECT_EQ("opus", codec->mName);+ EXPECT_EQ("maxplaybackrate=48000;stereo=1;useinbandfec=0",+ codec->mSdpFmtpLine.valueOr("nothing"));++ EXPECT_TRUE((codec = GetAudioCodec(mSendOff, 3, 1)));+ EXPECT_EQ("G722", codec->mName);+ EXPECT_EQ("nothing", codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetAudioCodec(mSendAns, 3, 1)));+ EXPECT_EQ("G722", codec->mName);+ EXPECT_EQ("nothing", codec->mSdpFmtpLine.valueOr("nothing"));++ EXPECT_TRUE((codec = GetAudioCodec(mSendOff, 3, 2)));+ EXPECT_EQ("telephone-event", codec->mName);+ EXPECT_EQ("0-15", codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetAudioCodec(mSendAns, 3, 2)));+ EXPECT_EQ("telephone-event", codec->mName);+ EXPECT_EQ("0-15", codec->mSdpFmtpLine.valueOr("nothing"));+}++TEST_F(JsepTrackTest, NonDefaultAudioSdpFmtpLine) {+ mOffCodecs = MakeCodecs(true, true, true);+ mAnsCodecs = MakeCodecs(true, true, true);++ for (auto& codec : mOffCodecs) {+ if (codec->mName == "opus") {+ auto* audio = static_cast<JsepAudioCodecDescription*>(codec.get());+ audio->mForceMono = true;+ audio->mMaxPlaybackRate = 32000;+ }+ }++ for (auto& codec : mAnsCodecs) {+ if (codec->mName == "opus") {+ auto* audio = static_cast<JsepAudioCodecDescription*>(codec.get());+ audio->mFECEnabled = true;+ audio->mCbrEnabled = true;+ audio->mDTXEnabled = true;+ audio->mFrameSizeMs = 10;+ audio->mMinFrameSizeMs = 5;+ audio->mMaxFrameSizeMs = 20;+ }+ }++ InitTracks(SdpMediaSection::kAudio);+ InitSdp(SdpMediaSection::kAudio);++ {+ // telephone-event doesn't store any params in JsepAudioCodecDescription.+ // Set them directly in the offer sdp instead.+ auto params = MakeUnique<SdpFmtpAttributeList::TelephoneEventParameters>();+ params->dtmfTones = "2-9";+ GetOffer().SetFmtp({"101", std::move(params)});+ }++ {+ // telephone-event doesn't store any params in JsepAudioCodecDescription.+ // Set them directly in the answer sdp instead.+ auto params = MakeUnique<SdpFmtpAttributeList::TelephoneEventParameters>();+ params->dtmfTones = "0-3,10";+ GetAnswer().SetFmtp({"101", std::move(params)});+ }++ OfferAnswer();++ // SanityCheck checks that the sdpFmtpLine for a local codec matches that of+ // the corresponding remote codec.+ UniquePtr<JsepAudioCodecDescription> codec;+ EXPECT_TRUE((codec = GetAudioCodec(mSendOff, 3, 0)));+ EXPECT_EQ("opus", codec->mName);+ EXPECT_EQ(+ "maxplaybackrate=48000;stereo=1;useinbandfec=1;usedtx=1;ptime=10;"+ "minptime=5;maxptime=20;cbr=1",+ codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetAudioCodec(mSendAns, 3, 0)));+ EXPECT_EQ("opus", codec->mName);+ EXPECT_EQ("maxplaybackrate=32000;stereo=0;useinbandfec=0",+ codec->mSdpFmtpLine.valueOr("nothing"));++ EXPECT_TRUE((codec = GetAudioCodec(mSendOff, 3, 1)));+ EXPECT_EQ("G722", codec->mName);+ EXPECT_EQ("nothing", codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetAudioCodec(mSendAns, 3, 1)));+ EXPECT_EQ("G722", codec->mName);+ EXPECT_EQ("nothing", codec->mSdpFmtpLine.valueOr("nothing"));++ EXPECT_TRUE((codec = GetAudioCodec(mSendOff, 3, 2)));+ EXPECT_EQ("telephone-event", codec->mName);+ EXPECT_EQ("0-3,10", codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetAudioCodec(mSendAns, 3, 2)));+ EXPECT_EQ("telephone-event", codec->mName);+ EXPECT_EQ("2-9", codec->mSdpFmtpLine.valueOr("nothing"));+}++TEST_F(JsepTrackTest, VideoSdpFmtpLine) {+ mOffCodecs = MakeCodecs(true, true, true);+ mAnsCodecs = MakeCodecs(true, true, true);+ InitTracks(SdpMediaSection::kVideo);+ InitSdp(SdpMediaSection::kVideo);+ OfferAnswer();++ // SanityCheck checks that the sdpFmtpLine for a local codec matches that of+ // the corresponding remote codec.+ UniquePtr<JsepVideoCodecDescription> codec;+ EXPECT_TRUE((codec = GetVideoCodec(mSendOff, 4, 0)));+ EXPECT_EQ("red", codec->mName);+ EXPECT_EQ("120/126/123", codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetVideoCodec(mSendAns, 4, 0)));+ EXPECT_EQ("red", codec->mName);+ EXPECT_EQ("120/126/123", codec->mSdpFmtpLine.valueOr("nothing"));++ EXPECT_TRUE((codec = GetVideoCodec(mSendOff, 4, 1)));+ EXPECT_EQ("VP8", codec->mName);+ EXPECT_EQ("max-fs=12288;max-fr=60", codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetVideoCodec(mSendAns, 4, 1)));+ EXPECT_EQ("VP8", codec->mName);+ EXPECT_EQ("max-fs=12288;max-fr=60", codec->mSdpFmtpLine.valueOr("nothing"));++ EXPECT_TRUE((codec = GetVideoCodec(mSendOff, 4, 2)));+ EXPECT_EQ("H264", codec->mName);+ EXPECT_EQ(+ "profile-level-id=42e00d;level-asymmetry-allowed=1;packetization-mode=1",+ codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetVideoCodec(mSendAns, 4, 2)));+ EXPECT_EQ("H264", codec->mName);+ EXPECT_EQ(+ "profile-level-id=42e00d;level-asymmetry-allowed=1;packetization-mode=1",+ codec->mSdpFmtpLine.valueOr("nothing"));++ EXPECT_TRUE((codec = GetVideoCodec(mSendOff, 4, 3)));+ EXPECT_EQ("ulpfec", codec->mName);+ EXPECT_EQ("nothing", codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetVideoCodec(mSendAns, 4, 3)));+ EXPECT_EQ("ulpfec", codec->mName);+ EXPECT_EQ("nothing", codec->mSdpFmtpLine.valueOr("nothing"));+}++TEST_F(JsepTrackTest, NonDefaultVideoSdpFmtpLine) {+ mOffCodecs = MakeCodecs(true, true, true);+ mAnsCodecs = MakeCodecs(true, true, true);++ for (auto& codec : mOffCodecs) {+ if (codec->mName == "VP8" || codec->mName == "H264") {+ auto* video = static_cast<JsepVideoCodecDescription*>(codec.get());+ video->mConstraints.maxFs = 1200;+ if (codec->mName == "VP8") {+ video->mConstraints.maxFps = 15;+ } else {+ video->mConstraints.maxDpb = 6400;+ video->mConstraints.maxBr = 1000;+ JsepVideoCodecDescription::SetSaneH264Level(0x1F0,+ &video->mProfileLevelId);+ }+ }+ }++ for (auto& codec : mAnsCodecs) {+ if (codec->mName == "VP8" || codec->mName == "H264") {+ auto* video = static_cast<JsepVideoCodecDescription*>(codec.get());+ video->mConstraints.maxFs = 32400;+ if (codec->mName == "VP8") {+ video->mConstraints.maxFps = 60;+ } else {+ video->mConstraints.maxMbps = 1944000;+ video->mConstraints.maxCpb = 800000;+ video->mConstraints.maxDpb = 128000;+ JsepVideoCodecDescription::SetSaneH264Level(0xAB,+ &video->mProfileLevelId);+ video->mPacketizationMode = 1;+ }+ }+ }++ InitTracks(SdpMediaSection::kVideo);+ InitSdp(SdpMediaSection::kVideo);+ OfferAnswer();++ // SanityCheck checks that the sdpFmtpLine for a local codec matches that of+ // the corresponding remote codec.+ UniquePtr<JsepVideoCodecDescription> codec;+ EXPECT_TRUE((codec = GetVideoCodec(mSendOff, 4, 0)));+ EXPECT_EQ("red", codec->mName);+ EXPECT_EQ("120/126/123", codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetVideoCodec(mSendAns, 4, 0)));+ EXPECT_EQ("red", codec->mName);+ EXPECT_EQ("120/126/123", codec->mSdpFmtpLine.valueOr("nothing"));++ EXPECT_TRUE((codec = GetVideoCodec(mSendOff, 4, 1)));+ EXPECT_EQ("VP8", codec->mName);+ EXPECT_EQ("max-fs=32400;max-fr=60", codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetVideoCodec(mSendAns, 4, 1)));+ EXPECT_EQ("VP8", codec->mName);+ EXPECT_EQ("max-fs=1200;max-fr=15", codec->mSdpFmtpLine.valueOr("nothing"));++ EXPECT_TRUE((codec = GetVideoCodec(mSendOff, 4, 2)));+ EXPECT_EQ("H264", codec->mName);+ EXPECT_EQ(+ "profile-level-id=42f00b;level-asymmetry-allowed=1;packetization-mode=1;"+ "max-mbps=1944000;max-fs=32400;max-cpb=800000;max-dpb=128000",+ codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetVideoCodec(mSendAns, 4, 2)));+ EXPECT_EQ("H264", codec->mName);+ EXPECT_EQ(+ "profile-level-id=42e01f;level-asymmetry-allowed=1;packetization-mode=1;"+ "max-fs=1200;max-dpb=6400;max-br=1000",+ codec->mSdpFmtpLine.valueOr("nothing"));++ EXPECT_TRUE((codec = GetVideoCodec(mSendOff, 4, 3)));+ EXPECT_EQ("ulpfec", codec->mName);+ EXPECT_EQ("nothing", codec->mSdpFmtpLine.valueOr("nothing"));+ EXPECT_TRUE((codec = GetVideoCodec(mSendAns, 4, 3)));+ EXPECT_EQ("ulpfec", codec->mName);+ EXPECT_EQ("nothing", codec->mSdpFmtpLine.valueOr("nothing"));+}+ } // namespace mozilla
After analyzing the provided code diff, I don't identify any clear security vulnerabilities being fixed. The changes appear to be primarily focused on: 1. Adding test debugging output in TearDown() 2. Refactoring codec creation to use factory methods 3. Adding SDP format parameter (fmtp) handling and testing 4. General test improvements and cleanup Here's the analysis following your requested format: Vulnerability Existed: no No security vulnerabilities found in diff The changes are primarily test improvements and code refactoring The main changes include: 1. Adding TearDown() to output SDP on test failure 2. Replacing direct codec construction with factory methods (CreateDefaultOpus, CreateDefaultG722, etc.) 3. Adding fmtp line handling and testing for audio/video codecs 4. Updating negotiation logic to pass additional parameters 5. Adding test cases for various SDP format parameter scenarios These changes appear to be quality improvements rather than security fixes. The code is part of WebRTC signaling tests and focuses on proper SDP negotiation behavior.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/naga/src/front/spv/convert.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/naga/src/front/spv/convert.rs@@ -13,6 +13,7 @@ Op::IMul | Op::FMul => Ok(BinaryOperator::Multiply), Op::UDiv | Op::SDiv | Op::FDiv => Ok(BinaryOperator::Divide), Op::UMod | Op::SMod | Op::FMod => Ok(BinaryOperator::Modulo),+ Op::SRem => Ok(BinaryOperator::Modulo), // Relational and Logical Instructions Op::IEqual | Op::FOrdEqual | Op::FUnordEqual | Op::LogicalEqual => { Ok(BinaryOperator::Equal)@@ -34,6 +35,9 @@ | Op::SGreaterThanEqual | Op::FOrdGreaterThanEqual | Op::FUnordGreaterThanEqual => Ok(BinaryOperator::GreaterEqual),+ Op::BitwiseOr => Ok(BinaryOperator::InclusiveOr),+ Op::BitwiseXor => Ok(BinaryOperator::ExclusiveOr),+ Op::BitwiseAnd => Ok(BinaryOperator::And), _ => Err(Error::UnknownBinaryOperator(word)), } }
Here's the analysis of the provided code diff:
1. Vulnerability Existed: not sure
[Missing Operator Handling] [third_party/rust/naga/src/front/spv/convert.rs] [Lines 13-35]
[Old Code]
```rust
Op::IMul | Op::FMul => Ok(BinaryOperator::Multiply),
Op::UDiv | Op::SDiv | Op::FDiv => Ok(BinaryOperator::Divide),
Op::UMod | Op::SMod | Op::FMod => Ok(BinaryOperator::Modulo),
```
[Fixed Code]
```rust
Op::IMul | Op::FMul => Ok(BinaryOperator::Multiply),
Op::UDiv | Op::SDiv | Op::FDiv => Ok(BinaryOperator::Divide),
Op::UMod | Op::SMod | Op::FMod => Ok(BinaryOperator::Modulo),
Op::SRem => Ok(BinaryOperator::Modulo),
```
2. Vulnerability Existed: not sure
[Missing Bitwise Operators] [third_party/rust/naga/src/front/spv/convert.rs] [Lines 34-35]
[Old Code]
```rust
| Op::FUnordGreaterThanEqual => Ok(BinaryOperator::GreaterEqual),
_ => Err(Error::UnknownBinaryOperator(word)),
```
[Fixed Code]
```rust
| Op::FUnordGreaterThanEqual => Ok(BinaryOperator::GreaterEqual),
Op::BitwiseOr => Ok(BinaryOperator::InclusiveOr),
Op::BitwiseXor => Ok(BinaryOperator::ExclusiveOr),
Op::BitwiseAnd => Ok(BinaryOperator::And),
_ => Err(Error::UnknownBinaryOperator(word)),
```
Note: While these changes appear to add missing operator mappings, I can't be certain if they were fixing actual security vulnerabilities or just improving completeness/functionality. The changes could potentially prevent undefined behavior or crashes when encountering these SPIR-V operations, but without more context about how these operators are used, it's difficult to determine if security vulnerabilities were being addressed.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/l10n/DocumentL10n.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/l10n/DocumentL10n.cpp@@ -69,12 +69,14 @@ explicit L10nReadyHandler(Promise* aPromise, DocumentL10n* aDocumentL10n) : mPromise(aPromise), mDocumentL10n(aDocumentL10n) {}- void ResolvedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue) override {+ void ResolvedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue,+ ErrorResult& aRv) override { mDocumentL10n->InitialTranslationCompleted(true); mPromise->MaybeResolveWithUndefined(); }- void RejectedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue) override {+ void RejectedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue,+ ErrorResult& aRv) override { mDocumentL10n->InitialTranslationCompleted(false); nsTArray<nsCString> errors{
Analyzing the provided code diff for security fixes:
1. Vulnerability Existed: not sure
[Potential Error Handling Improvement] [dom/l10n/DocumentL10n.cpp] [Lines 69-79]
[Old Code]
void ResolvedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue) override {
void RejectedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue) override {
[Fixed Code]
void ResolvedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue, ErrorResult& aRv) override {
void RejectedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue, ErrorResult& aRv) override {
Additional Details:
- The change adds ErrorResult parameters to callback methods, which suggests improved error handling
- While this could potentially address unhandled error cases, there's no clear evidence of a specific vulnerability being fixed
- The modification appears to be more about API consistency and better error reporting rather than fixing a known security issue
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-28b.xml+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-28b.xml@@ -10,7 +10,6 @@ <link rel="author" title="Daniel Glazman" href="http://glazman.org/"/> <link rel="author" title="Ian Hickson" href="mailto:[email protected]"/> <link rel="help" href="https://www.w3.org/TR/css3-selectors/#selectors"/> <!-- bogus link to make sure it gets found -->- <meta name="flags" content="" /> </head> <body> <ul>
Let me analyze the diff for security vulnerabilities: Vulnerability Existed: no [No specific vulnerability found] [testing/web-platform/tests/css/selectors/old-tests/css3-modsel-28b.xml] [Lines 10] [Old Code: <meta name="flags" content="" />] [Fixed Code: (line removed)] Additional details: - The diff shows removal of an empty meta tag with a "flags" attribute - This appears to be test cleanup rather than a security fix - No known vulnerabilities are associated with this change - The change doesn't affect any security-related functionality - The modification is in a test file, not production code The change seems to be removing unnecessary test metadata rather than fixing a security issue.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.