Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/devtools/client/shared/test/browser_filter-editor-02.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/devtools/client/shared/test/browser_filter-editor-02.js@@ -94,6 +94,7 @@ const filters = container.querySelectorAll(".filter"); testRenderedFilters(filters, expected); }+ widget.destroy(); }); function testRenderedFilters(filters, expected) {
Let me analyze the diff for security fixes.
Vulnerability Existed: not sure
[Potential Resource Leak] [devtools/client/shared/test/browser_filter-editor-02.js] [Lines 94]
[Old Code]
const filters = container.querySelectorAll(".filter");
testRenderedFilters(filters, expected);
}
});
[Fixed Code]
const filters = container.querySelectorAll(".filter");
testRenderedFilters(filters, expected);
}
+ widget.destroy();
});
Additional Details:
The main change is the addition of `widget.destroy()` call. This appears to be a cleanup operation that ensures proper resource disposal. While not a direct security vulnerability, failing to clean up resources could potentially lead to memory leaks or other resource exhaustion issues over time. However, since this is in a test file, the security impact would be minimal.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java@@ -1034,7 +1034,7 @@ @Retention(RetentionPolicy.SOURCE) @IntDef({COLOR_SCHEME_LIGHT, COLOR_SCHEME_DARK, COLOR_SCHEME_SYSTEM})- /* package */ @interface ColorScheme {}+ public @interface ColorScheme {} /** A light theme for web content is preferred. */ public static final int COLOR_SCHEME_LIGHT = 0;@@ -1198,7 +1198,7 @@ @Retention(RetentionPolicy.SOURCE) @IntDef({ALLOW_ALL, HTTPS_ONLY_PRIVATE, HTTPS_ONLY})- /* package */ @interface HttpsOnlyMode {}+ public @interface HttpsOnlyMode {} /** Allow all insecure connections */ public static final int ALLOW_ALL = 0;
Analyzing the provided code diff, here are the potential security vulnerabilities:
1. Vulnerability Existed: not sure
[Access Control Vulnerability] [mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java] [Lines 1034, 1198]
[Old Code]
/* package */ @interface ColorScheme {}
/* package */ @interface HttpsOnlyMode {}
[Fixed Code]
public @interface ColorScheme {}
public @interface HttpsOnlyMode {}
Additional Details:
- The change involves modifying the access level of two annotation interfaces from package-private to public
- While this could potentially expose internal implementation details, it's not clear if this constitutes a security vulnerability
- The change might be related to making these interfaces available to other components, but without more context about how these interfaces are used, it's difficult to assess the security impact
- No specific vulnerability name clearly applies to this change, but it could be related to access control if these interfaces contain sensitive information
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/canvas/CanvasRenderingContextHelper.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/canvas/CanvasRenderingContextHelper.h@@ -25,6 +25,7 @@ enum class CanvasContextType : uint8_t { NoContext, Canvas2D,+ OffscreenCanvas2D, WebGL1, WebGL2, WebGPU,
Based on the provided diff, I'll analyze it for security vulnerabilities:
1. Vulnerability Existed: no
No specific vulnerability found [File] dom/canvas/CanvasRenderingContextHelper.h [Lines] 25-30
[Old Code]
enum class CanvasContextType : uint8_t {
NoContext,
Canvas2D,
WebGL1,
WebGL2,
WebGPU,
[Fixed Code]
enum class CanvasContextType : uint8_t {
NoContext,
Canvas2D,
OffscreenCanvas2D,
WebGL1,
WebGL2,
WebGPU,
Additional Details:
- This appears to be a feature addition (adding OffscreenCanvas2D support) rather than a security fix
- No obvious security vulnerability is being patched here
- The change simply extends an enum to include a new canvas context type
- No security-related patterns (like input validation, memory safety, etc.) are being modified
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.image.basic.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.image.basic.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -36,7 +36,7 @@ promise.then(function(response) { createImageBitmap(response).then(bitmap => { ctx.drawImage(bitmap, 0, -50);- _assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+ _assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); }, t_fail); }).then(t_pass, t_fail);
I've analyzed the provided code diff, and here's the security assessment:
Vulnerability Existed: no
[Variable Renaming] [testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.image.basic.html] [Lines 17-18, 36]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
...
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
...
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
The changes appear to be purely cosmetic, renaming the variable 'offscreenCanvas' to 'canvas' for consistency or clarity. There are no security-related changes in this diff. The functionality remains exactly the same, just with a different variable name. No security vulnerabilities were fixed or introduced by these changes.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-ruby/rt-display-001.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-ruby/rt-display-001.html@@ -9,7 +9,6 @@ <link rel="help" href="https://www.w3.org/TR/css-ruby-1/#base-annotation-pairing"> <link rel="match" href="reference/rb-display-001-ref.html">- <meta content="" name="flags"> <style> ruby
Analyzing the provided code diff: 1. Vulnerability Existed: no No specific vulnerability found File: testing/web-platform/tests/css/css-ruby/rt-display-001.html Lines: 9 Old Code: `<meta content="" name="flags">` Fixed Code: (removed) Additional Details: The diff shows removal of an empty meta tag with name="flags". This appears to be a cleanup change rather than a security fix. There's no indication of a vulnerability being addressed here - it's likely just removing an unused or unnecessary tag from the test file. No known vulnerability is associated with this change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/netwerk/protocol/http/nsHttpHandler.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/netwerk/protocol/http/nsHttpHandler.cpp@@ -29,6 +29,7 @@ #include "mozilla/ClearOnShutdown.h" #include "mozilla/Printf.h" #include "mozilla/Sprintf.h"+#include "mozilla/StaticPrefs_general.h" #include "mozilla/StaticPrefs_network.h" #include "mozilla/StaticPrefs_privacy.h" #include "mozilla/StoragePrincipalHelper.h"@@ -138,15 +139,32 @@ LazyLogModule gHttpLog("nsHttp");-static void ExperimentUserAgentUpdated(const char* /* aNimbusPref */,- void* aUserData) {- MOZ_ASSERT(aUserData != nullptr);- nsACString* aExperimentUserAgent = static_cast<nsACString*>(aUserData);-- // Is this user enrolled in the Firefox 100 experiment?- int firefoxVersion =- NimbusFeatures::GetInt(UA_EXPERIMENT_NAME, UA_EXPERIMENT_VAR, 0);- if (firefoxVersion <= 0) {+static void HandleVersionExperimentEnrollment(const char* /* aNimbusPref */,+ void* /* aUserData */) {+ MOZ_ASSERT(XRE_IsParentProcess());++ int experimentBranch =+ NimbusFeatures::GetInt(UA_EXPERIMENT_NAME, UA_EXPERIMENT_VAR, -1);++ // Only set the forceVersion100 pref if the user was enrolled in the+ // treatment (100) branch and the pref is not already set. If the user+ // already set the forceVersion100 pref manually (by checking the+ // "Firefox 100 User-Agent String" option in about:preferences), we don't+ // want subsequent enrollment in the control branch to clear the pref and+ // surprise the user by resetting their UA from version 100 UA to the+ // default version.++ if (experimentBranch == 100 &&+ !mozilla::StaticPrefs::general_useragent_forceVersion100()) {+ Preferences::SetBool("general.useragent.forceVersion100", true);+ }++ Preferences::SetBool("general.useragent.handledVersionExperimentEnrollment",+ true);+}++static void GetExperimentUserAgent(nsACString* aExperimentUserAgent) {+ if (!mozilla::StaticPrefs::general_useragent_forceVersion100()) { aExperimentUserAgent->SetIsVoid(true); return; }@@ -154,22 +172,23 @@ const char uaFormat[] = #ifdef XP_WIN # ifdef HAVE_64BIT_BUILD- "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:%d.0) Gecko/20100101 "- "Firefox/%d.0"+ "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 "+ "Firefox/100.0" # else- "Mozilla/5.0 (Windows NT 10.0; rv:%d.0) Gecko/20100101 Firefox/%d.0"+ "Mozilla/5.0 (Windows NT 10.0; rv:100.0) Gecko/20100101 Firefox/100.0" # endif #elif defined(XP_MACOSX)- "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:%d.0) Gecko/20100101 "- "Firefox/%d.0"+ "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:100.0) Gecko/20100101 "+ "Firefox/100.0"+#elif defined(ANDROID)+ "Mozilla/5.0 (Android 10; Mobile; rv:100.0) Gecko/100.0 Firefox/100.0" #else- // Linux, Android, FreeBSD, etc- "Mozilla/5.0 (X11; Linux x86_64; rv:%d.0) Gecko/20100101 Firefox/%d.0"+ // Linux, FreeBSD, etc+ "Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0" #endif ;- aExperimentUserAgent->Truncate();- aExperimentUserAgent->AppendPrintf(uaFormat, firefoxVersion, firefoxVersion);+ aExperimentUserAgent->Assign(uaFormat); } #ifdef ANDROID@@ -376,20 +395,33 @@ }; mHttp3QlogDir = initQLogDir();+ // monitor Firefox Version Experiment enrollment+ if (XRE_IsParentProcess()) {+ int experimentBranch =+ NimbusFeatures::GetInt(UA_EXPERIMENT_NAME, UA_EXPERIMENT_VAR, -1);++ if (experimentBranch == -1) {+ // The user has not been enrolled in the experiment yet, so listen for+ // a Nimbus enrollment event.+ NimbusFeatures::OnUpdate(UA_EXPERIMENT_NAME, UA_EXPERIMENT_VAR,+ HandleVersionExperimentEnrollment, nullptr);+ } else if (!mozilla::StaticPrefs::+ general_useragent_handledVersionExperimentEnrollment()) {+ // The user was enrolled in the experiment before the forceVersion100+ // pref was created, so call the Nimbus enrollment callback now to+ // update the forceVersion100 and handledVersionExperimentEnrollment+ // prefs.+ HandleVersionExperimentEnrollment(nullptr, nullptr);+ }+ }+ // monitor some preference changes Preferences::RegisterPrefixCallbacks(nsHttpHandler::PrefsChanged, gCallbackPrefs, this); PrefsChanged(nullptr);- // monitor Firefox Version Experiment enrollment- NimbusFeatures::OnUpdate(UA_EXPERIMENT_NAME, UA_EXPERIMENT_VAR,- ExperimentUserAgentUpdated, &mExperimentUserAgent);-- // Load the experiment state once for startup- ExperimentUserAgentUpdated("", &mExperimentUserAgent);- Telemetry::ScalarSet(Telemetry::ScalarID::NETWORKING_HTTP3_ENABLED,- mHttp3Enabled);+ StaticPrefs::network_http_http3_enable()); mMisc.AssignLiteral("rv:" MOZILLA_UAVERSION);@@ -1035,6 +1067,14 @@ mUserAgentIsDirty = true; }+ // general.useragent.forceVersion100+ if (PREF_CHANGED(UA_PREF("forceVersion100"))) {+ // mExperimentUserAgent (if it's not void) will override the constructed+ // UA. We don't need to set mUserAgentIsDirty because we don't need to+ // reconstruct the UA.+ GetExperimentUserAgent(&mExperimentUserAgent);+ }+ // general.useragent.override if (PREF_CHANGED(UA_PREF("override"))) { Preferences::GetCString(UA_PREF("override"), mUserAgentOverride);@@ -1768,13 +1808,6 @@ } }- if (PREF_CHANGED(HTTP_PREF("http3.enabled"))) {- rv = Preferences::GetBool(HTTP_PREF("http3.enabled"), &cVar);- if (NS_SUCCEEDED(rv)) {- mHttp3Enabled = cVar;- }- }- if (PREF_CHANGED(HTTP_PREF("http3.default-qpack-table-size"))) { rv = Preferences::GetInt(HTTP_PREF("http3.default-qpack-table-size"), &val); if (NS_SUCCEEDED(rv)) {@@ -2853,7 +2886,8 @@ nsIURI* aUri, const nsACString& aUsername, bool aPrivateBrowsing, nsIInterfaceRequestor* aCallbacks, const OriginAttributes& aOriginAttributes) {- if (!IsHttp3Enabled() || mAltSvcMappingTemptativeMap.IsEmpty()) {+ if (!StaticPrefs::network_http_http3_enable() ||+ mAltSvcMappingTemptativeMap.IsEmpty()) { return; }@@ -2898,10 +2932,6 @@ network_dns_echconfig_fallback_to_origin_when_all_failed(); }-bool nsHttpHandler::UseHTTPSRRForSpeculativeConnection() const {- return StaticPrefs::network_dns_use_https_rr_for_speculative_connection();-}- void nsHttpHandler::ExcludeHTTPSRRHost(const nsACString& aHost) { MOZ_ASSERT(NS_IsMainThread());
Analyzing the provided code diff, I'll identify potential security vulnerabilities:
1. Vulnerability Existed: not sure
[Potential User-Agent Spoofing] [netwerk/protocol/http/nsHttpHandler.cpp] [Lines 138-172]
[Old Code]
static void ExperimentUserAgentUpdated(const char* /* aNimbusPref */,
void* aUserData) {
MOZ_ASSERT(aUserData != nullptr);
nsACString* aExperimentUserAgent = static_cast<nsACString*>(aUserData);
// Is this user enrolled in the Firefox 100 experiment?
int firefoxVersion =
NimbusFeatures::GetInt(UA_EXPERIMENT_NAME, UA_EXPERIMENT_VAR, 0);
if (firefoxVersion <= 0) {
aExperimentUserAgent->SetIsVoid(true);
return;
}
[Fixed Code]
static void HandleVersionExperimentEnrollment(const char* /* aNimbusPref */,
void* /* aUserData */) {
MOZ_ASSERT(XRE_IsParentProcess());
int experimentBranch =
NimbusFeatures::GetInt(UA_EXPERIMENT_NAME, UA_EXPERIMENT_VAR, -1);
if (experimentBranch == 100 &&
!mozilla::StaticPrefs::general_useragent_forceVersion100()) {
Preferences::SetBool("general.useragent.forceVersion100", true);
}
Additional Details: The change introduces more robust handling of user agent version experiments, but it's unclear if the previous version had a security vulnerability or was just less robust.
2. Vulnerability Existed: not sure
[Potential HTTP/3 Configuration Issue] [netwerk/protocol/http/nsHttpHandler.cpp] [Lines 1768-1808]
[Old Code]
if (PREF_CHANGED(HTTP_PREF("http3.enabled"))) {
rv = Preferences::GetBool(HTTP_PREF("http3.enabled"), &cVar);
if (NS_SUCCEEDED(rv)) {
mHttp3Enabled = cVar;
}
}
[Fixed Code]
(Removed in favor of using StaticPrefs::network_http_http3_enable())
Additional Details: The change moves from runtime preference checking to static prefs for HTTP/3 enablement, which might be more secure but it's unclear if the previous version was vulnerable.
3. Vulnerability Existed: not sure
[Potential HTTPS RR Handling Issue] [netwerk/protocol/http/nsHttpHandler.cpp] [Lines 2898-2932]
[Old Code]
bool nsHttpHandler::UseHTTPSRRForSpeculativeConnection() const {
return StaticPrefs::network_dns_use_https_rr_for_speculative_connection();
}
[Fixed Code]
(Entire function removed)
Additional Details: The removal of this function suggests a change in HTTPS RR (Resource Records) handling, but it's unclear if this was fixing a security issue or just refactoring.
Note: The changes appear to be primarily about improving the robustness of feature handling (User-Agent experiments, HTTP/3, HTTPS RR) rather than fixing specific security vulnerabilities. The modifications add better state management and use of static preferences, but without more context, it's difficult to identify clear security vulnerabilities that were fixed.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.css-color-4-rgba-3.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.css-color-4-rgba-3.worker.js@@ -13,14 +13,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; try { ctx.fillStyle = 'rgba(255, 0 0)'; } catch (e) { } // this shouldn't throw, but it shouldn't matter here if it does ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
Here's the analysis of the provided code diff:
1. Vulnerability Existed: no
Variable Renaming [File] [Lines 13-14, 20]
Old Code:
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
Fixed Code:
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
Additional Details:
- The changes appear to be purely cosmetic, renaming the variable from `offscreenCanvas` to `canvas` for consistency or clarity.
- No security vulnerability is being addressed in this change.
- The functionality remains exactly the same, just with a different variable name.
- The test case continues to perform the same color assertion check.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/cssom-view/add-background-attachment-fixed-during-smooth-scroll.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/cssom-view/add-background-attachment-fixed-during-smooth-scroll.html@@ -10,7 +10,7 @@ height: 200px; overflow: scroll; background: linear-gradient(green, blue);- will-change: transform;+ will-change: scroll-position; } #content { width: 7500px;
Analysis of the code diff: 1. Vulnerability Existed: not sure [Potential Scroll Position Manipulation] [testing/web-platform/tests/css/cssom-view/add-background-attachment-fixed-during-smooth-scroll.html] [Lines 10] Old Code: `will-change: transform;` Fixed Code: `will-change: scroll-position;` Additional Details: - The change modifies the `will-change` CSS property from `transform` to `scroll-position`. While this isn't a clear security vulnerability, it could potentially affect scroll behavior security. The `will-change` property is typically used for performance optimization, but improper use could lead to layout or rendering issues that might be exploitable in certain contexts. The change appears to be more about correct functionality than security. Note: Without more context about the specific security implications in Firefox's rendering engine, I cannot definitively state this was a security fix. The change appears to be more about correct behavior during smooth scrolling.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/js/src/jit-test/tests/wasm/binary.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/js/src/jit-test/tests/wasm/binary.js@@ -299,11 +299,7 @@ } } else { let reservedSimd = [- 0x9a, 0xa2, 0xa5, 0xa6, 0xaf,- 0xb0, 0xb2, 0xb3, 0xb4, 0xbb,- 0xc2, 0xc5, 0xc6, 0xcf,- 0xd0, 0xd2, 0xd3, 0xd4,- 0xe2, 0xee,+ 0x9a, 0xbb, 0xc2, ]; for (let i of reservedSimd) { checkIllegalPrefixed(SimdPrefix, i);
Analyzing the provided code diff for security fixes:
1. Vulnerability Existed: not sure
[Potential Reserved Opcode Handling Issue] [js/src/jit-test/tests/wasm/binary.js] [Lines 299-306]
[Old Code]
```javascript
let reservedSimd = [
0x9a, 0xa2, 0xa5, 0xa6, 0xaf,
0xb0, 0xb2, 0xb3, 0xb4, 0xbb,
0xc2, 0xc5, 0xc6, 0xcf,
0xd0, 0xd2, 0xd3, 0xd4,
0xe2, 0xee,
];
```
[Fixed Code]
```javascript
let reservedSimd = [
0x9a, 0xbb, 0xc2,
];
```
Additional Details: The change significantly reduces the number of reserved SIMD opcodes being checked. While this might be a cleanup/optimization, it could potentially relate to security if some of these opcodes were previously being checked unnecessarily or if some dangerous opcodes were removed from the check list. Without more context about the opcode meanings, it's hard to determine if this was a security fix.
Note: The diff shows a reduction in the number of reserved SIMD opcodes being checked, but without knowing the specific security implications of these opcodes in WebAssembly, I can't definitively say whether this was a security fix or just a cleanup. The change could be related to either:
1. Removing unnecessary checks (optimization)
2. Fixing incorrect handling of certain opcodes
3. Addressing a potential security issue with opcode validation
The significant reduction in checked opcodes suggests there might have been either overzealous checking before or a change in the SIMD specification that made many checks unnecessary.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/build/docs_virtualenv_packages.txt+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/build/docs_virtualenv_packages.txt@@ -1 +1 @@-packages.txt:build/common_virtualenv_packages.txt+
Based on the provided diff content, here's the analysis following the required format: Vulnerability Existed: no [No specific vulnerability found] [build/docs_virtualenv_packages.txt] [Lines 1] [Old Code: packages.txt:build/common_virtualenv_packages.txt] [Fixed Code: ] Additional Details: - The change appears to be a simple file content modification, removing a reference to another file - No security-related patterns or known vulnerabilities are evident in this change - The modification doesn't show any clear security implications or fixes for known vulnerabilities - This appears to be a build system configuration change rather than a security fix
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.isPointInPath.basic.2.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.isPointInPath.basic.2.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.rect(20, 0, 20, 20); _assertSame(ctx.isPointInPath(10, 10), false, "ctx.isPointInPath(10, 10)", "false");
Let me analyze the code diff for potential security vulnerabilities:
Vulnerability Existed: no
[No specific vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.isPointInPath.basic.2.worker.js] [Lines 13-14]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
Additional Notes:
1. The change appears to be purely a variable name change from `offscreenCanvas` to `canvas`
2. No security-related changes are visible in this diff
3. The functionality remains exactly the same, only the variable naming convention was modified
4. This looks like a code style/readability improvement rather than a security fix
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/transformations/2d.transformation.translate.basic.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/transformations/2d.transformation.translate.basic.html@@ -17,15 +17,15 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50); ctx.translate(100, 50); ctx.fillStyle = '#0f0'; ctx.fillRect(-100, -50, 100, 50);-_assertPixel(offscreenCanvas, 90,40, 0,255,0,255, "90,40", "0,255,0,255");+_assertPixel(canvas, 90,40, 0,255,0,255, "90,40", "0,255,0,255"); t.done(); });
Based on the provided code diff, here's the analysis:
Vulnerability Existed: no
No specific vulnerability found [File] testing/web-platform/tests/html/canvas/offscreen/transformations/2d.transformation.translate.basic.html [Lines] 17-27
[Old Code]
```javascript
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
// ... rest of the code ...
_assertPixel(offscreenCanvas, 90,40, 0,255,0,255, "90,40", "0,255,0,255");
```
[Fixed Code]
```javascript
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
// ... rest of the code ...
_assertPixel(canvas, 90,40, 0,255,0,255, "90,40", "0,255,0,255");
```
Additional Details: The changes appear to be purely variable renaming (from `offscreenCanvas` to `canvas`) with no security implications. The functionality remains identical, just with a more concise variable name. No security vulnerabilities were fixed in this change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/filter-effects/filters-test-brightness-001.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/filter-effects/filters-test-brightness-001.html@@ -8,7 +8,6 @@ <link rel="help" href="http://www.w3.org/TR/filter-effects-1/#FilterProperty"> <link rel="help" href="https://www.w3.org/TR/filter-effects-1/#funcdef-filter-brightness"> <link rel="match" href="filters-ref-brightness-001.html">- <meta name="flags" content=""> <meta name="assert" content="This test verifies that the brightness shorthand works. Green rectangle must shown, when brightness set to 100%."> <style type="text/css">
Analyzing the provided code diff: 1. Vulnerability Existed: no No specific vulnerability found [File] testing/web-platform/tests/css/filter-effects/filters-test-brightness-001.html [Lines] 8 [Old Code] `<meta name="flags" content="">` [Fixed Code] (line removed) Additional Details: - The change simply removes an empty meta tag for "flags" which appears to be test-related metadata - No security implications or vulnerabilities are apparent in this change - The modification seems to be cleanup of test configuration rather than a security fix No other vulnerabilities or changes were detected in the provided diff. The modification appears to be benign test file maintenance.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/system/tests/ioutils/test_ioutils_set_permissions.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/system/tests/ioutils/test_ioutils_set_permissions.html@@ -15,8 +15,7 @@ const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm"); add_task(async function test_setPermissions() {- const tempDir = await PathUtils.getTempDir();- const tempFile = PathUtils.join(tempDir, "setPermissions.tmp");+ const tempFile = PathUtils.join(PathUtils.tempDir, "setPermissions.tmp"); await IOUtils.writeUTF8(tempFile, ""); await IOUtils.setPermissions(tempFile, 0o421);@@ -47,8 +46,7 @@ }); add_task(async function test_setPermissionsWithoutHonoringUmask() {- const tempDir = await PathUtils.getTempDir();- const tempFile = PathUtils.join(tempDir, "setPermissions.tmp");+ const tempFile = PathUtils.join(PathUtils.tempDir, "setPermissions.tmp"); await IOUtils.writeUTF8(tempFile, ""); await IOUtils.setPermissions(tempFile, 0o421, false);
Based on the provided code diff, here's the analysis: 1. Vulnerability Existed: no No specific vulnerability [File] dom/system/tests/ioutils/test_ioutils_set_permissions.html [Lines] 15-16, 47-48 Old Code: const tempDir = await PathUtils.getTempDir(); const tempFile = PathUtils.join(tempDir, "setPermissions.tmp"); Fixed Code: const tempFile = PathUtils.join(PathUtils.tempDir, "setPermissions.tmp"); Additional Details: - The change appears to be a code simplification rather than a security fix - The modification replaces an async call to getTempDir() with direct access to PathUtils.tempDir - No security vulnerability is being addressed here, just a more efficient way to access the temp directory - The functionality remains the same, just implemented differently Note: There are no other changes in the diff that would indicate security fixes. The second change is identical in nature to the first one, just in a different test function.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/webrtc-sdp/src/attribute_type.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/webrtc-sdp/src/attribute_type.rs@@ -470,7 +470,7 @@ Nack, TrrInt, Remb,- TransCC,+ TransCc, } impl fmt::Display for SdpAttributeRtcpFbType {@@ -481,7 +481,7 @@ SdpAttributeRtcpFbType::Nack => "nack", SdpAttributeRtcpFbType::TrrInt => "trr-int", SdpAttributeRtcpFbType::Remb => "goog-remb",- SdpAttributeRtcpFbType::TransCC => "transport-cc",+ SdpAttributeRtcpFbType::TransCc => "transport-cc", } .fmt(f) }@@ -621,12 +621,26 @@ impl fmt::Display for SdpAttributeFmtpParameters { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { if let Some(ref rtx) = self.rtx {+ // rtx return write!(f, "{}", rtx); }+ if !self.dtmf_tones.is_empty() {+ // telephone-event+ return write!(f, "{}", self.dtmf_tones);+ } else if !self.encodings.is_empty() {+ // red encodings+ return self+ .encodings+ .iter()+ .map(ToString::to_string)+ .collect::<Vec<String>>()+ .join("/")+ .fmt(f);+ }; write!( f,- "{parameters}{red}{dtmf}{unknown}",- parameters = non_empty_string_vec![+ "{}",+ non_empty_string_vec![ maybe_print_param( "profile-level-id=", format!("{:06x}", self.profile_level_id),@@ -652,12 +666,10 @@ maybe_print_bool_param("usedtx", self.usedtx, false), maybe_print_bool_param("stereo", self.stereo, false), maybe_print_bool_param("useinbandfec", self.useinbandfec, false),- maybe_print_bool_param("cbr", self.cbr, false)+ maybe_print_bool_param("cbr", self.cbr, false),+ maybe_vector_to_string!("{}", self.unknown_tokens, ",") ]- .join(";"),- red = maybe_vector_to_string!("{}", self.encodings, "/"),- dtmf = maybe_print_param("", self.dtmf_tones.clone(), "".to_string()),- unknown = maybe_vector_to_string!("{}", self.unknown_tokens, ",")+ .join(";") ) } }@@ -757,22 +769,22 @@ #[derive(Debug, PartialEq, Clone)] #[cfg_attr(feature = "serialize", derive(Serialize))]-pub enum SdpAttributeImageAttrXYRange {+pub enum SdpAttributeImageAttrXyRange { Range(u32, u32, Option<u32>), // min, max, step DiscreteValues(Vec<u32>), }-impl fmt::Display for SdpAttributeImageAttrXYRange {+impl fmt::Display for SdpAttributeImageAttrXyRange { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { match *self {- SdpAttributeImageAttrXYRange::Range(ref min, ref max, ref step_opt) => {+ SdpAttributeImageAttrXyRange::Range(ref min, ref max, ref step_opt) => { write!(f, "[{}:", min)?; if step_opt.is_some() { write!(f, "{}:", step_opt.unwrap())?; } write!(f, "{}]", max) }- SdpAttributeImageAttrXYRange::DiscreteValues(ref values) => {+ SdpAttributeImageAttrXyRange::DiscreteValues(ref values) => { write!(f, "{}", imageattr_discrete_value_list_to_string(values)) } }@@ -813,8 +825,8 @@ #[derive(Debug, PartialEq, Clone)] #[cfg_attr(feature = "serialize", derive(Serialize))] pub struct SdpAttributeImageAttrSet {- pub x: SdpAttributeImageAttrXYRange,- pub y: SdpAttributeImageAttrXYRange,+ pub x: SdpAttributeImageAttrXyRange,+ pub y: SdpAttributeImageAttrXyRange, pub sar: Option<SdpAttributeImageAttrSRange>, pub par: Option<SdpAttributeImageAttrPRange>, pub q: Option<f32>,@@ -1156,8 +1168,8 @@ Duplication, // RFC7104 FlowIdentification, // RFC5576 ForwardErrorCorrection, // RFC5576- ForwardErrorCorrectionFR, // RFC5956- SIM, // not registered with IANA, but used in hangouts+ ForwardErrorCorrectionFr, // RFC5956+ Sim, // not registered with IANA, but used in hangouts } impl fmt::Display for SdpSsrcGroupSemantic {@@ -1166,8 +1178,8 @@ SdpSsrcGroupSemantic::Duplication => "DUP", SdpSsrcGroupSemantic::FlowIdentification => "FID", SdpSsrcGroupSemantic::ForwardErrorCorrection => "FEC",- SdpSsrcGroupSemantic::ForwardErrorCorrectionFR => "FEC-FR",- SdpSsrcGroupSemantic::SIM => "SIM",+ SdpSsrcGroupSemantic::ForwardErrorCorrectionFr => "FEC-FR",+ SdpSsrcGroupSemantic::Sim => "SIM", } .fmt(f) }@@ -1209,6 +1221,7 @@ Rtcp(SdpAttributeRtcp), Rtcpfb(SdpAttributeRtcpFb), RtcpMux,+ RtcpMuxOnly, // RFC8858 RtcpRsize, Sctpmap(SdpAttributeSctpmap), SctpPort(u64),@@ -1240,6 +1253,7 @@ | SdpAttribute::Rtcp(..) | SdpAttribute::Rtcpfb(..) | SdpAttribute::RtcpMux+ | SdpAttribute::RtcpMuxOnly | SdpAttribute::RtcpRsize | SdpAttribute::Sctpmap(..) | SdpAttribute::SctpPort(..)@@ -1303,6 +1317,7 @@ | SdpAttribute::Rtcp(..) | SdpAttribute::Rtcpfb(..) | SdpAttribute::RtcpMux+ | SdpAttribute::RtcpMuxOnly | SdpAttribute::RtcpRsize | SdpAttribute::Sctpmap(..) | SdpAttribute::SctpPort(..)@@ -1329,8 +1344,8 @@ if tokens.len() > 1 { match name.as_str() { "bundle-only" | "end-of-candidates" | "extmap-allow-mixed" | "ice-lite"- | "ice-mismatch" | "inactive" | "recvonly" | "rtcp-mux" | "rtcp-rsize"- | "sendonly" | "sendrecv" => {+ | "ice-mismatch" | "inactive" | "recvonly" | "rtcp-mux" | "rtcp-mux-only"+ | "rtcp-rsize" | "sendonly" | "sendrecv" => { return Err(SdpParserInternalError::Generic(format!( "{} attribute is not allowed to have a value", name@@ -1361,6 +1376,7 @@ "rid" => parse_rid(val), "recvonly" => Ok(SdpAttribute::Recvonly), "rtcp-mux" => Ok(SdpAttribute::RtcpMux),+ "rtcp-mux-only" => Ok(SdpAttribute::RtcpMuxOnly), "rtcp-rsize" => Ok(SdpAttribute::RtcpRsize), "sendonly" => Ok(SdpAttribute::Sendonly), "sendrecv" => Ok(SdpAttribute::Sendrecv),@@ -1426,6 +1442,7 @@ SdpAttribute::Rtcp(ref a) => attr_to_string(a.to_string()), SdpAttribute::Rtcpfb(ref a) => attr_to_string(a.to_string()), SdpAttribute::RtcpMux => SdpAttributeType::RtcpMux.to_string(),+ SdpAttribute::RtcpMuxOnly => SdpAttributeType::RtcpMuxOnly.to_string(), SdpAttribute::RtcpRsize => SdpAttributeType::RtcpRsize.to_string(), SdpAttribute::Sctpmap(ref a) => attr_to_string(a.to_string()), SdpAttribute::SctpPort(ref a) => attr_to_string(a.to_string()),@@ -1492,6 +1509,7 @@ Rtcp, Rtcpfb, RtcpMux,+ RtcpMuxOnly, RtcpRsize, Sctpmap, SctpPort,@@ -1537,6 +1555,7 @@ SdpAttribute::Rtcp { .. } => SdpAttributeType::Rtcp, SdpAttribute::Rtcpfb { .. } => SdpAttributeType::Rtcpfb, SdpAttribute::RtcpMux { .. } => SdpAttributeType::RtcpMux,+ SdpAttribute::RtcpMuxOnly { .. } => SdpAttributeType::RtcpMuxOnly, SdpAttribute::RtcpRsize { .. } => SdpAttributeType::RtcpRsize, SdpAttribute::Rtpmap { .. } => SdpAttributeType::Rtpmap, SdpAttribute::Sctpmap { .. } => SdpAttributeType::Sctpmap,@@ -1586,6 +1605,7 @@ SdpAttributeType::Rtcp => "rtcp", SdpAttributeType::Rtcpfb => "rtcp-fb", SdpAttributeType::RtcpMux => "rtcp-mux",+ SdpAttributeType::RtcpMuxOnly => "rtcp-mux-only", SdpAttributeType::RtcpRsize => "rtcp-rsize", SdpAttributeType::Sctpmap => "sctpmap", SdpAttributeType::SctpPort => "sctp-port",@@ -1644,8 +1664,8 @@ "DUP" => SdpSsrcGroupSemantic::Duplication, "FID" => SdpSsrcGroupSemantic::FlowIdentification, "FEC" => SdpSsrcGroupSemantic::ForwardErrorCorrection,- "FEC-FR" => SdpSsrcGroupSemantic::ForwardErrorCorrectionFR,- "SIM" => SdpSsrcGroupSemantic::SIM,+ "FEC-FR" => SdpSsrcGroupSemantic::ForwardErrorCorrectionFr,+ "SIM" => SdpSsrcGroupSemantic::Sim, unknown => { return Err(SdpParserInternalError::Unsupported(format!( "Unknown ssrc semantic '{:?}' found",@@ -2344,7 +2364,7 @@ fn parse_image_attr_xyrange( to_parse: &str,-) -> Result<SdpAttributeImageAttrXYRange, SdpParserInternalError> {+) -> Result<SdpAttributeImageAttrXyRange, SdpParserInternalError> { if to_parse.starts_with('[') { let value_tokens = parse_imagettr_braced_token(to_parse).ok_or_else(|| { SdpParserInternalError::Generic(@@ -2357,13 +2377,13 @@ let range_tokens: Vec<&str> = value_tokens.split(':').collect(); if range_tokens.len() == 3 {- Ok(SdpAttributeImageAttrXYRange::Range(+ Ok(SdpAttributeImageAttrXyRange::Range( range_tokens[0].parse::<u32>()?, range_tokens[2].parse::<u32>()?, Some(range_tokens[1].parse::<u32>()?), )) } else if range_tokens.len() == 2 {- Ok(SdpAttributeImageAttrXYRange::Range(+ Ok(SdpAttributeImageAttrXyRange::Range( range_tokens[0].parse::<u32>()?, range_tokens[1].parse::<u32>()?, None,@@ -2386,10 +2406,10 @@ )); }- Ok(SdpAttributeImageAttrXYRange::DiscreteValues(values))+ Ok(SdpAttributeImageAttrXyRange::DiscreteValues(values)) } } else {- Ok(SdpAttributeImageAttrXYRange::DiscreteValues(vec![+ Ok(SdpAttributeImageAttrXyRange::DiscreteValues(vec![ to_parse.parse::<u32>()? ])) }@@ -2522,13 +2542,9 @@ I: Iterator<Item = String> + Clone, { let parse_set = |set_token: &str| -> Result<SdpAttributeImageAttrSet, SdpParserInternalError> {- Ok(parse_image_attr_set(- parse_imagettr_braced_token(set_token).ok_or_else(|| {- SdpParserInternalError::Generic(- "imageattr sets must be enclosed by ']'".to_string(),- )- })?,- )?)+ parse_image_attr_set(parse_imagettr_braced_token(set_token).ok_or_else(|| {+ SdpParserInternalError::Generic("imageattr sets must be enclosed by ']'".to_string())+ })?) }; match tokens@@ -2698,10 +2714,7 @@ } Some(x) => x.to_string(), };- let appdata = match tokens.next() {- None => None,- Some(x) => Some(x.to_string()),- };+ let appdata = tokens.next().map(|x| x.to_string()); Ok(SdpAttribute::Msid(SdpAttributeMsid { id, appdata })) }@@ -3015,7 +3028,7 @@ "nack" => SdpAttributeRtcpFbType::Nack, "trr-int" => SdpAttributeRtcpFbType::TrrInt, "goog-remb" => SdpAttributeRtcpFbType::Remb,- "transport-cc" => SdpAttributeRtcpFbType::TransCC,+ "transport-cc" => SdpAttributeRtcpFbType::TransCc, _ => { return Err(SdpParserInternalError::Unsupported(format!( "Unknown rtcpfb feedback type: {:?}",@@ -3088,7 +3101,7 @@ )); } },- SdpAttributeRtcpFbType::Remb | SdpAttributeRtcpFbType::TransCC => match tokens.get(2) {+ SdpAttributeRtcpFbType::Remb | SdpAttributeRtcpFbType::TransCc => match tokens.get(2) { Some(x) => { return Err(SdpParserInternalError::Unsupported(format!( "Unknown rtcpfb {} parameter: {:?}",@@ -3298,1116 +3311,5 @@ } #[cfg(test)]-mod tests {- extern crate url;- use super::*;- use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};-- macro_rules! make_check_parse {- ($attr_type:ty, $attr_kind:path) => {- |attr_str: &str| -> $attr_type {- match parse_attribute(attr_str) {- Ok(SdpType::Attribute($attr_kind(attr))) => attr,- Err(e) => panic!(e),- _ => unreachable!(),- }- }- };-- ($attr_kind:path) => {- |attr_str: &str| -> SdpAttribute {- match parse_attribute(attr_str) {- Ok(SdpType::Attribute($attr_kind)) => $attr_kind,- Err(e) => panic!(e),- _ => unreachable!(),- }- }- };- }-- macro_rules! make_check_parse_and_serialize {- ($check_parse_func:ident, $attr_kind:path) => {- |attr_str: &str| {- let parsed = $attr_kind($check_parse_func(attr_str));- assert_eq!(parsed.to_string(), attr_str.to_string());- }- };-- ($check_parse_func:ident) => {- |attr_str: &str| {- let parsed = $check_parse_func(attr_str);- assert_eq!(parsed.to_string(), attr_str.to_string());- }- };- }-- #[test]- fn test_parse_attribute_candidate_and_serialize() {- let check_parse = make_check_parse!(SdpAttributeCandidate, SdpAttribute::Candidate);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::Candidate);-- check_parse_and_serialize("candidate:0 1 UDP 2122252543 172.16.156.106 49760 typ host");- check_parse_and_serialize("candidate:foo 1 UDP 2122252543 172.16.156.106 49760 typ host");- check_parse_and_serialize("candidate:0 1 TCP 2122252543 172.16.156.106 49760 typ host");- check_parse_and_serialize("candidate:0 1 TCP 2122252543 ::1 49760 typ host");- check_parse_and_serialize(- "candidate:0 1 TCP 2122252543 2001:db8:4860::4444 49760 typ host",- );- check_parse_and_serialize("candidate:0 1 UDP 2122252543 172.16.156.106 49760 typ srflx");- check_parse_and_serialize("candidate:0 1 UDP 2122252543 172.16.156.106 49760 typ prflx");- check_parse_and_serialize("candidate:0 1 UDP 2122252543 172.16.156.106 49760 typ relay");- check_parse_and_serialize(- "candidate:0 1 TCP 2122252543 172.16.156.106 49760 typ host tcptype active",- );- check_parse_and_serialize(- "candidate:0 1 TCP 2122252543 172.16.156.106 49760 typ host tcptype passive",- );- check_parse_and_serialize(- "candidate:0 1 TCP 2122252543 172.16.156.106 49760 typ host tcptype so",- );- check_parse_and_serialize(- "candidate:0 1 TCP 2122252543 172.16.156.106 49760 typ host ufrag foobar",- );- check_parse_and_serialize(- "candidate:0 1 TCP 2122252543 172.16.156.106 49760 typ host network-cost 50",- );- check_parse_and_serialize("candidate:1 1 UDP 1685987071 24.23.204.141 54609 typ srflx raddr 192.168.1.4 rport 61665 generation 0");- check_parse_and_serialize(- "candidate:1 1 UDP 1685987071 24.23.204.141 54609 typ srflx raddr 192.168.1.4 rport 61665",- );- check_parse_and_serialize("candidate:1 1 TCP 1685987071 24.23.204.141 54609 typ srflx raddr 192.168.1.4 rport 61665 tcptype passive");- check_parse_and_serialize("candidate:1 1 TCP 1685987071 24.23.204.141 54609 typ srflx raddr 192.168.1.4 rport 61665 tcptype passive generation 1");- check_parse_and_serialize("candidate:1 1 TCP 1685987071 24.23.204.141 54609 typ srflx raddr 192.168.1.4 rport 61665 tcptype passive generation 1 ufrag +DGd");- check_parse_and_serialize("candidate:1 1 TCP 1685987071 24.23.204.141 54609 typ srflx raddr 192.168.1.4 rport 61665 tcptype passive generation 1 ufrag +DGd network-cost 1");- check_parse_and_serialize(- "candidate:0 1 TCP 2122252543 172.16.156.106 49760 typ host unsupported foo",- );- check_parse_and_serialize("candidate:0 1 TCP 2122252543 172.16.156.106 49760 typ host unsupported foo more_unsupported bar");-- let candidate = check_parse("candidate:1 1 TCP 1685987071 24.23.204.141 54609 typ srflx raddr 192.168.1.4 rport 61665 tcptype passive generation 1 ufrag +DGd network-cost 1 unsupported foo");- assert_eq!(candidate.foundation, "1".to_string());- assert_eq!(candidate.component, 1);- assert_eq!(candidate.transport, SdpAttributeCandidateTransport::Tcp);- assert_eq!(candidate.priority, 1_685_987_071);- assert_eq!(- candidate.address,- Address::from_str("24.23.204.141").unwrap()- );- assert_eq!(candidate.port, 54609);- assert_eq!(candidate.c_type, SdpAttributeCandidateType::Srflx);- assert_eq!(- candidate.raddr,- Some(Address::from_str("192.168.1.4").unwrap())- );- assert_eq!(candidate.rport, Some(61665));- assert_eq!(- candidate.tcp_type,- Some(SdpAttributeCandidateTcpType::Passive)- );- assert_eq!(candidate.generation, Some(1));- assert_eq!(candidate.ufrag, Some("+DGd".to_string()));- assert_eq!(candidate.networkcost, Some(1));- assert_eq!(- candidate.unknown_extensions,- vec![("unsupported".to_string(), "foo".to_string())]- )- }-- #[test]- fn test_anonymize_attribute_candidate() -> Result<(), SdpParserInternalError> {- let mut anon = StatefulSdpAnonymizer::new();- let candidate_1 = parse_attribute("candidate:0 1 TCP 2122252543 ::8 49760 typ host")?;- let candidate_2 =- parse_attribute("candidate:0 1 UDP 2122252543 172.16.156.106 19361 typ srflx")?;- let candidate_3 = parse_attribute("candidate:1 1 TCP 1685987071 24.23.204.141 54609 typ srflx raddr 192.168.1.4 rport 61665 tcptype passive generation 1 ufrag +DGd")?;- if let SdpType::Attribute(SdpAttribute::Candidate(candidate)) = candidate_1 {- let masked = candidate.masked_clone(&mut anon);- assert!(masked.address == Address::Ip(IpAddr::V6(Ipv6Addr::from(1))));- assert!(masked.port == 1);- } else {- unreachable!();- }-- if let SdpType::Attribute(SdpAttribute::Candidate(candidate)) = candidate_2 {- let masked = candidate.masked_clone(&mut anon);- assert!(masked.address == Address::Ip(IpAddr::V4(Ipv4Addr::from(1))));- assert!(masked.port == 2);- } else {- unreachable!();- }-- if let SdpType::Attribute(SdpAttribute::Candidate(candidate)) = candidate_3 {- let masked = candidate.masked_clone(&mut anon);- assert!(masked.address == Address::Ip(IpAddr::V4(Ipv4Addr::from(2))));- assert!(masked.port == 3);- assert!(masked.raddr.unwrap() == Address::Ip(IpAddr::V4(Ipv4Addr::from(3))));- assert!(masked.rport.unwrap() == 4);- } else {- unreachable!();- }- Ok(())- }-- #[test]- fn test_parse_attribute_candidate_errors() {- assert!(parse_attribute("candidate:0 1 UDP 2122252543 172.16.156.106 49760 typ").is_err());- assert!(- parse_attribute("candidate:0 foo UDP 2122252543 172.16.156.106 49760 typ host")- .is_err()- );- assert!(- parse_attribute("candidate:0 1 FOO 2122252543 172.16.156.106 49760 typ host").is_err()- );- assert!(parse_attribute("candidate:0 1 UDP foo 172.16.156.106 49760 typ host").is_err());- assert!(parse_attribute("candidate:0 1 UDP 2122252543 372.16.356 49760 typ host").is_err());- assert!(- parse_attribute("candidate:0 1 UDP 2122252543 172.16.156.106 70000 typ host").is_err()- );- assert!(- parse_attribute("candidate:0 1 UDP 2122252543 172.16.156.106 49760 type host").is_err()- );- assert!(- parse_attribute("candidate:0 1 UDP 2122252543 172.16.156.106 49760 typ fost").is_err()- );- assert!(parse_attribute(- "candidate:0 1 TCP 2122252543 172.16.156.106 49760 typ host unsupported"- )- .is_err());- assert!(parse_attribute(- "candidate:0 1 TCP 2122252543 172.16.156.106 49760 typ host network-cost"- )- .is_err());- assert!(parse_attribute("candidate:1 1 UDP 1685987071 24.23.204.141 54609 typ srflx raddr 192.168.1.4 rport 61665 generation B").is_err());- assert!(parse_attribute(- "candidate:0 1 TCP 2122252543 172.16.156.106 49760 typ host network-cost C"- )- .is_err());- assert!(parse_attribute(- "candidate:1 1 UDP 1685987071 24.23.204.141 54609 typ srflx raddr 1%92.168.1 rport 61665"- )- .is_err());- assert!(parse_attribute(- "candidate:0 1 TCP 2122252543 172.16.156.106 49760 typ host tcptype foobar"- )- .is_err());- assert!(parse_attribute(- "candidate:1 1 UDP 1685987071 24.23.204.141 54609 typ srflx raddr 192.168.1.4 rport 70000"- )- .is_err());- }-- #[test]- fn test_parse_dtls_message() {- let check_parse = make_check_parse!(SdpAttributeDtlsMessage, SdpAttribute::DtlsMessage);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::DtlsMessage);-- check_parse_and_serialize("dtls-message:client SGVsbG8gV29ybGQ=");- check_parse_and_serialize("dtls-message:server SGVsbG8gV29ybGQ=");- check_parse_and_serialize("dtls-message:client IGlzdCBl/W4gUeiBtaXQg+JSB1bmQCAkJJkSNEQ=");- check_parse_and_serialize("dtls-message:server IGlzdCBl/W4gUeiBtaXQg+JSB1bmQCAkJJkSNEQ=");-- match check_parse("dtls-message:client SGVsbG8gV29ybGQ=") {- SdpAttributeDtlsMessage::Client(x) => {- assert_eq!(x, "SGVsbG8gV29ybGQ=");- }- _ => {- unreachable!();- }- }-- match check_parse("dtls-message:server SGVsbG8gV29ybGQ=") {- SdpAttributeDtlsMessage::Server(x) => {- assert_eq!(x, "SGVsbG8gV29ybGQ=");- }- _ => {- unreachable!();- }- }-- assert!(parse_attribute("dtls-message:client").is_err());- assert!(parse_attribute("dtls-message:server").is_err());- assert!(parse_attribute("dtls-message:unsupported SGVsbG8gV29ybGQ=").is_err());- }-- #[test]- fn test_parse_attribute_end_of_candidates() {- let check_parse = make_check_parse!(SdpAttribute::EndOfCandidates);- let check_parse_and_serialize = make_check_parse_and_serialize!(check_parse);-- check_parse_and_serialize("end-of-candidates");- assert!(parse_attribute("end-of-candidates foobar").is_err());- }-- #[test]- fn test_parse_attribute_extmap() {- let check_parse = make_check_parse!(SdpAttributeExtmap, SdpAttribute::Extmap);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::Extmap);-- check_parse_and_serialize("extmap:1/sendonly urn:ietf:params:rtp-hdrext:ssrc-audio-level");- check_parse_and_serialize("extmap:2/sendrecv urn:ietf:params:rtp-hdrext:ssrc-audio-level");- check_parse_and_serialize(- "extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time",- );- check_parse_and_serialize(- "extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time ext_attributes",- );-- assert!(parse_attribute("extmap:1/sendrecv").is_err());- assert!(- parse_attribute("extmap:a/sendrecv urn:ietf:params:rtp-hdrext:ssrc-audio-level")- .is_err()- );- assert!(parse_attribute(- "extmap:4/unsupported urn:ietf:params:rtp-hdrext:ssrc-audio-level"- )- .is_err());-- let mut bad_char =- String::from("extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time ");- bad_char.push(0x00 as char);- assert!(parse_attribute(&bad_char).is_err());- }-- #[test]- fn test_parse_attribute_fingerprint() {- let check_parse = make_check_parse!(SdpAttributeFingerprint, SdpAttribute::Fingerprint);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::Fingerprint);-- check_parse_and_serialize(- "fingerprint:sha-1 CD:34:D1:62:16:95:7B:B7:EB:74:E2:39:27:97:EB:0B:23:73:AC:BC",- );- check_parse_and_serialize(- "fingerprint:sha-224 CD:34:D1:62:16:95:7B:B7:EB:74:E2:39:27:97:EB:0B:23:73:AC:BC:\- 27:97:EB:0B:23:73:AC:BC",- );- check_parse_and_serialize(- "fingerprint:sha-256 CD:34:D1:62:16:95:7B:B7:EB:74:E2:39:27:97:EB:0B:23:73:AC:BC:\- 27:97:EB:0B:23:73:AC:BC:CD:34:D1:62",- );- check_parse_and_serialize(- "fingerprint:sha-384 CD:34:D1:62:16:95:7B:B7:EB:74:E2:39:27:97:EB:0B:23:73:AC:BC:\- 27:97:EB:0B:23:73:AC:BC:CD:34:D1:62:16:95:7B:B7:EB:74:E2:39:\- 27:97:EB:0B:23:73:AC:BC",- );- check_parse_and_serialize(- "fingerprint:sha-512 CD:34:D1:62:16:95:7B:B7:EB:74:E2:39:27:97:EB:0B:23:73:AC:BC:\- 97:EB:0B:23:73:AC:BC:CD:34:D1:62:16:95:7B:B7:EB:74:E2:39:27:\- EB:0B:23:73:AC:BC:27:97:EB:0B:23:73:AC:BC:27:97:EB:0B:23:73:\- BC:EB:0B:23",- );-- assert!(parse_attribute("fingerprint:sha-1").is_err());- assert!(parse_attribute(- "fingerprint:unsupported CD:34:D1:62:16:95:7B:B7:EB:74:E1:39:27:97:EB:0B:23:73:AC:BC"- )- .is_err());- assert!(parse_attribute(- "fingerprint:sha-1 CDA:34:D1:62:16:95:7B:B7:EB:74:E1:39:27:97:EB:0B:23:73:AC:BC"- )- .is_err());- assert!(parse_attribute(- "fingerprint:sha-1 CD:34:D1:62:16:95:7B:B7:EB:74:E1:39:27:97:EB:0B:23:73:AC:"- )- .is_err());- assert!(parse_attribute(- "fingerprint:sha-1 CD:34:D1:62:16:95:7B:B7:EB:74:E1:39:27:97:EB:0B:23:73:AC"- )- .is_err());- assert!(parse_attribute(- "fingerprint:sha-1 CX:34:D1:62:16:95:7B:B7:EB:74:E1:39:27:97:EB:0B:23:73:AC:BC"- )- .is_err());-- assert!(parse_attribute(- "fingerprint:sha-1 0xCD:34:D1:62:16:95:7B:B7:EB:74:E2:39:27:97:EB:0B:23:73:AC:BC"- )- .is_err());- assert!(parse_attribute(- "fingerprint:sha-1 CD:0x34:D1:62:16:95:7B:B7:EB:74:E2:39:27:97:EB:0B:23:73:AC:BC"- )- .is_err());- assert!(parse_attribute(- "fingerprint:sha-1 CD::D1:62:16:95:7B:B7:EB:74:E2:39:27:97:EB:0B:23:73:AC:BC"- )- .is_err());- assert!(parse_attribute(- "fingerprint:sha-1 CD:0000A:D1:62:16:95:7B:B7:EB:74:E2:39:27:97:EB:0B:23:73:AC:BC"- )- .is_err());- assert!(parse_attribute(- "fingerprint:sha-1 CD:B:D1:62:16:95:7B:B7:EB:74:E2:39:27:97:EB:0B:23:73:AC:BC"- )- .is_err());- }-- #[test]- fn test_parse_attribute_fmtp() {- let check_parse = make_check_parse!(SdpAttributeFmtp, SdpAttribute::Fmtp);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::Fmtp);-- check_parse_and_serialize("fmtp:109 maxplaybackrate=46000;stereo=1;useinbandfec=1");- check_parse_and_serialize(- "fmtp:126 profile-level-id=42e01f;level-asymmetry-allowed=1;packetization-mode=1",- );- check_parse_and_serialize("fmtp:66 0-15");- check_parse_and_serialize("fmtp:109 0-15,66");- check_parse_and_serialize("fmtp:66 111/115");- assert!(parse_attribute("fmtp:109 maxplaybackrate=48000;stereo=1;useinbandfec=1").is_ok());- assert!(- parse_attribute("fmtp:109 maxplaybackrate=48000; stereo=1; useinbandfec=1").is_ok()- );- assert!(parse_attribute("fmtp:109 maxplaybackrate=48000; stereo=1;useinbandfec=1").is_ok());- check_parse_and_serialize("fmtp:8 maxplaybackrate=46000");- check_parse_and_serialize("fmtp:8 maxaveragebitrate=46000");- check_parse_and_serialize(- "fmtp:8 maxaveragebitrate=46000;ptime=60;minptime=20;maxptime=120",- );- check_parse_and_serialize(- "fmtp:8 max-cpb=1234;max-dpb=32000;max-br=3;max-mbps=46000;usedtx=1;cbr=1",- );- assert!(parse_attribute("fmtp:77 ").is_err());- assert!(parse_attribute("fmtp:109 stereo=2;").is_err());- assert!(parse_attribute("fmtp:109 111/129;").is_err());- assert!(parse_attribute("fmtp:109 packetization-mode=3;").is_err());- assert!(parse_attribute("fmtp:109 maxplaybackrate=48000stereo=1;").is_err());- assert!(parse_attribute("fmtp:8 ;maxplaybackrate=48000").is_ok());- assert!(parse_attribute("fmtp:8 packetization-mode=2;;maxplaybackrate=48000").is_ok());- assert!(parse_attribute("fmtp:8 packetization-mode=2; maxplaybackrate=48000").is_ok());- assert!(parse_attribute("fmtp:8 maxplaybackrate=48000;").is_ok());- assert!(- parse_attribute("fmtp:8 x-google-start-bitrate=800; maxplaybackrate=48000;").is_ok()- );- check_parse_and_serialize("fmtp:97 apt=96");- check_parse_and_serialize("fmtp:97 apt=96;rtx-time=3000");- }-- #[test]- fn test_anonymize_attribute_fingerprint() -> Result<(), SdpParserInternalError> {- let mut anon = StatefulSdpAnonymizer::new();- if let SdpType::Attribute(SdpAttribute::Fingerprint(print)) = parse_attribute(- "fingerprint:sha-1 CD:34:D1:62:16:95:7B:B7:EB:74:E2:39:27:97:EB:0B:23:73:AC:BC",- )? {- assert!(print.masked_clone(&mut anon).to_string() == "sha-1 00:00:00:00:00:00:00:01");- } else {- unreachable!();- }- Ok(())- }-- #[test]- fn test_parse_attribute_group() {- let check_parse = make_check_parse!(SdpAttributeGroup, SdpAttribute::Group);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::Group);-- check_parse_and_serialize("group:LS");- check_parse_and_serialize("group:LS 1 2");- check_parse_and_serialize("group:FID 1 2");- check_parse_and_serialize("group:SRF 1 2");- check_parse_and_serialize("group:FEC S1 R1");- check_parse_and_serialize("group:ANAT S1 R1");- check_parse_and_serialize("group:DDP L1 L2 L3");- check_parse_and_serialize("group:BUNDLE sdparta_0 sdparta_1 sdparta_2");-- assert!(parse_attribute("group:").is_err());- assert!(matches!(- parse_attribute("group:NEVER_SUPPORTED_SEMANTICS"),- Err(SdpParserInternalError::Unsupported(_))- ));- }-- #[test]- fn test_parse_attribute_bundle_only() {- let check_parse = make_check_parse!(SdpAttribute::BundleOnly);- let check_parse_and_serialize = make_check_parse_and_serialize!(check_parse);-- check_parse_and_serialize("bundle-only");-- assert!(parse_attribute("bundle-only foobar").is_err());- }-- #[test]- fn test_parse_attribute_ice_lite() {- let check_parse = make_check_parse!(SdpAttribute::IceLite);- let check_parse_and_serialize = make_check_parse_and_serialize!(check_parse);-- check_parse_and_serialize("ice-lite");-- assert!(parse_attribute("ice-lite foobar").is_err());- }-- #[test]- fn test_parse_attribute_extmap_allow_mixed() {- let check_parse = make_check_parse!(SdpAttribute::ExtmapAllowMixed);- let check_parse_and_serialize = make_check_parse_and_serialize!(check_parse);-- check_parse_and_serialize("extmap-allow-mixed");-- assert!(parse_attribute("extmap-allow-mixed 100").is_err());- }-- #[test]- fn test_parse_attribute_ice_mismatch() {- let check_parse = make_check_parse!(SdpAttribute::IceMismatch);- let check_parse_and_serialize = make_check_parse_and_serialize!(check_parse);-- check_parse_and_serialize("ice-mismatch");-- assert!(parse_attribute("ice-mismatch foobar").is_err());- }-- #[test]- fn test_parse_attribute_ice_options() {- let check_parse = make_check_parse!(Vec<String>, SdpAttribute::IceOptions);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::IceOptions);-- check_parse_and_serialize("ice-options:trickle");-- assert!(parse_attribute("ice-options:").is_err());- }-- #[test]- fn test_parse_attribute_ice_pacing() {- let check_parse = make_check_parse!(u64, SdpAttribute::IcePacing);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::IcePacing);-- check_parse_and_serialize("ice-pacing:50");-- assert!(parse_attribute("ice-pacing:").is_err());- assert!(parse_attribute("ice-pacing:10000000000").is_err());- assert!(parse_attribute("ice-pacing:50 100").is_err());- assert!(parse_attribute("ice-pacing:foobar").is_err());- }-- #[test]- fn test_parse_attribute_ice_pwd() {- let check_parse = make_check_parse!(String, SdpAttribute::IcePwd);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::IcePwd);-- check_parse_and_serialize("ice-pwd:e3baa26dd2fa5030d881d385f1e36cce");-- assert!(parse_attribute("ice-pwd:").is_err());- }-- #[test]- fn test_parse_attribute_ice_ufrag() {- let check_parse = make_check_parse!(String, SdpAttribute::IceUfrag);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::IceUfrag);-- check_parse_and_serialize("ice-ufrag:58b99ead");-- assert!(parse_attribute("ice-ufrag:").is_err());- }-- #[test]- fn test_parse_attribute_identity() {- let check_parse = make_check_parse!(String, SdpAttribute::Identity);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::Identity);-- check_parse_and_serialize("identity:eyJpZHAiOnsiZG9tYWluIjoiZXhhbXBsZS5vcmciLCJwcm90b2NvbCI6ImJvZ3VzIn0sImFzc2VydGlvbiI6IntcImlkZW50aXR5XCI6XCJib2JAZXhhbXBsZS5vcmdcIixcImNvbnRlbnRzXCI6XCJhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3l6XCIsXCJzaWduYXR1cmVcIjpcIjAxMDIwMzA0MDUwNlwifSJ9");-- assert!(parse_attribute("identity:").is_err());- }-- #[test]- fn test_parse_attribute_imageattr() {- let check_parse = make_check_parse!(SdpAttributeImageAttr, SdpAttribute::ImageAttr);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::ImageAttr);-- check_parse_and_serialize("imageattr:120 send * recv *");- check_parse_and_serialize("imageattr:99 send [x=320,y=240] recv [x=320,y=240]");- check_parse_and_serialize(- "imageattr:97 send [x=800,y=640,sar=1.1,q=0.6] [x=480,y=320] recv [x=330,y=250]",- );- check_parse_and_serialize("imageattr:97 send [x=[480:16:800],y=[320:16:640],par=[1.2-1.3],q=0.6] [x=[176:8:208],y=[144:8:176],par=[1.2-1.3]] recv *");- assert!(- parse_attribute("imageattr:97 recv [x=800,y=640,sar=1.1] send [x=330,y=250]").is_ok()- );-- check_parse_and_serialize("imageattr:99 send [x=320,y=240]");- assert!(parse_attribute("imageattr:100 recv [x=320,y=240]").is_ok());- assert!(parse_attribute("imageattr:97 recv [x=800,y=640,sar=1.1,foo=[123,456],q=0.5] send [x=330,y=250,bar=foo,sar=[20-40]]").is_ok());- assert!(parse_attribute("imageattr:97 recv [x=800,y=640,sar=1.1,foo=abc xyz,q=0.5] send [x=330,y=250,bar=foo,sar=[20-40]]").is_ok());-- assert!(parse_attribute("imageattr:").is_err());- assert!(parse_attribute("imageattr:100").is_err());- assert!(parse_attribute("imageattr:120 send * recv * send *").is_err());- assert!(parse_attribute("imageattr:99 send [x=320]").is_err());- assert!(parse_attribute("imageattr:99 recv [y=240]").is_err());- assert!(parse_attribute("imageattr:99 send [x=320,y=240").is_err());- assert!(parse_attribute("imageattr:99 send x=320,y=240]").is_err());- assert!(- parse_attribute("imageattr:97 send [x=800,y=640,sar=1.1] send [x=330,y=250]").is_err()- );- }-- #[test]- fn test_parse_attribute_imageattr_recv_and_verify() {- let check_parse = make_check_parse!(SdpAttributeImageAttr, SdpAttribute::ImageAttr);-- let imageattr = check_parse(- "imageattr:* recv [x=800,y=[50,80,30],sar=1.1] send [x=330,y=250,sar=[1.1,1.3,1.9],q=0.1]",- );- assert_eq!(imageattr.pt, SdpAttributePayloadType::Wildcard);- match imageattr.recv {- SdpAttributeImageAttrSetList::Sets(sets) => {- assert_eq!(sets.len(), 1);-- let set = &sets[0];- assert_eq!(- set.x,- SdpAttributeImageAttrXYRange::DiscreteValues(vec![800])- );- assert_eq!(- set.y,- SdpAttributeImageAttrXYRange::DiscreteValues(vec![50, 80, 30])- );- assert_eq!(set.par, None);- assert_eq!(- set.sar,- Some(SdpAttributeImageAttrSRange::DiscreteValues(vec![1.1]))- );- assert_eq!(set.q, None);- }- _ => {- unreachable!();- }- }- match imageattr.send {- SdpAttributeImageAttrSetList::Sets(sets) => {- assert_eq!(sets.len(), 1);-- let set = &sets[0];- assert_eq!(- set.x,- SdpAttributeImageAttrXYRange::DiscreteValues(vec![330])- );- assert_eq!(- set.y,- SdpAttributeImageAttrXYRange::DiscreteValues(vec![250])- );- assert_eq!(set.par, None);- assert_eq!(- set.sar,- Some(SdpAttributeImageAttrSRange::DiscreteValues(vec![- 1.1, 1.3, 1.9,- ]))- );- assert_eq!(set.q, Some(0.1));- }- _ => {- unreachable!();- }- }- }-- #[test]- fn test_parse_attribute_imageattr_send_and_verify() {- let check_parse = make_check_parse!(SdpAttributeImageAttr, SdpAttribute::ImageAttr);-- let imageattr = check_parse(- "imageattr:97 send [x=[480:16:800],y=[100,200,300],par=[1.2-1.3],q=0.6] [x=1080,y=[144:176],sar=[0.5-0.7]] recv *"- );- assert_eq!(imageattr.pt, SdpAttributePayloadType::PayloadType(97));- match imageattr.send {- SdpAttributeImageAttrSetList::Sets(sets) => {- assert_eq!(sets.len(), 2);-- let first_set = &sets[0];- assert_eq!(- first_set.x,- SdpAttributeImageAttrXYRange::Range(480, 800, Some(16))- );- assert_eq!(- first_set.y,- SdpAttributeImageAttrXYRange::DiscreteValues(vec![100, 200, 300])- );- assert_eq!(- first_set.par,- Some(SdpAttributeImageAttrPRange { min: 1.2, max: 1.3 })- );- assert_eq!(first_set.sar, None);- assert_eq!(first_set.q, Some(0.6));-- let second_set = &sets[1];- assert_eq!(- second_set.x,- SdpAttributeImageAttrXYRange::DiscreteValues(vec![1080])- );- assert_eq!(- second_set.y,- SdpAttributeImageAttrXYRange::Range(144, 176, None)- );- assert_eq!(second_set.par, None);- assert_eq!(- second_set.sar,- Some(SdpAttributeImageAttrSRange::Range(0.5, 0.7))- );- assert_eq!(second_set.q, None);- }- _ => {- unreachable!();- }- }- assert_eq!(imageattr.recv, SdpAttributeImageAttrSetList::Wildcard);- }-- #[test]- fn test_parse_attribute_inactive() {- let check_parse = make_check_parse!(SdpAttribute::Inactive);- let check_parse_and_serialize = make_check_parse_and_serialize!(check_parse);-- check_parse_and_serialize("inactive");- assert!(parse_attribute("inactive foobar").is_err());- }-- #[test]- fn test_parse_attribute_label() {- let check_parse = make_check_parse!(String, SdpAttribute::Label);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::Label);-- check_parse_and_serialize("label:1");- check_parse_and_serialize("label:foobar");- check_parse_and_serialize("label:foobar barfoo");-- assert!(parse_attribute("label:").is_err());- }-- #[test]- fn test_parse_attribute_maxptime() {- let check_parse = make_check_parse!(u64, SdpAttribute::MaxPtime);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::MaxPtime);-- check_parse_and_serialize("maxptime:60");-- assert!(parse_attribute("maxptime:").is_err());- assert!(parse_attribute("maxptime:60 100").is_err());- assert!(parse_attribute("maxptime:foobar").is_err());- }-- #[test]- fn test_parse_attribute_mid() {- let check_parse = make_check_parse!(String, SdpAttribute::Mid);- let check_parse_and_serialize =- make_check_parse_and_serialize!(check_parse, SdpAttribute::Mid);-- check_parse_and_serialize("mid:sdparta_0");- check_parse_and_serialize("mid:sdparta_0 sdparta_1 sdparta_2");-- assert!(parse_attribute("mid:").is_err());
Based on the provided code diff, I'll analyze it for security fixes following the required format: Vulnerability Existed: no Code Style Consistency Fix [File] [Lines 470-481, 1156-1178, 1209-1241, 1243-1376, 1378-1424, 1426-1490, 1492-1585, 1587-1646, 2344-2366, 2522-2525, 2698-2701, 3015-3028, 3088-3091] [Old Code] Various enum variants using mixed case (e.g. TransCC, ForwardErrorCorrectionFR, SIM) [Fixed Code] Consistent enum variant naming using camel case (e.g. TransCc, ForwardErrorCorrectionFr, Sim) Vulnerability Existed: no Code Improvement [File] [Lines 621-666] [Old Code] Complex string formatting with multiple concatenated parts [Fixed Code] Simplified string formatting logic with better handling of different parameter cases Vulnerability Existed: no Feature Addition [File] [Lines 1209-1241, 1243-1376, 1378-1424, 1426-1490, 1492-1585, 1587-1646] [Old Code] Missing RtcpMuxOnly attribute support [Fixed Code] Added support for RtcpMuxOnly attribute per RFC8858 Vulnerability Existed: no Code Cleanup [File] [Lines 757-790, 813-835] [Old Code] SdpAttributeImageAttrXYRange enum name [Fixed Code] Renamed to SdpAttributeImageAttrXyRange for consistency The changes appear to be primarily: 1. Code style improvements (enum naming consistency) 2. Feature additions (new SDP attributes) 3. Code structure improvements 4. Better string handling No security vulnerabilities were identified in these changes. The modifications are focused on code quality, consistency, and adding new functionality rather than fixing security issues.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/devtools/server/actors/target-configuration.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/devtools/server/actors/target-configuration.js@@ -12,6 +12,9 @@ const { SessionDataHelpers, } = require("devtools/server/actors/watcher/SessionDataHelpers.jsm");+const {+ isBrowsingContextPartOfContext,+} = require("devtools/server/actors/watcher/browsing-context-helpers.jsm"); const { SUPPORTED_DATA } = SessionDataHelpers; const { TARGET_CONFIGURATION } = SUPPORTED_DATA; const Services = require("Services");@@ -100,7 +103,9 @@ */ _shouldHandleConfigurationInParentProcess() { // Only handle parent process configuration if the watcherActor is tied to a- // browser element (i.e. we're *not* in the Browser Toolbox)+ // browser element.+ // For now, the Browser Toolbox and Web Extension are having a unique target+ // which applies the configuration by itself on new documents. return this.watcherActor.sessionContext.type == "browser-element"; },@@ -120,11 +125,16 @@ return; }- // If the watcher is bound to one browser element (i.e. a tab), ignore- // updates related to other browser elements+ // Only process BrowsingContexts which are related to the debugged scope.+ // As this callback fires very early, the BrowsingContext may not have+ // any WindowGlobal yet and so we ignore all checks dones against the WindowGlobal+ // if there is none. Meaning we might accept more BrowsingContext than expected. if (- this.watcherActor.sessionContext.type == "browser-element" &&- browsingContext.browserId != this.watcherActor.sessionContext.browserId+ !isBrowsingContextPartOfContext(+ browsingContext,+ this.watcherActor.sessionContext,+ { acceptNoWindowGlobal: true, forceAcceptTopLevelTarget: true }+ ) ) { return; }
Here's the analysis of the provided code diff for security fixes:
1. Vulnerability Existed: yes
Cross-Origin Security Check Bypass [devtools/server/actors/target-configuration.js] [Lines 120-126]
[Old Code]
```javascript
if (
this.watcherActor.sessionContext.type == "browser-element" &&
browsingContext.browserId != this.watcherActor.sessionContext.browserId
) {
return;
}
```
[Fixed Code]
```javascript
if (
!isBrowsingContextPartOfContext(
browsingContext,
this.watcherActor.sessionContext,
{ acceptNoWindowGlobal: true, forceAcceptTopLevelTarget: true }
)
) {
return;
}
```
Additional Details: The fix replaces a simple browserId comparison with a more robust security check using `isBrowsingContextPartOfContext`. The old code could potentially allow cross-origin security issues by only checking browserId, while the new code properly verifies the browsing context relationship.
2. Vulnerability Existed: not sure
Potential Logic Flaw in Parent Process Handling [devtools/server/actors/target-configuration.js] [Lines 100-104]
[Old Code]
```javascript
// Only handle parent process configuration if the watcherActor is tied to a
// browser element (i.e. we're *not* in the Browser Toolbox)
return this.watcherActor.sessionContext.type == "browser-element";
```
[Fixed Code]
```javascript
// Only handle parent process configuration if the watcherActor is tied to a
// browser element.
// For now, the Browser Toolbox and Web Extension are having a unique target
// which applies the configuration by itself on new documents.
return this.watcherActor.sessionContext.type == "browser-element";
```
Additional Details: The comment was expanded to clarify behavior for Browser Toolbox and Web Extension cases, but it's unclear if this was fixing a security issue or just improving documentation. The actual logic remains the same.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/netwerk/sctp/datachannel/DataChannel.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/netwerk/sctp/datachannel/DataChannel.cpp@@ -101,22 +101,33 @@ static uintptr_t Register(DataChannelConnection* aConnection) { StaticMutexAutoLock lock(sInstanceMutex);- if (NS_WARN_IF(!Instance())) {- return 0;- }- uintptr_t result = Instance()->RegisterImpl(aConnection);+ uintptr_t result = EnsureInstance()->RegisterImpl(aConnection); DC_DEBUG( ("Registering connection %p as ulp %p", aConnection, (void*)result)); return result; } static void Deregister(uintptr_t aId) {- StaticMutexAutoLock lock(sInstanceMutex);- DC_DEBUG(("Deregistering connection ulp = %p", (void*)aId));- if (NS_WARN_IF(!Instance())) {- return;- }- Instance()->DeregisterImpl(aId);+ RefPtr<DataChannelRegistry> maybeTrash;++ {+ StaticMutexAutoLock lock(sInstanceMutex);+ DC_DEBUG(("Deregistering connection ulp = %p", (void*)aId));+ if (NS_WARN_IF(!Instance())) {+ return;+ }+ Instance()->DeregisterImpl(aId);+ if (Instance()->Empty()) {+ // Unset singleton inside mutex lock, but don't call Shutdown until we+ // unlock, since that involves calling into libusrsctp, which invites+ // deadlock.+ maybeTrash = Instance().forget();+ }+ }++ if (maybeTrash) {+ maybeTrash->Shutdown();+ } } static RefPtr<DataChannelConnection> Lookup(uintptr_t aId) {@@ -139,14 +150,33 @@ observerService->AddObserver(this, "xpcom-will-shutdown", false); MOZ_ASSERT(rv == NS_OK); (void)rv;- // TODO(bug 1646716): usrsctp_finish is racy, so we init in the c'tor. InitUsrSctp(); }+ nsresult Shutdown() {+ DeinitUsrSctp();+ nsCOMPtr<nsIObserverService> observerService =+ mozilla::services::GetObserverService();+ if (NS_WARN_IF(!observerService)) {+ return NS_ERROR_FAILURE;+ }++ nsresult rv = observerService->RemoveObserver(this, "xpcom-will-shutdown");+ MOZ_ASSERT(rv == NS_OK);+ return rv;+ }+ static RefPtr<DataChannelRegistry>& Instance() {- // Lazy-create static registry.- static RefPtr<DataChannelRegistry> sRegistry = new DataChannelRegistry;+ static RefPtr<DataChannelRegistry> sRegistry; return sRegistry;+ }++ static RefPtr<DataChannelRegistry>& EnsureInstance() {+ ASSERT_WEBRTC(NS_IsMainThread());+ if (!Instance()) {+ Instance() = new DataChannelRegistry();+ }+ return Instance(); } NS_IMETHOD Observe(nsISupports* aSubject, const char* aTopic,@@ -159,26 +189,15 @@ Instance() = nullptr; }- // |self| is the only reference now+ // |self| and the reference being held onto by the observer service are+ // the only ones left now. if (NS_WARN_IF(!mConnections.empty())) { MOZ_ASSERT(false); mConnections.clear(); }- // TODO(bug 1646716): usrsctp_finish is racy, so we wait until xpcom- // shutdown for this.- DeinitUsrSctp();- nsCOMPtr<nsIObserverService> observerService =- mozilla::services::GetObserverService();- if (NS_WARN_IF(!observerService)) {- return NS_ERROR_FAILURE;- }-- nsresult rv =- observerService->RemoveObserver(this, "xpcom-will-shutdown");- MOZ_ASSERT(rv == NS_OK);- (void)rv;+ return Shutdown(); } return NS_OK;@@ -186,10 +205,6 @@ uintptr_t RegisterImpl(DataChannelConnection* aConnection) { ASSERT_WEBRTC(NS_IsMainThread());- // TODO(bug 1646716): usrsctp_finish is racy, so we init in the c'tor.- // if (mConnections.empty()) {- // InitUsrSctp();- //} mConnections.emplace(mNextId, aConnection); return mNextId++; }@@ -197,12 +212,9 @@ void DeregisterImpl(uintptr_t aId) { ASSERT_WEBRTC(NS_IsMainThread()); mConnections.erase(aId);- // TODO(bug 1646716): usrsctp_finish is racy, so we wait until xpcom- // shutdown for this.- // if (mConnections.empty()) {- // DeinitUsrSctp();- //}- }+ }++ bool Empty() const { return mConnections.empty(); } RefPtr<DataChannelConnection> LookupImpl(uintptr_t aId) { auto it = mConnections.find(aId);@@ -228,12 +240,13 @@ #endif void InitUsrSctp() {- DC_DEBUG(("sctp_init"));-#ifdef MOZ_PEERCONNECTION- usrsctp_init(0, DataChannelRegistry::SctpDtlsOutput, debug_printf);-#else+#ifndef MOZ_PEERCONNECTION MOZ_CRASH("Trying to use SCTP/DTLS without dom/media/webrtc/transport"); #endif++ DC_DEBUG(("Calling usrsctp_init %p", this));++ usrsctp_init(0, DataChannelRegistry::SctpDtlsOutput, debug_printf); // Set logging to SCTP:LogLevel::Debug to get SCTP debugs if (MOZ_LOG_TEST(gSCTPLog, LogLevel::Debug)) {@@ -260,7 +273,7 @@ } void DeinitUsrSctp() {- DC_DEBUG(("Shutting down SCTP"));+ DC_DEBUG(("Calling usrsctp_finish %p", this)); usrsctp_finish(); }
Here's the analysis of the provided code diff for security fixes:
1. Vulnerability Existed: yes
Race Condition in Instance Handling [netwerk/sctp/datachannel/DataChannel.cpp] [Lines 101-139]
Old Code:
```cpp
if (NS_WARN_IF(!Instance())) {
return 0;
}
uintptr_t result = Instance()->RegisterImpl(aConnection);
```
Fixed Code:
```cpp
uintptr_t result = EnsureInstance()->RegisterImpl(aConnection);
```
Details: The old code had potential race conditions where Instance() could become null between checks. The new code ensures proper instance creation and thread safety.
2. Vulnerability Existed: yes
Improper Resource Shutdown [netwerk/sctp/datachannel/DataChannel.cpp] [Lines 139-189]
Old Code:
```cpp
// Old code had no proper shutdown mechanism and deferred cleanup
```
Fixed Code:
```cpp
nsresult Shutdown() {
DeinitUsrSctp();
nsCOMPtr<nsIObserverService> observerService =
mozilla::services::GetObserverService();
if (NS_WARN_IF(!observerService)) {
return NS_ERROR_FAILURE;
}
nsresult rv = observerService->RemoveObserver(this, "xpcom-will-shutdown");
MOZ_ASSERT(rv == NS_OK);
return rv;
}
```
Details: Added proper shutdown sequence for SCTP resources and observer cleanup.
3. Vulnerability Existed: not sure
Potential Memory Leak [netwerk/sctp/datachannel/DataChannel.cpp] [Lines 107-133]
Old Code:
```cpp
static void Deregister(uintptr_t aId) {
StaticMutexAutoLock lock(sInstanceMutex);
DC_DEBUG(("Deregistering connection ulp = %p", (void*)aId));
if (NS_WARN_IF(!Instance())) {
return;
}
Instance()->DeregisterImpl(aId);
}
```
Fixed Code:
```cpp
static void Deregister(uintptr_t aId) {
RefPtr<DataChannelRegistry> maybeTrash;
{
StaticMutexAutoLock lock(sInstanceMutex);
DC_DEBUG(("Deregistering connection ulp = %p", (void*)aId));
if (NS_WARN_IF(!Instance())) {
return;
}
Instance()->DeregisterImpl(aId);
if (Instance()->Empty()) {
maybeTrash = Instance().forget();
}
}
if (maybeTrash) {
maybeTrash->Shutdown();
}
}
```
Details: The changes improve resource cleanup but it's unclear if this was fixing an actual memory leak or just improving robustness.
4. Vulnerability Existed: not sure
Potential SCTP Initialization Race [netwerk/sctp/datachannel/DataChannel.cpp] [Lines 240-273]
Old Code:
```cpp
void InitUsrSctp() {
DC_DEBUG(("sctp_init"));
#ifdef MOZ_PEERCONNECTION
usrsctp_init(0, DataChannelRegistry::SctpDtlsOutput, debug_printf);
#else
MOZ_CRASH("Trying to use SCTP/DTLS without dom/media/webrtc/transport");
#endif
```
Fixed Code:
```cpp
void InitUsrSctp() {
#ifndef MOZ_PEERCONNECTION
MOZ_CRASH("Trying to use SCTP/DTLS without dom/media/webrtc/transport");
#endif
DC_DEBUG(("Calling usrsctp_init %p", this));
usrsctp_init(0, DataChannelRegistry::SctpDtlsOutput, debug_printf);
```
Details: The changes reorder operations and add debugging, but it's unclear if this was fixing a specific race condition or just improving code structure.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.roundrect.3.radii.1.dompointinit.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.roundrect.3.radii.1.dompointinit.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -27,15 +27,15 @@ ctx.fill(); // top-left corner-_assertPixel(offscreenCanvas, 20,1, 255,0,0,255, "20,1", "255,0,0,255");-_assertPixel(offscreenCanvas, 41,1, 0,255,0,255, "41,1", "0,255,0,255");-_assertPixel(offscreenCanvas, 1,10, 255,0,0,255, "1,10", "255,0,0,255");-_assertPixel(offscreenCanvas, 1,21, 0,255,0,255, "1,21", "0,255,0,255");+_assertPixel(canvas, 20,1, 255,0,0,255, "20,1", "255,0,0,255");+_assertPixel(canvas, 41,1, 0,255,0,255, "41,1", "0,255,0,255");+_assertPixel(canvas, 1,10, 255,0,0,255, "1,10", "255,0,0,255");+_assertPixel(canvas, 1,21, 0,255,0,255, "1,21", "0,255,0,255"); // other corners-_assertPixel(offscreenCanvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");-_assertPixel(offscreenCanvas, 98,48, 0,255,0,255, "98,48", "0,255,0,255");-_assertPixel(offscreenCanvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255");+_assertPixel(canvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");+_assertPixel(canvas, 98,48, 0,255,0,255, "98,48", "0,255,0,255");+_assertPixel(canvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255"); t.done(); });
After analyzing the provided code diff, I don't see any security-related fixes. The changes appear to be purely cosmetic/refactoring, changing variable names from `offscreenCanvas` to `canvas` and updating corresponding function calls. Here's the analysis:
1. Vulnerability Existed: no
No security vulnerability found
File: testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.roundrect.3.radii.1.dompointinit.html
Lines: 17-27
Old Code: var offscreenCanvas = new OffscreenCanvas(100, 50); var ctx = offscreenCanvas.getContext('2d');
Fixed Code: var canvas = new OffscreenCanvas(100, 50); var ctx = canvas.getContext('2d');
2. Vulnerability Existed: no
No security vulnerability found
File: testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.roundrect.3.radii.1.dompointinit.html
Lines: 27-35
Old Code: _assertPixel(offscreenCanvas, ...) calls
Fixed Code: _assertPixel(canvas, ...) calls
The changes are purely variable naming changes and don't affect security or functionality in any way. The test assertions remain the same, just using a different variable name.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/initial.reset.pattern.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/initial.reset.pattern.html@@ -17,19 +17,19 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d');-offscreenCanvas.width = 30;+canvas.width = 30; ctx.fillStyle = '#0f0'; ctx.fillRect(0, 0, 30, 50);-var p = ctx.createPattern(offscreenCanvas, 'repeat-x');-offscreenCanvas.width = 100;+var p = ctx.createPattern(canvas, 'repeat-x');+canvas.width = 100; ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50); ctx.fillStyle = p; ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
After analyzing the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be primarily variable renaming and don't involve any security-related modifications. Here's the analysis:
Vulnerability Existed: no
No security vulnerability found
File: testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/initial.reset.pattern.html
Changes:
- Renamed variable 'offscreenCanvas' to 'canvas'
- Updated all references to the renamed variable
- No security-related changes detected
The diff shows only variable renaming and no changes to security-sensitive operations or patterns. The test logic remains the same, just with a different variable name.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/netwerk/test/unit/test_http3.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/netwerk/test/unit/test_http3.js@@ -71,7 +71,7 @@ do_get_profile(); prefs = Services.prefs;- prefs.setBoolPref("network.http.http3.enabled", true);+ prefs.setBoolPref("network.http.http3.enable", true); prefs.setCharPref("network.dns.localDomains", "foo.example.com"); // We always resolve elements of localDomains as it's hardcoded without the // following pref:@@ -562,7 +562,7 @@ } function testsDone() {- prefs.clearUserPref("network.http.http3.enabled");+ prefs.clearUserPref("network.http.http3.enable"); prefs.clearUserPref("network.dns.localDomains"); prefs.clearUserPref("network.proxy.allow_hijacking_localhost"); prefs.clearUserPref("network.http.altsvc.oe");
Here's the analysis of the provided code diff:
1. Vulnerability Existed: not sure
[Preference Name Change] [netwerk/test/unit/test_http3.js] [Lines 71, 562]
[Old Code]
prefs.setBoolPref("network.http.http3.enabled", true);
prefs.clearUserPref("network.http.http3.enabled");
[Fixed Code]
prefs.setBoolPref("network.http.http3.enable", true);
prefs.clearUserPref("network.http.http3.enable");
Additional Details:
- The change appears to be a preference name modification from "network.http.http3.enabled" to "network.http.http3.enable"
- This doesn't appear to be a security fix but rather a configuration/consistency update
- No specific vulnerability is being addressed here, just a preference name change
- The change is reflected in both the set and clear operations for consistency
No other vulnerabilities or changes were detected in the provided diff. The modification seems to be focused on standardizing the preference name rather than addressing any security concerns.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.