Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.hsl-3.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.hsl-3.worker.js@@ -13,14 +13,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; try { ctx.fillStyle = 'hsl(0, 0, 50%)'; } catch (e) { } // this shouldn't throw, but it shouldn't matter here if it does ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
Here's the analysis of the provided code diff:
1. Vulnerability Existed: no
No security vulnerability found [File] [Lines 13-14, 20]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
The changes appear to be purely cosmetic/refactoring, renaming the variable `offscreenCanvas` to `canvas` for consistency or clarity. There are no security-related changes or vulnerabilities being fixed in this diff. The functionality remains exactly the same, just with a different variable name.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/netwerk/ipc/DocumentLoadListener.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/netwerk/ipc/DocumentLoadListener.cpp@@ -1099,7 +1099,7 @@ httpChannelImpl->SetEarlyHintObserver(nullptr); }- mEarlyHintsPreloader.Cancel();+ mEarlyHintsService.Cancel(); if (auto* ctx = GetDocumentBrowsingContext()) { ctx->EndDocumentLoad(mDoingProcessSwitch);@@ -2285,9 +2285,9 @@ if (httpChannel) { uint32_t responseStatus; Unused << httpChannel->GetResponseStatus(&responseStatus);- mEarlyHintsPreloader.FinalResponse(responseStatus);+ mEarlyHintsService.FinalResponse(responseStatus); } else {- mEarlyHintsPreloader.Cancel();+ mEarlyHintsService.Cancel(); } // If we're going to be delivering this channel to a remote content@@ -2665,7 +2665,7 @@ NS_IMETHODIMP DocumentLoadListener::EarlyHint(const nsACString& linkHeader) { LOG(("DocumentLoadListener::EarlyHint.\n"));- mEarlyHintsPreloader.EarlyHint(linkHeader);+ mEarlyHintsService.EarlyHint(linkHeader); return NS_OK; }
Here's the analysis following the required format: Vulnerability Existed: not sure [Potential Resource Management Issue] [netwerk/ipc/DocumentLoadListener.cpp] [Lines 1099, 2285-2289, 2665] [Old Code] mEarlyHintsPreloader.Cancel(); mEarlyHintsPreloader.FinalResponse(responseStatus); mEarlyHintsPreloader.EarlyHint(linkHeader); [Fixed Code] mEarlyHintsService.Cancel(); mEarlyHintsService.FinalResponse(responseStatus); mEarlyHintsService.EarlyHint(linkHeader); Additional Details: The diff shows a systematic replacement of `mEarlyHintsPreloader` with `mEarlyHintsService` throughout the file. While this appears to be a refactoring change, it could potentially address: 1. A resource management issue if the old preloader implementation didn't properly clean up resources 2. A potential race condition if the preloader wasn't properly synchronized 3. A naming inconsistency that might have caused confusion in code maintenance However, without more context about the implementation differences between `EarlyHintsPreloader` and `EarlyHintsService`, we can't definitively identify a specific vulnerability. The change suggests improved handling of early hint resources, but we can't confirm if it fixes an actual security vulnerability.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/devtools/server/tests/browser/browser_perf-01.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/devtools/server/tests/browser/browser_perf-01.js@@ -21,11 +21,6 @@ await front.isSupportedPlatform(), true, "This test only runs on supported platforms."- );- is(- await front.isLockedForPrivateBrowsing(),- false,- "The browser is not in private browsing mode." ); is(await front.isActive(), false, "The profiler is not active yet.");
Based on the provided diff, here's the analysis:
Vulnerability Existed: no
No specific vulnerability [File: devtools/server/tests/browser/browser_perf-01.js] [Lines: 21-26]
[Old Code]
is(
await front.isLockedForPrivateBrowsing(),
false,
"The browser is not in private browsing mode."
);
[Fixed Code]
(removed entirely)
Additional Details:
1. The change simply removes a test assertion that was checking if the browser was in private browsing mode.
2. This appears to be a test cleanup rather than a security fix.
3. No specific vulnerability is being addressed here - just removing what might have been an unnecessary test check.
4. The removal might indicate that the private browsing check is no longer relevant or is being handled elsewhere in the codebase.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/size.attributes.default.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/size.attributes.default.worker.js@@ -13,11 +13,11 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d');-_assertSame(offscreenCanvas.width, 100, "offscreenCanvas.width", "100");-_assertSame(offscreenCanvas.height, 50, "offscreenCanvas.height", "50");+_assertSame(canvas.width, 100, "canvas.width", "100");+_assertSame(canvas.height, 50, "canvas.height", "50"); t.done(); });
Analysis of the provided code diff:
1. Vulnerability Existed: no
Variable Renaming [File] [Lines 13-18]
Old Code:
```javascript
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertSame(offscreenCanvas.width, 100, "offscreenCanvas.width", "100");
_assertSame(offscreenCanvas.height, 50, "offscreenCanvas.height", "50");
```
Fixed Code:
```javascript
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertSame(canvas.width, 100, "canvas.width", "100");
_assertSame(canvas.height, 50, "canvas.height", "50");
```
The changes in this diff appear to be purely cosmetic, renaming the variable `offscreenCanvas` to `canvas` for consistency or clarity. There are no security-related changes or vulnerabilities being addressed in this modification. The functionality remains exactly the same, only the variable name has changed.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/build/zstandard_requirements.txt+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/build/zstandard_requirements.txt@@ -4,49 +4,49 @@ # # pip-compile --generate-hashes --output-file=build/zstandard_requirements.txt build/zstandard_requirements.in #-zstandard==0.16.0 \- --hash=sha256:066488e721ec882485a500c216302b443f2eaef39356f7c65130e76c671e3ce2 \- --hash=sha256:08a728715858f1477239887ba3c692bc462b2c86e7a8e467dc5affa7bba9093f \- --hash=sha256:11216b47c62e9fc71a25f4b42f525a81da268071bdb434bc1e642ffc38a24a02 \- --hash=sha256:127c4c93f578d9b509732c74ed9b44b23e94041ba11b13827be0a7d2e3869b39 \- --hash=sha256:12dddee2574b00c262270cfb46bd0c048e92208b95fdd39ad2a9eac1cef30498 \- --hash=sha256:1bdda52224043e13ed20f847e3b308de1c9372d1563824fad776b1cf1f847ef0 \- --hash=sha256:2e31680d1bcf85e7a58a45df7365af894402ae77a9868c751dc991dd13099a5f \- --hash=sha256:42992e89b250fe6878c175119af529775d4be7967cd9de86990145d615d6a444 \- --hash=sha256:453e42af96923582ddbf3acf843f55d2dc534a3f7b345003852dd522aa51eae6 \- --hash=sha256:4d8a296dab7f8f5d53acc693a6785751f43ca39b51c8eabc672f978306fb40e6 \- --hash=sha256:5251ac352d8350869c404a0ca94457da018b726f692f6456ec82bbf907fbc956 \- --hash=sha256:57a6cfc34d906d514358769ed6d510b312be1cf033aafb5db44865a6717579bd \- --hash=sha256:6ed51162e270b9b8097dcae6f2c239ada05ec112194633193ec3241498988924 \- --hash=sha256:74cbea966462afed5a89eb99e4577538d10d425e05bf6240a75c086d59ccaf89 \- --hash=sha256:87bea44ad24c15cd872263c0d5f912186a4be3db361eab3b25f1a61dcb5ca014 \- --hash=sha256:8a745862ed525eee4e28bdbd58bf3ea952bf9da3c31bb4e4ce11ef15aea5c625 \- --hash=sha256:8b760fc8118b1a0aa1d8f4e2012622e8f5f178d4b8cb94f8c6d2948b6a49a485 \- --hash=sha256:8c8c0e813b67de1c9d7f2760768c4ae53f011c75ace18d5cff4fb40d2173763f \- --hash=sha256:8d5fe983e23b05f0e924fe8d0dd3935f0c9fd3266e4c6ff8621c12c350da299d \- --hash=sha256:8f5785c0b9b71d49d789240ae16a636728596631cf100f32b963a6f9857af5a4 \- --hash=sha256:91efd5ea5fb3c347e7ebb6d5622bfa37d72594a2dec37c5dde70b691edb6cc03 \- --hash=sha256:92e6c1a656390176d51125847f2f422f9d8ed468c24b63958f6ee50d9aa98c83 \- --hash=sha256:9bcbfe1ec89789239f63daeea8778488cb5ba9034a374d7753815935f83dad65 \- --hash=sha256:a92aa26789f17ca3b1f45cc7e728597165e2b166b99d1204bb397a672edee761 \- --hash=sha256:a9ec6de2c058e611e9dfe88d9809a5676bc1d2a53543c1273a90a60e41b8f43c \- --hash=sha256:ac5d97f9dece91a1162f651da79b735c5cde4d5863477785962aad648b592446 \- --hash=sha256:ae19628886d994ac1f3d2fc7f9ed5bb551d81000f7b4e0c57a0e88301aea2766 \- --hash=sha256:b2ea1937eff0ed5621876dc377933fe76624abfb2ab5b418995f43af6bac50de \- --hash=sha256:b46220bef7bf9271a2a05512e86acbabc86cca08bebde8447bdbb4acb3179447 \- --hash=sha256:b61586b0ff55c4137e512f1e9df4e4d7a6e1e9df782b4b87652df27737c90cc1 \- --hash=sha256:be68fbac1e88f0dbe033a2d2e3aaaf9c8307730b905f3cd3c698ca4b904f0702 \- --hash=sha256:c75557d53bb2d064521ff20cce9b8a51ee8301e031b1d6bcedb6458dda3bc85d \- --hash=sha256:c7e6b6ad58ae6f77872da9376ef0ecbf8c1ae7a0c8fc29a2473abc90f79a9a1b \- --hash=sha256:c8828f4e78774a6c0b8d21e59677f8f48d2e17fe2ef72793c94c10abc032c41c \- --hash=sha256:cae9bfcb9148152f8bfb9163b4b779326ca39fe9889e45e0572c56d25d5021be \- --hash=sha256:ce61492764d0442ca1e81d38d7bf7847d7df5003bce28089bab64c0519749351 \- --hash=sha256:d40447f4a44b442fa6715779ff49a1e319729d829198279927d18bca0d7ac32d \- --hash=sha256:d9946cfe54bf3365f14a5aa233eb2425de3b77eac6a4c7d03dda7dbb6acd3267 \- --hash=sha256:dd5a2287893e52204e4ce9d0e1bcea6240661dbb412efb53d5446b881d3c10a2 \- --hash=sha256:e9456492eb13249841e53221e742bef93f4868122bfc26bafa12a07677619732 \- --hash=sha256:eaae2d3e8fdf8bfe269628385087e4b648beef85bb0c187644e7df4fb0fe9046 \- --hash=sha256:eba125d3899f2003debf97019cd6f46f841a405df067da23d11443ad17952a40 \- --hash=sha256:ef759c1dfe78aa5a01747d3465d2585de14e08fc2b0195ce3f31f45477fc5a72 \- --hash=sha256:ffe1d24c5e11e98e4c5f96f846cdd19619d8c7e5e8e5082bed62d39baa30cecb+zstandard==0.17.0 \+ --hash=sha256:208fa6bead577b2607205640078ee452e81fe20fe96321623c632bad9ebd7148 \+ --hash=sha256:2a2ac752162ba5cbc869c60c4a4e54e890b2ee2ffb57d3ff159feab1ae4518db \+ --hash=sha256:37e50501baaa935f13a1820ab2114f74313b5cb4cfff8146acb8c5b18cdced2a \+ --hash=sha256:3cf96ace804945e53bc3e5294097e5fa32a2d43bc52416c632b414b870ee0a21 \+ --hash=sha256:42f3c02c7021073cafbc6cd152b288c56a25e585518861589bb08b063b6d2ad2 \+ --hash=sha256:4768449d8d1b0785309ace288e017cc5fa42e11a52bf08c90d9c3eb3a7a73cc6 \+ --hash=sha256:477f172807a9fa83467b30d7c58876af1410d20177c554c27525211edf535bae \+ --hash=sha256:49cd09ccbd1e3c0e2690dd62ebf95064d84aa42b9db381867e0b138631f969f2 \+ --hash=sha256:59eadb9f347d40e8f7ef77caffd0c04a31e82c1df82fe2d2a688032429d750ac \+ --hash=sha256:60943f71e3117583655a1eb76188a7cc78a25267ef09cc74be4d25a0b0c8b947 \+ --hash=sha256:787efc741e61e00ffe5e65dac99b0dc5c88b9421012a207a91b869a8b1164921 \+ --hash=sha256:7a3a1aa9528087f6f4c47f4ece2d5e6a160527821263fb8174ff36429233e093 \+ --hash=sha256:7d2e7abac41d2b4b18f03575aca860d2cb647c343e13c23d6c769106a3db2f6f \+ --hash=sha256:802109f67328c5b822d4fdac28e1cf65a24de2e2e99d76cdbeee9121cedb1b6c \+ --hash=sha256:8aedd38d357f6d5e2facd88ce62b4976afdc29db57216a23f14a0cd0ca05a8a3 \+ --hash=sha256:8fd386d0ec1f9343f1776391d9e60d4eedced0a0b0e625bb89b91f6d05f70e83 \+ --hash=sha256:90a9ba3a9c16b86afcb785b3c9418af39ccfb238fd5f6e429166e3ca8542b01f \+ --hash=sha256:91a228a077fc7cd8486c273788d4a006a37d060cb4293f471eb0325c3113af68 \+ --hash=sha256:9cf18c156b3a108197a8bf90b37d03c31c8ef35a7c18807b321d96b74e12c301 \+ --hash=sha256:9ec62a4c2dbb0a86ee5138c16ef133e59a23ac108f8d7ac97aeb61d410ce6857 \+ --hash=sha256:a1991cdf2e81e643b53fb8d272931d2bdf5f4e70d56a457e1ef95bde147ae627 \+ --hash=sha256:a628f20d019feb0f3a171c7a55cc4f75681f3b8c1bd7a5009165a487314887cd \+ --hash=sha256:a71809ec062c5b7acf286ba6d4484e6fe8130fc2b93c25e596bb34e7810c79b2 \+ --hash=sha256:a7756a9446f83c81101f6c0a48c3bfd8d387a249933c57b0d095ca8b20541337 \+ --hash=sha256:a827b9c464ee966524f8e82ec1aabb4a77ff9514cae041667fa81ae2ec8bd3e9 \+ --hash=sha256:b1ad6d2952b41d9a0ea702a474cc08c05210c6289e29dd496935c9ca3c7fb45c \+ --hash=sha256:b4e671c4c0804cdf752be26f260058bb858fbdaaef1340af170635913ecca01e \+ --hash=sha256:bd842ae3dbb7cba88beb022161c819fa80ca7d0c5a4ddd209e7daae85d904e49 \+ --hash=sha256:bdf691a205bc492956e6daef7a06fb38f8cbe8b2c1cb0386f35f4412c360c9e9 \+ --hash=sha256:c19d1e06569c277dcc872d80cbadf14a29e8199e013ff2a176d169f461439a40 \+ --hash=sha256:c81fd9386449df0ebf1ab3e01187bb30d61122c74df53ba4880a2454d866e55d \+ --hash=sha256:d0e9fec68e304fb35c559c44530213adbc7d5918bdab906a45a0f40cd56c4de2 \+ --hash=sha256:d1405caa964ba11b2396bd9fd19940440217345752e192c936d084ba5fe67dcb \+ --hash=sha256:d5373a56b90052f171c8634fedc53a6ac371e6c742606e9825772a394bdbd4b0 \+ --hash=sha256:d78aac2ffc4e88ab1cbcad844669924c24e24c7c255de9628a18f14d832007c5 \+ --hash=sha256:d916018289d2f9a882e90d2e3bd41652861ce11b5ecd8515fa07ad31d97d56e5 \+ --hash=sha256:db993a56e21d903893933887984ca9b0d274f2b1db7b3cf21ba129783953864f \+ --hash=sha256:de1aa618306a741e0497878b7f845fd6c397e52dd096fb76ed791e7268887176 \+ --hash=sha256:e37c4e21f696d6bcdbbc7caf98dffa505d04c0053909b9db0a6e8ca3b935eb07 \+ --hash=sha256:ef62eb3bcfd6d786f439828bb544ebd3936432db669403e0b8f48e424f1d55f1 \+ --hash=sha256:f0c87f097d6867833a839b086eb8d03676bb87c2efa067a131099f04aa790683 \+ --hash=sha256:f2e3ea5e4d5ecf3faefd4a5294acb6af1f0578b0cdd75d6b4529c45deaa54d6f \+ --hash=sha256:f502fe79757434292174b04db114f9e25c767b2d5ca9e759d118b22a66f445f8 \+ --hash=sha256:fa9194cb91441df7242aa3ddc4cb184be38876cb10dd973674887f334bafbfb6 # via -r build/zstandard_requirements.in
Based on the provided diff, I'll analyze the changes in the zstandard package version update from 0.16.0 to 0.17.0: 1. Vulnerability Existed: not sure [Potential Dependency Vulnerability] [build/zstandard_requirements.txt] [Lines 4-53] [Old Code: zstandard==0.16.0 with all its hashes] [Fixed Code: zstandard==0.17.0 with all its hashes] Additional Details: - The diff shows a version update of the zstandard package from 0.16.0 to 0.17.0 - While the diff doesn't explicitly mention security fixes, version updates often include security patches - Without access to the zstandard changelog or release notes, I can't confirm specific vulnerabilities that were fixed - The update includes new hash values for the package, indicating the package contents have changed significantly - It's a best practice to keep dependencies updated to their latest stable versions to include security fixes Note: To be more certain about specific vulnerabilities fixed, we would need to check: 1. The zstandard changelog between versions 0.16.0 and 0.17.0 2. Any CVE databases for reported vulnerabilities in zstandard 3. The Firefox release notes mentioning why this dependency was updated
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/js/src/devtools/rootAnalysis/loadCallgraph.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/js/src/devtools/rootAnalysis/loadCallgraph.js@@ -419,8 +419,11 @@ // set of mangled names (map from mangled name => {any,all,recursive_root:bool} var limitedFunctions = {};- for (const [id, [any, all]] of Object.entries(functionAttrs))- limitedFunctions[functions.name[id]] = { attributes: all };+ for (const [id, [any, all]] of Object.entries(functionAttrs)) {+ if (all) {+ limitedFunctions[functions.name[id]] = { attributes: all };+ }+ } for (const [id, limits, label] of recursive_roots) { const name = functions.name[id];
Analysis of the provided code diff:
1. Vulnerability Existed: yes
[Potential Information Exposure] [js/src/devtools/rootAnalysis/loadCallgraph.js] [Lines 419-423]
[Old Code]
for (const [id, [any, all]] of Object.entries(functionAttrs))
limitedFunctions[functions.name[id]] = { attributes: all };
[Fixed Code]
for (const [id, [any, all]] of Object.entries(functionAttrs)) {
if (all) {
limitedFunctions[functions.name[id]] = { attributes: all };
}
}
Additional Details:
- The vulnerability appears to be related to potential information exposure or improper data filtering. The original code would add all function attributes to limitedFunctions regardless of their value, while the fixed version only includes them if 'all' is truthy.
- This could prevent exposure of sensitive function attributes when they shouldn't be included.
- The exact vulnerability classification is uncertain, but it appears to be a data filtering/validation improvement.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-text-decor/inheritance.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-text-decor/inheritance.html@@ -25,8 +25,8 @@ assert_not_inherited('text-decoration-line', 'none', 'line-through'); assert_not_inherited('text-decoration-style', 'solid', 'dashed'); assert_inherited('text-emphasis-color', 'rgba(2, 3, 4, 0.5)', 'rgba(42, 53, 64, 0.75)');-assert_inherited('text-emphasis-position', 'over right', 'under left');-assert_inherited('text-emphasis-style', 'none', 'filled triangle');+assert_inherited('text-emphasis-position', 'over', 'under left');+assert_inherited('text-emphasis-style', 'none', 'triangle'); assert_inherited('text-shadow', 'none', 'rgba(42, 53, 64, 0.75) 10px 20px 0px'); assert_inherited('text-underline-position', 'auto', 'under');
Based on the provided diff, I don't see any clear security vulnerabilities being fixed. The changes appear to be test case modifications for CSS text decoration inheritance properties. Here's the analysis:
1. Vulnerability Existed: no
No security vulnerability [testing/web-platform/tests/css/css-text-decor/inheritance.html] [Lines 25-26]
Old Code:
assert_inherited('text-emphasis-position', 'over right', 'under left');
assert_inherited('text-emphasis-style', 'none', 'filled triangle');
Fixed Code:
assert_inherited('text-emphasis-position', 'over', 'under left');
assert_inherited('text-emphasis-style', 'none', 'triangle');
The changes simplify the test cases by:
1. Removing 'right' from the text-emphasis-position test case
2. Removing 'filled' from the text-emphasis-style test case
These appear to be test case refinements rather than security fixes. The modifications make the test cases more focused on testing basic inheritance behavior rather than testing multiple property values at once.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-ui/outline-001.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-ui/outline-001.html@@ -5,7 +5,6 @@ <link rel="author" title="Shiyou Tan" href="mailto:[email protected]"> <link rel="help" title="7.1. 'outline' property" href="http://www.w3.org/TR/css3-ui/#outline"> <link rel="match" href="../reference/ref-filled-green-100px-square.xht">-<meta name="flags" content=""> <meta name="assert" content="Test checks that the outline property creates outlines around visual objects and makes them stand out"> <style> #container {
Based on the provided code diff, I'll analyze it for potential security vulnerabilities: 1. Vulnerability Existed: no This appears to be a simple test file modification where a meta tag with empty flags was removed. There's no indication of any security vulnerability being fixed here. The change seems to be just cleaning up test metadata. 2. Vulnerability Existed: not sure [Potential HTML Injection] [testing/web-platform/tests/css/css-ui/outline-001.html] [Lines 5-6] [Old Code: `<meta name="flags" content="">`] [Fixed Code: removed] While this doesn't appear to be a security fix, there's a small possibility that removing an empty meta tag could prevent potential HTML injection if the flags field was ever populated with untrusted data, though this seems unlikely in a test file context. Note: The diff shows very minimal changes that don't appear to be security-related. The removal of an empty meta tag is typically not considered a security fix unless there was a specific vulnerability associated with that tag's handling.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/accessible/atk/nsMaiInterfaceImage.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/accessible/atk/nsMaiInterfaceImage.cpp@@ -21,7 +21,7 @@ static void getImagePositionCB(AtkImage* aImage, gint* aAccX, gint* aAccY, AtkCoordType aCoordType) {- nsIntPoint pos = nsIntPoint(-1, -1);+ LayoutDeviceIntPoint pos(-1, -1); uint32_t geckoCoordType = (aCoordType == ATK_XY_WINDOW) ? nsIAccessibleCoordinateType::COORDTYPE_WINDOW_RELATIVE@@ -45,7 +45,7 @@ static void getImageSizeCB(AtkImage* aImage, gint* aAccWidth, gint* aAccHeight) {- nsIntSize size = nsIntSize(-1, -1);+ LayoutDeviceIntSize size(-1, -1); AccessibleWrap* accWrap = GetAccessibleWrap(ATK_OBJECT(aImage)); if (accWrap && accWrap->IsImage()) { size = accWrap->AsImage()->Size();
Here's the analysis following the requested format: Vulnerability Existed: not sure [Potential Integer Overflow/Type Safety Issue] [accessible/atk/nsMaiInterfaceImage.cpp] [Lines 21,45] [Old Code] nsIntPoint pos = nsIntPoint(-1, -1); nsIntSize size = nsIntSize(-1, -1); [Fixed Code] LayoutDeviceIntPoint pos(-1, -1); LayoutDeviceIntSize size(-1, -1); Additional Details: 1. The change involves replacing nsIntPoint/nsIntSize with LayoutDeviceIntPoint/LayoutDeviceIntSize 2. This appears to be a type safety improvement rather than a direct security fix 3. The old types might have been more prone to integer overflow issues, but there's no clear evidence this was an actual vulnerability 4. The change aligns with Mozilla's ongoing effort to use more specific types for layout calculations No other vulnerabilities were identified in this diff. The changes appear to be primarily about type safety and code modernization rather than addressing specific security issues.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/widget/cocoa/nsNativeThemeCocoa.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/widget/cocoa/nsNativeThemeCocoa.h@@ -11,13 +11,8 @@ #include "mozilla/Variant.h"-#include "LookAndFeel.h" #include "nsITheme.h"-#include "nsCOMPtr.h"-#include "nsAtom.h"-#include "nsNativeTheme.h"-#include "nsNativeBasicThemeCocoa.h"-#include "ScrollbarDrawingCocoa.h"+#include "ThemeCocoa.h" @class MOZCellDrawWindow; @class MOZCellDrawView;@@ -33,9 +28,8 @@ } // namespace gfx } // namespace mozilla-class nsNativeThemeCocoa : public nsNativeBasicThemeCocoa {- protected:- using ScrollbarDrawingCocoa = mozilla::widget::ScrollbarDrawingCocoa;+class nsNativeThemeCocoa : public mozilla::widget::ThemeCocoa {+ using ThemeCocoa = mozilla::widget::ThemeCocoa; public: enum class MenuIcon : uint8_t {@@ -171,8 +165,6 @@ bool horizontal = true; bool reverse = false; };-- using ScrollbarParams = mozilla::widget::ScrollbarDrawing::ScrollbarParams; enum Widget : uint8_t { eColorFill, // mozilla::gfx::sRGBColor@@ -198,9 +190,6 @@ eMeter, // MeterParams eTreeHeaderCell, // TreeHeaderCellParams eScale, // ScaleParams- eScrollbarThumb, // ScrollbarParams- eScrollbarTrack, // ScrollbarParams- eScrollCorner, // ScrollbarParams eMultilineTextField, // bool eListBox, eActiveSourceListSelection, // bool@@ -269,15 +258,6 @@ static WidgetInfo Scale(const ScaleParams& aParams) { return WidgetInfo(Widget::eScale, aParams); }- static WidgetInfo ScrollbarThumb(const ScrollbarParams& aParams) {- return WidgetInfo(Widget::eScrollbarThumb, aParams);- }- static WidgetInfo ScrollbarTrack(const ScrollbarParams& aParams) {- return WidgetInfo(Widget::eScrollbarTrack, aParams);- }- static WidgetInfo ScrollCorner(const ScrollbarParams& aParams) {- return WidgetInfo(Widget::eScrollCorner, aParams);- } static WidgetInfo MultilineTextField(bool aParams) { return WidgetInfo(Widget::eMultilineTextField, aParams); }@@ -305,14 +285,13 @@ mozilla::Variant<mozilla::gfx::sRGBColor, MenuIconParams, MenuItemParams, CheckboxOrRadioParams, ButtonParams, DropdownParams, SpinButtonParams, SegmentParams, TextFieldParams,- ProgressParams, MeterParams, TreeHeaderCellParams, ScaleParams,- ScrollbarParams, bool>+ ProgressParams, MeterParams, TreeHeaderCellParams, ScaleParams, bool> mVariant; enum Widget mWidget; };- explicit nsNativeThemeCocoa(mozilla::UniquePtr<ScrollbarDrawing>&& aScrollbarDrawingCocoa);+ explicit nsNativeThemeCocoa(); NS_DECL_ISUPPORTS_INHERITED@@ -335,7 +314,6 @@ virtual bool GetWidgetOverflow(nsDeviceContext* aContext, nsIFrame* aFrame, StyleAppearance aAppearance, nsRect* aOverflowRect) override;- ScrollbarSizes GetScrollbarSizes(nsPresContext*, StyleScrollbarWidth, Overlay) override; NS_IMETHOD GetMinimumWidgetSize(nsPresContext* aPresContext, nsIFrame* aFrame, StyleAppearance aAppearance, mozilla::LayoutDeviceIntSize* aResult,@@ -426,7 +404,7 @@ void DrawSourceListSelection(CGContextRef aContext, const CGRect& aRect, bool aWindowIsActive, bool aSelectionIsActive);- void RenderWidget(const WidgetInfo& aWidgetInfo, mozilla::LookAndFeel::ColorScheme,+ void RenderWidget(const WidgetInfo& aWidgetInfo, mozilla::ColorScheme, mozilla::gfx::DrawTarget& aDrawTarget, const mozilla::gfx::Rect& aWidgetRect, const mozilla::gfx::Rect& aDirtyRect, float aScale);
Analyzing the provided code diff, here are the security-related findings:
1. Vulnerability Existed: not sure
[Potential Header Cleanup] [widget/cocoa/nsNativeThemeCocoa.h] [Lines 11-16]
[Old Code]
#include "LookAndFeel.h"
#include "nsITheme.h"
#include "nsCOMPtr.h"
#include "nsAtom.h"
#include "nsNativeTheme.h"
#include "nsNativeBasicThemeCocoa.h"
#include "ScrollbarDrawingCocoa.h"
[Fixed Code]
#include "nsITheme.h"
#include "ThemeCocoa.h"
[Details]
The diff shows significant header cleanup, but it's unclear if this was purely for organization or if any of the removed headers posed security risks. The change might indicate removal of unnecessary dependencies, but without more context, we can't be certain about security implications.
2. Vulnerability Existed: not sure
[Inheritance Change] [widget/cocoa/nsNativeThemeCocoa.h] [Lines 33-35]
[Old Code]
class nsNativeThemeCocoa : public nsNativeBasicThemeCocoa {
protected:
using ScrollbarDrawingCocoa = mozilla::widget::ScrollbarDrawingCocoa;
[Fixed Code]
class nsNativeThemeCocoa : public mozilla::widget::ThemeCocoa {
using ThemeCocoa = mozilla::widget::ThemeCocoa;
[Details]
The inheritance change from nsNativeBasicThemeCocoa to ThemeCocoa might indicate a security-related refactoring, but without more context about these classes, we can't determine if this fixes a specific vulnerability.
3. Vulnerability Existed: not sure
[Scrollbar Functionality Removal] [widget/cocoa/nsNativeThemeCocoa.h] [Lines 171,198-200,269-278]
[Old Code]
Various scrollbar-related code including ScrollbarParams and related widget types (eScrollbarThumb, eScrollbarTrack, eScrollCorner) and their associated methods
[Fixed Code]
All scrollbar-related code removed
[Details]
The complete removal of scrollbar-related functionality might indicate a security fix (perhaps moving this functionality elsewhere to address vulnerabilities), but without additional context, we can't confirm if this was security-motivated.
Note: The changes appear to be primarily architectural rather than clearly security-focused. The most significant change is the removal of scrollbar-related code, which could potentially be security-related if the scrollbar implementation had vulnerabilities, but this isn't confirmed by the diff alone.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-shapes/shape-outside/supported-shapes/circle/shape-outside-circle-055.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-shapes/shape-outside/supported-shapes/circle/shape-outside-circle-055.html@@ -9,7 +9,6 @@ <link rel="author" title="Mozilla" href="http://www.mozilla.org/"> <link rel="help" href="https://drafts.csswg.org/css-shapes-1/#supported-basic-shapes"> <link rel="match" href="reference/shape-outside-circle-055-ref.html">- <meta name="flags" content=""> <meta name="assert" content="Test the boxes are wrapping around the right float shape defined by circle(50% at right 40px bottom 40px) value under horizontal-tb writing-mode."> <style> .container {
Analysis of the code diff: 1. Vulnerability Existed: no No security vulnerability found [File] [Lines 9] Old Code: <meta name="flags" content=""> Fixed Code: (line removed) Additional Notes: - The diff shows removal of an empty meta "flags" tag, which appears to be a test configuration cleanup rather than a security fix. - There are no visible security vulnerabilities in this change as it doesn't affect any security-sensitive functionality. - The modification is part of test file maintenance and doesn't impact the actual CSS shape functionality being tested.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/base/nsFrameLoader.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/base/nsFrameLoader.h@@ -211,10 +211,6 @@ */ void Destroy(bool aForProcessSwitch = false);- void ActivateRemoteFrame(mozilla::ErrorResult& aRv);-- void DeactivateRemoteFrame(mozilla::ErrorResult& aRv);- void ActivateFrameEvent(const nsAString& aType, bool aCapture, mozilla::ErrorResult& aRv);
Analyzing the provided code diff for security fixes: 1. Vulnerability Existed: not sure [Potential Information Exposure] [dom/base/nsFrameLoader.h] [Lines 211-213] [Old Code] ```cpp void ActivateRemoteFrame(mozilla::ErrorResult& aRv); void DeactivateRemoteFrame(mozilla::ErrorResult& aRv); ``` [Fixed Code] ```cpp // Methods removed ``` Additional Details: The removal of these methods suggests they might have been exposing sensitive functionality or had potential security implications, but without more context, we can't be certain of the exact vulnerability. The removal could be related to hardening remote frame handling. Note: Since this is a header file change showing method removals rather than implementation changes, it's difficult to determine the exact security implications without seeing the implementation of these methods or the commit message explaining the change. The removal could be for security hardening, API simplification, or other reasons.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/target-lexicon/.cargo-checksum.json+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/target-lexicon/.cargo-checksum.json@@ -1 +1 @@-{"files":{"Cargo.lock":"b36e1dca3afec35b54b22ab760006ecac8ce9a0b52f1fe21d19fe59ba7cacc43","Cargo.toml":"859d24e450f3d2fb64f674c065c1be4889ac2f4e38dc3e18c5a5c2a42a3bbc4d","LICENSE":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","README.md":"c3467056d91be3f59562158ee9604c729b5b5f473efbefb036032803eb76809e","build.rs":"4716b4f955c7a4cb39cb3b7521c1745d5110c1cbd1e054bca906e37f5e974675","examples/host.rs":"503bafddfb372123fe4dc0e7b8037808beb5bfe6df60c00d3315922bd3792c6c","examples/misc.rs":"49a579845450b7b020ed5c97dca142fc548725893cbc82f6f750ee0caab2beca","scripts/rust-targets.sh":"89564342916321c5bc35e772d374a7f0af22cc9ae6dcc0027eca48d2269f18cb","src/data_model.rs":"38c0c184ee65b882872298127d9c6878292bd12c139792e82328a5facc2428ae","src/host.rs":"fb543df4f362e9119a58523563e453110f4e3a426f0995911d0ca386657cf1d9","src/lib.rs":"8e507b48bd616e1fae0e4664770f66a6475b3c6b5377f88edae1e129d133c4eb","src/parse_error.rs":"b3735eabc0fd0a9dfdd6375662f20ec96a79852a00a05a98fb2e421545285e53","src/targets.rs":"85236775f8efa95ab8f8229f693fdbcaa073da0fc4ed6651a474bb8cd92571f5","src/triple.rs":"2add94dcf177dc9b1d979e1a76f0ad0eccc999bd7d0b30bd36c20ba51b859b4a"},"package":"64ae3b39281e4b14b8123bdbaddd472b7dfe215e444181f2f9d2443c2444f834"}+{"files":{"Cargo.lock":"c200e2f14c5c8bb5b26f8fbb51b91b760983a59ab6751148aee5316231d82bef","Cargo.toml":"de3e3a32c8998aa5e581922157aab1c37693585fe54a7f37cca0f4fa140fbb02","LICENSE":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","README.md":"c3467056d91be3f59562158ee9604c729b5b5f473efbefb036032803eb76809e","build.rs":"4716b4f955c7a4cb39cb3b7521c1745d5110c1cbd1e054bca906e37f5e974675","examples/host.rs":"503bafddfb372123fe4dc0e7b8037808beb5bfe6df60c00d3315922bd3792c6c","examples/misc.rs":"49a579845450b7b020ed5c97dca142fc548725893cbc82f6f750ee0caab2beca","scripts/rust-targets.sh":"89564342916321c5bc35e772d374a7f0af22cc9ae6dcc0027eca48d2269f18cb","src/data_model.rs":"38c0c184ee65b882872298127d9c6878292bd12c139792e82328a5facc2428ae","src/host.rs":"fb543df4f362e9119a58523563e453110f4e3a426f0995911d0ca386657cf1d9","src/lib.rs":"8e507b48bd616e1fae0e4664770f66a6475b3c6b5377f88edae1e129d133c4eb","src/parse_error.rs":"b3735eabc0fd0a9dfdd6375662f20ec96a79852a00a05a98fb2e421545285e53","src/targets.rs":"3fef1a1e90678dc1adaa71fb268a65906d720481e3e45247277491314bc42ad1","src/triple.rs":"aa3589d744752876d6574e91abf5d1af3b4186fa5561b1f8c6214f0e9bebcaef"},"package":"d9bffcddbc2458fa3e6058414599e3c838a022abae82e5c67b4f7f80298d5bff"}=========dom/clients/manager/ClientManager.cpp========--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/clients/manager/ClientManager.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/clients/manager/ClientManager.cpp@@ -15,7 +15,6 @@ #include "mozilla/ipc/PBackgroundChild.h" #include "mozilla/ClearOnShutdown.h" // PastShutdownPhase #include "mozilla/StaticPrefs_dom.h"-#include "nsContentUtils.h" #include "prthread.h" namespace mozilla::dom {@@ -106,7 +105,7 @@ NS_ASSERT_OWNINGTHREAD(ClientManager); nsID id;- nsresult rv = nsContentUtils::GenerateUUIDInPlace(id);+ nsresult rv = nsID::GenerateUUIDInPlace(id); MOZ_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv)); if (NS_WARN_IF(NS_FAILED(rv))) { // If we can't even get a UUID, at least make sure not to use a garbage@@ -339,7 +338,7 @@ } nsID id;- rv = nsContentUtils::GenerateUUIDInPlace(id);+ rv = nsID::GenerateUUIDInPlace(id); MOZ_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv)); if (NS_WARN_IF(NS_FAILED(rv))) { return Nothing();
Based on the provided code diff, I'll analyze the changes for security fixes:
1. First diff (rust/target-lexicon/.cargo-checksum.json):
Vulnerability Existed: no
This appears to be a standard checksum update for dependency files. There are no code changes that would indicate a security fix.
2. Second diff (dom/clients/manager/ClientManager.cpp):
Vulnerability Existed: not sure
UUID Generation Change [dom/clients/manager/ClientManager.cpp] [Lines 106, 338]
[Old Code]
nsresult rv = nsContentUtils::GenerateUUIDInPlace(id);
[Fixed Code]
nsresult rv = nsID::GenerateUUIDInPlace(id);
The change switches from using nsContentUtils::GenerateUUIDInPlace to nsID::GenerateUUIDInPlace. While this could potentially be related to security (UUID generation is security-sensitive), the diff doesn't provide enough context to determine if this was fixing a specific vulnerability or just a refactoring. Both methods appear to serve the same purpose of generating UUIDs, but the implementation differences aren't visible in this diff.
Additional Notes:
- The removal of the #include "nsContentUtils.h" suggests this was a deliberate change to stop using that utility class for UUID generation
- The change is consistent in two locations where UUIDs are generated
- Without more context about the implementation differences between these two UUID generation methods, I can't definitively say if this fixes a vulnerability
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/pixel-manipulation/2d.imageData.create1.basic.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/pixel-manipulation/2d.imageData.create1.basic.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); _assertDifferent(ctx.createImageData(ctx.createImageData(1, 1)), null, "ctx.createImageData(ctx.createImageData(1, 1))", "null"); t.done();
Analysis of the provided code diff:
1. Vulnerability Existed: no
No specific vulnerability found [File] testing/web-platform/tests/html/canvas/offscreen/pixel-manipulation/2d.imageData.create1.basic.html [Lines] 17-18
Old Code:
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
Fixed Code:
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
Additional Details:
- The change appears to be a simple variable renaming from 'offscreenCanvas' to 'canvas'
- No security-related changes or vulnerability fixes are evident in this diff
- The modification doesn't affect the functionality or security of the code
- This appears to be a code style/readability improvement rather than a security fix
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/media/platforms/ffmpeg/FFmpegDataDecoder.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/media/platforms/ffmpeg/FFmpegDataDecoder.h@@ -40,6 +40,9 @@ RefPtr<ShutdownPromise> Shutdown() override; static AVCodec* FindAVCodec(FFmpegLibWrapper* aLib, AVCodecID aCodec);+#ifdef MOZ_WAYLAND+ static AVCodec* FindHardwareAVCodec(FFmpegLibWrapper* aLib, AVCodecID aCodec);+#endif protected: // Flush and Drain operation, always run
Analyzing the provided code diff for security fixes: 1. Vulnerability Existed: not sure [Potential Codec Handling Improvement] [dom/media/platforms/ffmpeg/FFmpegDataDecoder.h] [Lines 40-43] [Old Code] ```cpp static AVCodec* FindAVCodec(FFmpegLibWrapper* aLib, AVCodecID aCodec); ``` [Fixed Code] ```cpp static AVCodec* FindAVCodec(FFmpegLibWrapper* aLib, AVCodecID aCodec); #ifdef MOZ_WAYLAND static AVCodec* FindHardwareAVCodec(FFmpegLibWrapper* aLib, AVCodecID aCodec); #endif ``` Additional Details: The change adds a new method for finding hardware codecs specifically for Wayland. While this isn't clearly a security fix, it could potentially improve security by better isolating hardware codec handling, though we can't be certain without more context. Note: The diff shows an addition of functionality rather than a clear security fix. No specific vulnerabilities are addressed in this change, but the modification could potentially relate to security hardening in hardware codec handling.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.css-color-4-hsl-4.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.css-color-4-hsl-4.worker.js@@ -13,14 +13,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; try { ctx.fillStyle = 'hsl(0 100% 50% /)'; } catch (e) { } // this shouldn't throw, but it shouldn't matter here if it does ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
Here's the analysis of the provided code diff following the specified format:
Vulnerability Existed: no
[Variable Renaming] [testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.css-color-4-hsl-4.worker.js] [Lines 13-14, 20]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
...
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
...
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
Additional Details:
The changes appear to be purely cosmetic, renaming the variable 'offscreenCanvas' to 'canvas' for consistency or clarity. There's no indication of any security vulnerability being fixed in this diff. The functionality remains the same, only the variable name has changed. The test case continues to verify the same color parsing behavior in the canvas context.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/netwerk/protocol/websocket/WebSocketChannelChild.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/netwerk/protocol/websocket/WebSocketChannelChild.cpp@@ -453,11 +453,6 @@ void WebSocketChannelChild::SetupNeckoTarget() { mNeckoTarget = nsContentUtils::GetEventTargetByLoadInfo( mLoadInfo, TaskCategory::Network);- if (!mNeckoTarget) {- return;- }-- gNeckoChild->SetEventTargetForActor(this, mNeckoTarget); } NS_IMETHODIMP
Based on the provided code diff, here's the analysis:
Vulnerability Existed: not sure
[Potential Race Condition or Actor Targeting Issue] [netwerk/protocol/websocket/WebSocketChannelChild.cpp] [Lines 453-458]
[Old Code]
void WebSocketChannelChild::SetupNeckoTarget() {
mNeckoTarget = nsContentUtils::GetEventTargetByLoadInfo(
mLoadInfo, TaskCategory::Network);
if (!mNeckoTarget) {
return;
}
gNeckoChild->SetEventTargetForActor(this, mNeckoTarget);
}
[Fixed Code]
void WebSocketChannelChild::SetupNeckoTarget() {
mNeckoTarget = nsContentUtils::GetEventTargetByLoadInfo(
mLoadInfo, TaskCategory::Network);
}
The change removes the explicit setting of the event target for the actor. While this could potentially be related to security (such as preventing race conditions or improper actor targeting), without more context about why this change was made or the broader implications in the WebSocket implementation, I can't definitively identify a specific vulnerability. The removal might be part of a larger architectural change in how actor targets are managed.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/ash/src/vk/const_debugs.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/ash/src/vk/const_debugs.rs@@ -1,33 +1,8 @@+use crate::prelude::debug_flags; use crate::vk::bitflags::*; use crate::vk::definitions::*; use crate::vk::enums::*; use std::fmt;-pub(crate) fn debug_flags<Value: Into<u64> + Copy>(- f: &mut fmt::Formatter,- known: &[(Value, &'static str)],- value: Value,-) -> fmt::Result {- let mut first = true;- let mut accum = value.into();- for &(bit, name) in known {- let bit = bit.into();- if bit != 0 && accum & bit == bit {- if !first {- f.write_str(" | ")?;- }- f.write_str(name)?;- first = false;- accum &= !bit;- }- }- if accum != 0 {- if !first {- f.write_str(" | ")?;- }- write!(f, "{:b}", accum)?;- }- Ok(())-} impl fmt::Debug for AccelerationStructureBuildTypeKHR { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { let name = match *self {@@ -321,10 +296,12 @@ AccessFlags2KHR::COLOR_ATTACHMENT_READ_NONCOHERENT_EXT.0, "COLOR_ATTACHMENT_READ_NONCOHERENT_EXT", ),+ (AccessFlags2KHR::RESERVED_41_AMD.0, "RESERVED_41_AMD"), ( AccessFlags2KHR::INVOCATION_MASK_READ_HUAWEI.0, "INVOCATION_MASK_READ_HUAWEI", ),+ (AccessFlags2KHR::RESERVED_387.0, "RESERVED_387"), ]; debug_flags(f, KNOWN, self.0) }@@ -368,7 +345,7 @@ let name = match *self { Self::STORE => Some("STORE"), Self::DONT_CARE => Some("DONT_CARE"),- Self::NONE_EXT => Some("NONE_EXT"),+ Self::NONE_KHR => Some("NONE_KHR"), _ => None, }; if let Some(x) = name {@@ -513,6 +490,7 @@ (BufferCreateFlags::SPARSE_BINDING.0, "SPARSE_BINDING"), (BufferCreateFlags::SPARSE_RESIDENCY.0, "SPARSE_RESIDENCY"), (BufferCreateFlags::SPARSE_ALIASED.0, "SPARSE_ALIASED"),+ (BufferCreateFlags::RESERVED_5_AMD.0, "RESERVED_5_AMD"), (BufferCreateFlags::PROTECTED.0, "PROTECTED"), ( BufferCreateFlags::DEVICE_ADDRESS_CAPTURE_REPLAY.0,@@ -581,6 +559,8 @@ BufferUsageFlags::VIDEO_ENCODE_SRC_KHR.0, "VIDEO_ENCODE_SRC_KHR", ),+ (BufferUsageFlags::RESERVED_21_AMD.0, "RESERVED_21_AMD"),+ (BufferUsageFlags::RESERVED_22_AMD.0, "RESERVED_22_AMD"), ( BufferUsageFlags::SHADER_DEVICE_ADDRESS.0, "SHADER_DEVICE_ADDRESS",@@ -763,10 +743,16 @@ } impl fmt::Debug for CommandPoolResetFlags { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {- const KNOWN: &[(Flags, &str)] = &[(- CommandPoolResetFlags::RELEASE_RESOURCES.0,- "RELEASE_RESOURCES",- )];+ const KNOWN: &[(Flags, &str)] = &[+ (+ CommandPoolResetFlags::RELEASE_RESOURCES.0,+ "RELEASE_RESOURCES",+ ),+ (+ CommandPoolResetFlags::RESERVED_1_COREAVI.0,+ "RESERVED_1_COREAVI",+ ),+ ]; debug_flags(f, KNOWN, self.0) } }@@ -983,6 +969,7 @@ Self::CU_FUNCTION_NVX => Some("CU_FUNCTION_NVX"), Self::ACCELERATION_STRUCTURE_KHR => Some("ACCELERATION_STRUCTURE_KHR"), Self::ACCELERATION_STRUCTURE_NV => Some("ACCELERATION_STRUCTURE_NV"),+ Self::BUFFER_COLLECTION_FUCHSIA => Some("BUFFER_COLLECTION_FUCHSIA"), _ => None, }; if let Some(x) = name {@@ -1087,6 +1074,10 @@ ( DescriptorSetLayoutCreateFlags::PUSH_DESCRIPTOR_KHR.0, "PUSH_DESCRIPTOR_KHR",+ ),+ (+ DescriptorSetLayoutCreateFlags::RESERVED_4_AMD.0,+ "RESERVED_4_AMD", ), ( DescriptorSetLayoutCreateFlags::RESERVED_3_AMD.0,@@ -1228,7 +1219,10 @@ } impl fmt::Debug for DeviceQueueCreateFlags { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {- const KNOWN: &[(Flags, &str)] = &[(DeviceQueueCreateFlags::PROTECTED.0, "PROTECTED")];+ const KNOWN: &[(Flags, &str)] = &[+ (DeviceQueueCreateFlags::RESERVED_1_QCOM.0, "RESERVED_1_QCOM"),+ (DeviceQueueCreateFlags::PROTECTED.0, "PROTECTED"),+ ]; debug_flags(f, KNOWN, self.0) } }@@ -1326,6 +1320,10 @@ Self::COREAVI_PROPRIETARY => Some("COREAVI_PROPRIETARY"), Self::JUICE_PROPRIETARY => Some("JUICE_PROPRIETARY"), Self::VERISILICON_PROPRIETARY => Some("VERISILICON_PROPRIETARY"),+ Self::MESA_TURNIP => Some("MESA_TURNIP"),+ Self::MESA_V3DV => Some("MESA_V3DV"),+ Self::MESA_PANVK => Some("MESA_PANVK"),+ Self::SAMSUNG_PROPRIETARY => Some("SAMSUNG_PROPRIETARY"), _ => None, }; if let Some(x) = name {@@ -1922,6 +1920,12 @@ debug_flags(f, KNOWN, self.0) } }+impl fmt::Debug for FormatFeatureFlags2KHR {+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {+ const KNOWN : & [(Flags64 , & str)] = & [(FormatFeatureFlags2KHR :: SAMPLED_IMAGE . 0 , "SAMPLED_IMAGE") , (FormatFeatureFlags2KHR :: STORAGE_IMAGE . 0 , "STORAGE_IMAGE") , (FormatFeatureFlags2KHR :: STORAGE_IMAGE_ATOMIC . 0 , "STORAGE_IMAGE_ATOMIC") , (FormatFeatureFlags2KHR :: UNIFORM_TEXEL_BUFFER . 0 , "UNIFORM_TEXEL_BUFFER") , (FormatFeatureFlags2KHR :: STORAGE_TEXEL_BUFFER . 0 , "STORAGE_TEXEL_BUFFER") , (FormatFeatureFlags2KHR :: STORAGE_TEXEL_BUFFER_ATOMIC . 0 , "STORAGE_TEXEL_BUFFER_ATOMIC") , (FormatFeatureFlags2KHR :: VERTEX_BUFFER . 0 , "VERTEX_BUFFER") , (FormatFeatureFlags2KHR :: COLOR_ATTACHMENT . 0 , "COLOR_ATTACHMENT") , (FormatFeatureFlags2KHR :: COLOR_ATTACHMENT_BLEND . 0 , "COLOR_ATTACHMENT_BLEND") , (FormatFeatureFlags2KHR :: DEPTH_STENCIL_ATTACHMENT . 0 , "DEPTH_STENCIL_ATTACHMENT") , (FormatFeatureFlags2KHR :: BLIT_SRC . 0 , "BLIT_SRC") , (FormatFeatureFlags2KHR :: BLIT_DST . 0 , "BLIT_DST") , (FormatFeatureFlags2KHR :: SAMPLED_IMAGE_FILTER_LINEAR . 0 , "SAMPLED_IMAGE_FILTER_LINEAR") , (FormatFeatureFlags2KHR :: SAMPLED_IMAGE_FILTER_CUBIC_EXT . 0 , "SAMPLED_IMAGE_FILTER_CUBIC_EXT") , (FormatFeatureFlags2KHR :: TRANSFER_SRC . 0 , "TRANSFER_SRC") , (FormatFeatureFlags2KHR :: TRANSFER_DST . 0 , "TRANSFER_DST") , (FormatFeatureFlags2KHR :: SAMPLED_IMAGE_FILTER_MINMAX . 0 , "SAMPLED_IMAGE_FILTER_MINMAX") , (FormatFeatureFlags2KHR :: MIDPOINT_CHROMA_SAMPLES . 0 , "MIDPOINT_CHROMA_SAMPLES") , (FormatFeatureFlags2KHR :: SAMPLED_IMAGE_YCBCR_CONVERSION_LINEAR_FILTER . 0 , "SAMPLED_IMAGE_YCBCR_CONVERSION_LINEAR_FILTER") , (FormatFeatureFlags2KHR :: SAMPLED_IMAGE_YCBCR_CONVERSION_SEPARATE_RECONSTRUCTION_FILTER . 0 , "SAMPLED_IMAGE_YCBCR_CONVERSION_SEPARATE_RECONSTRUCTION_FILTER") , (FormatFeatureFlags2KHR :: SAMPLED_IMAGE_YCBCR_CONVERSION_CHROMA_RECONSTRUCTION_EXPLICIT . 0 , "SAMPLED_IMAGE_YCBCR_CONVERSION_CHROMA_RECONSTRUCTION_EXPLICIT") , (FormatFeatureFlags2KHR :: SAMPLED_IMAGE_YCBCR_CONVERSION_CHROMA_RECONSTRUCTION_EXPLICIT_FORCEABLE . 0 , "SAMPLED_IMAGE_YCBCR_CONVERSION_CHROMA_RECONSTRUCTION_EXPLICIT_FORCEABLE") , (FormatFeatureFlags2KHR :: DISJOINT . 0 , "DISJOINT") , (FormatFeatureFlags2KHR :: COSITED_CHROMA_SAMPLES . 0 , "COSITED_CHROMA_SAMPLES") , (FormatFeatureFlags2KHR :: STORAGE_READ_WITHOUT_FORMAT . 0 , "STORAGE_READ_WITHOUT_FORMAT") , (FormatFeatureFlags2KHR :: STORAGE_WRITE_WITHOUT_FORMAT . 0 , "STORAGE_WRITE_WITHOUT_FORMAT") , (FormatFeatureFlags2KHR :: SAMPLED_IMAGE_DEPTH_COMPARISON . 0 , "SAMPLED_IMAGE_DEPTH_COMPARISON") , (FormatFeatureFlags2KHR :: VIDEO_DECODE_OUTPUT . 0 , "VIDEO_DECODE_OUTPUT") , (FormatFeatureFlags2KHR :: VIDEO_DECODE_DPB . 0 , "VIDEO_DECODE_DPB") , (FormatFeatureFlags2KHR :: ACCELERATION_STRUCTURE_VERTEX_BUFFER . 0 , "ACCELERATION_STRUCTURE_VERTEX_BUFFER") , (FormatFeatureFlags2KHR :: FRAGMENT_DENSITY_MAP_EXT . 0 , "FRAGMENT_DENSITY_MAP_EXT") , (FormatFeatureFlags2KHR :: FRAGMENT_SHADING_RATE_ATTACHMENT . 0 , "FRAGMENT_SHADING_RATE_ATTACHMENT") , (FormatFeatureFlags2KHR :: VIDEO_ENCODE_INPUT . 0 , "VIDEO_ENCODE_INPUT") , (FormatFeatureFlags2KHR :: VIDEO_ENCODE_DPB . 0 , "VIDEO_ENCODE_DPB") , (FormatFeatureFlags2KHR :: LINEAR_COLOR_ATTACHMENT_NV . 0 , "LINEAR_COLOR_ATTACHMENT_NV") , (FormatFeatureFlags2KHR :: RESERVED_34_QCOM . 0 , "RESERVED_34_QCOM") , (FormatFeatureFlags2KHR :: RESERVED_35_QCOM . 0 , "RESERVED_35_QCOM") , (FormatFeatureFlags2KHR :: RESERVED_36_QCOM . 0 , "RESERVED_36_QCOM") , (FormatFeatureFlags2KHR :: RESERVED_37_QCOM . 0 , "RESERVED_37_QCOM")] ;+ debug_flags(f, KNOWN, self.0)+ }+} impl fmt::Debug for FragmentShadingRateCombinerOpKHR { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { let name = match *self {@@ -2083,9 +2087,37 @@ (ImageAspectFlags::MEMORY_PLANE_1_EXT.0, "MEMORY_PLANE_1_EXT"), (ImageAspectFlags::MEMORY_PLANE_2_EXT.0, "MEMORY_PLANE_2_EXT"), (ImageAspectFlags::MEMORY_PLANE_3_EXT.0, "MEMORY_PLANE_3_EXT"),+ (ImageAspectFlags::NONE_KHR.0, "NONE_KHR"), (ImageAspectFlags::PLANE_0.0, "PLANE_0"), (ImageAspectFlags::PLANE_1.0, "PLANE_1"), (ImageAspectFlags::PLANE_2.0, "PLANE_2"),+ ];+ debug_flags(f, KNOWN, self.0)+ }+}+impl fmt::Debug for ImageConstraintsInfoFlagsFUCHSIA {+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {+ const KNOWN: &[(Flags, &str)] = &[+ (+ ImageConstraintsInfoFlagsFUCHSIA::CPU_READ_RARELY.0,+ "CPU_READ_RARELY",+ ),+ (+ ImageConstraintsInfoFlagsFUCHSIA::CPU_READ_OFTEN.0,+ "CPU_READ_OFTEN",+ ),+ (+ ImageConstraintsInfoFlagsFUCHSIA::CPU_WRITE_RARELY.0,+ "CPU_WRITE_RARELY",+ ),+ (+ ImageConstraintsInfoFlagsFUCHSIA::CPU_WRITE_OFTEN.0,+ "CPU_WRITE_OFTEN",+ ),+ (+ ImageConstraintsInfoFlagsFUCHSIA::PROTECTED_OPTIONAL.0,+ "PROTECTED_OPTIONAL",+ ), ]; debug_flags(f, KNOWN, self.0) }@@ -2104,6 +2136,12 @@ "SAMPLE_LOCATIONS_COMPATIBLE_DEPTH_EXT", ), (ImageCreateFlags::SUBSAMPLED_EXT.0, "SUBSAMPLED_EXT"),+ (ImageCreateFlags::RESERVED_16_AMD.0, "RESERVED_16_AMD"),+ (ImageCreateFlags::RESERVED_394_EXT.0, "RESERVED_394_EXT"),+ (+ ImageCreateFlags::FRAGMENT_DENSITY_MAP_OFFSET_QCOM.0,+ "FRAGMENT_DENSITY_MAP_OFFSET_QCOM",+ ), (ImageCreateFlags::ALIAS.0, "ALIAS"), ( ImageCreateFlags::SPLIT_INSTANCE_BIND_REGIONS.0,@@ -2121,6 +2159,12 @@ (ImageCreateFlags::PROTECTED.0, "PROTECTED"), (ImageCreateFlags::DISJOINT.0, "DISJOINT"), ];+ debug_flags(f, KNOWN, self.0)+ }+}+impl fmt::Debug for ImageFormatConstraintsFlagsFUCHSIA {+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {+ const KNOWN: &[(Flags, &str)] = &[]; debug_flags(f, KNOWN, self.0) } }@@ -2261,6 +2305,8 @@ ImageUsageFlags::INVOCATION_MASK_HUAWEI.0, "INVOCATION_MASK_HUAWEI", ),+ (ImageUsageFlags::RESERVED_20_QCOM.0, "RESERVED_20_QCOM"),+ (ImageUsageFlags::RESERVED_21_QCOM.0, "RESERVED_21_QCOM"), ]; debug_flags(f, KNOWN, self.0) }@@ -2502,63 +2548,6 @@ debug_flags(f, KNOWN, self.0) } }-impl fmt::Debug for ObjectType {- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {- let name = match *self {- Self::UNKNOWN => Some("UNKNOWN"),- Self::INSTANCE => Some("INSTANCE"),- Self::PHYSICAL_DEVICE => Some("PHYSICAL_DEVICE"),- Self::DEVICE => Some("DEVICE"),- Self::QUEUE => Some("QUEUE"),- Self::SEMAPHORE => Some("SEMAPHORE"),- Self::COMMAND_BUFFER => Some("COMMAND_BUFFER"),- Self::FENCE => Some("FENCE"),- Self::DEVICE_MEMORY => Some("DEVICE_MEMORY"),- Self::BUFFER => Some("BUFFER"),- Self::IMAGE => Some("IMAGE"),- Self::EVENT => Some("EVENT"),- Self::QUERY_POOL => Some("QUERY_POOL"),- Self::BUFFER_VIEW => Some("BUFFER_VIEW"),- Self::IMAGE_VIEW => Some("IMAGE_VIEW"),- Self::SHADER_MODULE => Some("SHADER_MODULE"),- Self::PIPELINE_CACHE => Some("PIPELINE_CACHE"),- Self::PIPELINE_LAYOUT => Some("PIPELINE_LAYOUT"),- Self::RENDER_PASS => Some("RENDER_PASS"),- Self::PIPELINE => Some("PIPELINE"),- Self::DESCRIPTOR_SET_LAYOUT => Some("DESCRIPTOR_SET_LAYOUT"),- Self::SAMPLER => Some("SAMPLER"),- Self::DESCRIPTOR_POOL => Some("DESCRIPTOR_POOL"),- Self::DESCRIPTOR_SET => Some("DESCRIPTOR_SET"),- Self::FRAMEBUFFER => Some("FRAMEBUFFER"),- Self::COMMAND_POOL => Some("COMMAND_POOL"),- Self::SURFACE_KHR => Some("SURFACE_KHR"),- Self::SWAPCHAIN_KHR => Some("SWAPCHAIN_KHR"),- Self::DISPLAY_KHR => Some("DISPLAY_KHR"),- Self::DISPLAY_MODE_KHR => Some("DISPLAY_MODE_KHR"),- Self::DEBUG_REPORT_CALLBACK_EXT => Some("DEBUG_REPORT_CALLBACK_EXT"),- Self::VIDEO_SESSION_KHR => Some("VIDEO_SESSION_KHR"),- Self::VIDEO_SESSION_PARAMETERS_KHR => Some("VIDEO_SESSION_PARAMETERS_KHR"),- Self::CU_MODULE_NVX => Some("CU_MODULE_NVX"),- Self::CU_FUNCTION_NVX => Some("CU_FUNCTION_NVX"),- Self::DEBUG_UTILS_MESSENGER_EXT => Some("DEBUG_UTILS_MESSENGER_EXT"),- Self::ACCELERATION_STRUCTURE_KHR => Some("ACCELERATION_STRUCTURE_KHR"),- Self::VALIDATION_CACHE_EXT => Some("VALIDATION_CACHE_EXT"),- Self::ACCELERATION_STRUCTURE_NV => Some("ACCELERATION_STRUCTURE_NV"),- Self::PERFORMANCE_CONFIGURATION_INTEL => Some("PERFORMANCE_CONFIGURATION_INTEL"),- Self::DEFERRED_OPERATION_KHR => Some("DEFERRED_OPERATION_KHR"),- Self::INDIRECT_COMMANDS_LAYOUT_NV => Some("INDIRECT_COMMANDS_LAYOUT_NV"),- Self::PRIVATE_DATA_SLOT_EXT => Some("PRIVATE_DATA_SLOT_EXT"),- Self::SAMPLER_YCBCR_CONVERSION => Some("SAMPLER_YCBCR_CONVERSION"),- Self::DESCRIPTOR_UPDATE_TEMPLATE => Some("DESCRIPTOR_UPDATE_TEMPLATE"),- _ => None,- };- if let Some(x) = name {- f.write_str(x)- } else {- self.0.fmt(f)- }- }-} impl fmt::Debug for PeerMemoryFeatureFlags { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { const KNOWN: &[(Flags, &str)] = &[@@ -2762,7 +2751,10 @@ } impl fmt::Debug for PipelineColorBlendStateCreateFlags { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {- const KNOWN: &[(Flags, &str)] = &[];+ const KNOWN: &[(Flags, &str)] = &[(+ PipelineColorBlendStateCreateFlags::RASTERIZATION_ORDER_ATTACHMENT_ACCESS_ARM.0,+ "RASTERIZATION_ORDER_ATTACHMENT_ACCESS_ARM",+ )]; debug_flags(f, KNOWN, self.0) } }@@ -2802,8 +2794,14 @@ "ALLOW_DERIVATIVES", ), (PipelineCreateFlags::DERIVATIVE.0, "DERIVATIVE"),- (PipelineCreateFlags::RESERVED_21_AMD.0, "RESERVED_21_AMD"),- (PipelineCreateFlags::RESERVED_22_AMD.0, "RESERVED_22_AMD"),+ (+ PipelineCreateFlags::RENDERING_FRAGMENT_SHADING_RATE_ATTACHMENT_KHR.0,+ "RENDERING_FRAGMENT_SHADING_RATE_ATTACHMENT_KHR",+ ),+ (+ PipelineCreateFlags::RENDERING_FRAGMENT_DENSITY_MAP_ATTACHMENT_EXT.0,+ "RENDERING_FRAGMENT_DENSITY_MAP_ATTACHMENT_EXT",+ ), ( PipelineCreateFlags::RAY_TRACING_NO_NULL_ANY_HIT_SHADERS_KHR.0, "RAY_TRACING_NO_NULL_ANY_HIT_SHADERS_KHR",@@ -2887,7 +2885,7 @@ } impl fmt::Debug for PipelineDepthStencilStateCreateFlags { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {- const KNOWN: &[(Flags, &str)] = &[];+ const KNOWN : & [(Flags , & str)] = & [(PipelineDepthStencilStateCreateFlags :: RASTERIZATION_ORDER_ATTACHMENT_DEPTH_ACCESS_ARM . 0 , "RASTERIZATION_ORDER_ATTACHMENT_DEPTH_ACCESS_ARM") , (PipelineDepthStencilStateCreateFlags :: RASTERIZATION_ORDER_ATTACHMENT_STENCIL_ACCESS_ARM . 0 , "RASTERIZATION_ORDER_ATTACHMENT_STENCIL_ACCESS_ARM")] ; debug_flags(f, KNOWN, self.0) } }@@ -2927,10 +2925,16 @@ } impl fmt::Debug for PipelineLayoutCreateFlags { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {- const KNOWN: &[(Flags, &str)] = &[(- PipelineLayoutCreateFlags::RESERVED_0_AMD.0,- "RESERVED_0_AMD",- )];+ const KNOWN: &[(Flags, &str)] = &[+ (+ PipelineLayoutCreateFlags::RESERVED_0_AMD.0,+ "RESERVED_0_AMD",+ ),+ (+ PipelineLayoutCreateFlags::RESERVED_1_AMD.0,+ "RESERVED_1_AMD",+ ),+ ]; debug_flags(f, KNOWN, self.0) } }@@ -3146,6 +3150,7 @@ PipelineStageFlags2KHR::INVOCATION_MASK_HUAWEI.0, "INVOCATION_MASK_HUAWEI", ),+ (PipelineStageFlags2KHR::RESERVED_387.0, "RESERVED_387"), ]; debug_flags(f, KNOWN, self.0) }@@ -3408,6 +3413,7 @@ (QueueFlags::SPARSE_BINDING.0, "SPARSE_BINDING"), (QueueFlags::VIDEO_DECODE_KHR.0, "VIDEO_DECODE_KHR"), (QueueFlags::VIDEO_ENCODE_KHR.0, "VIDEO_ENCODE_KHR"),+ (QueueFlags::RESERVED_7_QCOM.0, "RESERVED_7_QCOM"), (QueueFlags::PROTECTED.0, "PROTECTED"), ]; debug_flags(f, KNOWN, self.0)@@ -3463,6 +3469,19 @@ const KNOWN: &[(Flags, &str)] = &[ (RenderPassCreateFlags::RESERVED_0_KHR.0, "RESERVED_0_KHR"), (RenderPassCreateFlags::TRANSFORM_QCOM.0, "TRANSFORM_QCOM"),+ ];+ debug_flags(f, KNOWN, self.0)+ }+}+impl fmt::Debug for RenderingFlagsKHR {+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {+ const KNOWN: &[(Flags, &str)] = &[+ (+ RenderingFlagsKHR::CONTENTS_SECONDARY_COMMAND_BUFFERS.0,+ "CONTENTS_SECONDARY_COMMAND_BUFFERS",+ ),+ (RenderingFlagsKHR::SUSPENDING.0, "SUSPENDING"),+ (RenderingFlagsKHR::RESUMING.0, "RESUMING"), ]; debug_flags(f, KNOWN, self.0) }@@ -3477,62 +3496,6 @@ (ResolveModeFlags::MAX.0, "MAX"), ]; debug_flags(f, KNOWN, self.0)- }-}-impl fmt::Debug for Result {- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {- let name = match *self {- Self::SUCCESS => Some("SUCCESS"),- Self::NOT_READY => Some("NOT_READY"),- Self::TIMEOUT => Some("TIMEOUT"),- Self::EVENT_SET => Some("EVENT_SET"),- Self::EVENT_RESET => Some("EVENT_RESET"),- Self::INCOMPLETE => Some("INCOMPLETE"),- Self::ERROR_OUT_OF_HOST_MEMORY => Some("ERROR_OUT_OF_HOST_MEMORY"),- Self::ERROR_OUT_OF_DEVICE_MEMORY => Some("ERROR_OUT_OF_DEVICE_MEMORY"),- Self::ERROR_INITIALIZATION_FAILED => Some("ERROR_INITIALIZATION_FAILED"),- Self::ERROR_DEVICE_LOST => Some("ERROR_DEVICE_LOST"),- Self::ERROR_MEMORY_MAP_FAILED => Some("ERROR_MEMORY_MAP_FAILED"),- Self::ERROR_LAYER_NOT_PRESENT => Some("ERROR_LAYER_NOT_PRESENT"),- Self::ERROR_EXTENSION_NOT_PRESENT => Some("ERROR_EXTENSION_NOT_PRESENT"),- Self::ERROR_FEATURE_NOT_PRESENT => Some("ERROR_FEATURE_NOT_PRESENT"),- Self::ERROR_INCOMPATIBLE_DRIVER => Some("ERROR_INCOMPATIBLE_DRIVER"),- Self::ERROR_TOO_MANY_OBJECTS => Some("ERROR_TOO_MANY_OBJECTS"),- Self::ERROR_FORMAT_NOT_SUPPORTED => Some("ERROR_FORMAT_NOT_SUPPORTED"),- Self::ERROR_FRAGMENTED_POOL => Some("ERROR_FRAGMENTED_POOL"),- Self::ERROR_UNKNOWN => Some("ERROR_UNKNOWN"),- Self::ERROR_SURFACE_LOST_KHR => Some("ERROR_SURFACE_LOST_KHR"),- Self::ERROR_NATIVE_WINDOW_IN_USE_KHR => Some("ERROR_NATIVE_WINDOW_IN_USE_KHR"),- Self::SUBOPTIMAL_KHR => Some("SUBOPTIMAL_KHR"),- Self::ERROR_OUT_OF_DATE_KHR => Some("ERROR_OUT_OF_DATE_KHR"),- Self::ERROR_INCOMPATIBLE_DISPLAY_KHR => Some("ERROR_INCOMPATIBLE_DISPLAY_KHR"),- Self::ERROR_VALIDATION_FAILED_EXT => Some("ERROR_VALIDATION_FAILED_EXT"),- Self::ERROR_INVALID_SHADER_NV => Some("ERROR_INVALID_SHADER_NV"),- Self::ERROR_INVALID_DRM_FORMAT_MODIFIER_PLANE_LAYOUT_EXT => {- Some("ERROR_INVALID_DRM_FORMAT_MODIFIER_PLANE_LAYOUT_EXT")- }- Self::ERROR_NOT_PERMITTED_EXT => Some("ERROR_NOT_PERMITTED_EXT"),- Self::ERROR_FULL_SCREEN_EXCLUSIVE_MODE_LOST_EXT => {- Some("ERROR_FULL_SCREEN_EXCLUSIVE_MODE_LOST_EXT")- }- Self::THREAD_IDLE_KHR => Some("THREAD_IDLE_KHR"),- Self::THREAD_DONE_KHR => Some("THREAD_DONE_KHR"),- Self::OPERATION_DEFERRED_KHR => Some("OPERATION_DEFERRED_KHR"),- Self::OPERATION_NOT_DEFERRED_KHR => Some("OPERATION_NOT_DEFERRED_KHR"),- Self::PIPELINE_COMPILE_REQUIRED_EXT => Some("PIPELINE_COMPILE_REQUIRED_EXT"),- Self::ERROR_OUT_OF_POOL_MEMORY => Some("ERROR_OUT_OF_POOL_MEMORY"),- Self::ERROR_INVALID_EXTERNAL_HANDLE => Some("ERROR_INVALID_EXTERNAL_HANDLE"),- Self::ERROR_FRAGMENTATION => Some("ERROR_FRAGMENTATION"),- Self::ERROR_INVALID_OPAQUE_CAPTURE_ADDRESS => {- Some("ERROR_INVALID_OPAQUE_CAPTURE_ADDRESS")- }- _ => None,- };- if let Some(x) = name {- f.write_str(x)- } else {- self.0.fmt(f)- } } } impl fmt::Debug for SampleCountFlags {@@ -3574,7 +3537,12 @@ SamplerCreateFlags::SUBSAMPLED_COARSE_RECONSTRUCTION_EXT.0, "SUBSAMPLED_COARSE_RECONSTRUCTION_EXT", ),+ (SamplerCreateFlags::RESERVED_3_AMD.0, "RESERVED_3_AMD"), (SamplerCreateFlags::RESERVED_2_EXT.0, "RESERVED_2_EXT"),+ (+ SamplerCreateFlags::IMAGE_PROCESSING_QCOM.0,+ "IMAGE_PROCESSING_QCOM",+ ), ]; debug_flags(f, KNOWN, self.0) }@@ -4011,6 +3979,9 @@ Some("PHYSICAL_DEVICE_VIDEO_FORMAT_INFO_KHR") } Self::VIDEO_FORMAT_PROPERTIES_KHR => Some("VIDEO_FORMAT_PROPERTIES_KHR"),+ Self::QUEUE_FAMILY_QUERY_RESULT_STATUS_PROPERTIES_2_KHR => {+ Some("QUEUE_FAMILY_QUERY_RESULT_STATUS_PROPERTIES_2_KHR")+ } Self::VIDEO_DECODE_INFO_KHR => Some("VIDEO_DECODE_INFO_KHR"), Self::DEDICATED_ALLOCATION_IMAGE_CREATE_INFO_NV => { Some("DEDICATED_ALLOCATION_IMAGE_CREATE_INFO_NV")@@ -4056,6 +4027,42 @@ Some("VIDEO_ENCODE_H264_EMIT_PICTURE_PARAMETERS_EXT") } Self::VIDEO_ENCODE_H264_PROFILE_EXT => Some("VIDEO_ENCODE_H264_PROFILE_EXT"),+ Self::VIDEO_ENCODE_H264_RATE_CONTROL_INFO_EXT => {+ Some("VIDEO_ENCODE_H264_RATE_CONTROL_INFO_EXT")+ }+ Self::VIDEO_ENCODE_H264_RATE_CONTROL_LAYER_INFO_EXT => {+ Some("VIDEO_ENCODE_H264_RATE_CONTROL_LAYER_INFO_EXT")+ }+ Self::VIDEO_ENCODE_H265_CAPABILITIES_EXT => Some("VIDEO_ENCODE_H265_CAPABILITIES_EXT"),+ Self::VIDEO_ENCODE_H265_SESSION_CREATE_INFO_EXT => {+ Some("VIDEO_ENCODE_H265_SESSION_CREATE_INFO_EXT")+ }+ Self::VIDEO_ENCODE_H265_SESSION_PARAMETERS_CREATE_INFO_EXT => {+ Some("VIDEO_ENCODE_H265_SESSION_PARAMETERS_CREATE_INFO_EXT")+ }+ Self::VIDEO_ENCODE_H265_SESSION_PARAMETERS_ADD_INFO_EXT => {+ Some("VIDEO_ENCODE_H265_SESSION_PARAMETERS_ADD_INFO_EXT")+ }+ Self::VIDEO_ENCODE_H265_VCL_FRAME_INFO_EXT => {+ Some("VIDEO_ENCODE_H265_VCL_FRAME_INFO_EXT")+ }+ Self::VIDEO_ENCODE_H265_DPB_SLOT_INFO_EXT => {+ Some("VIDEO_ENCODE_H265_DPB_SLOT_INFO_EXT")+ }+ Self::VIDEO_ENCODE_H265_NALU_SLICE_EXT => Some("VIDEO_ENCODE_H265_NALU_SLICE_EXT"),+ Self::VIDEO_ENCODE_H265_EMIT_PICTURE_PARAMETERS_EXT => {+ Some("VIDEO_ENCODE_H265_EMIT_PICTURE_PARAMETERS_EXT")+ }+ Self::VIDEO_ENCODE_H265_PROFILE_EXT => Some("VIDEO_ENCODE_H265_PROFILE_EXT"),+ Self::VIDEO_ENCODE_H265_REFERENCE_LISTS_EXT => {+ Some("VIDEO_ENCODE_H265_REFERENCE_LISTS_EXT")+ }+ Self::VIDEO_ENCODE_H265_RATE_CONTROL_INFO_EXT => {+ Some("VIDEO_ENCODE_H265_RATE_CONTROL_INFO_EXT")+ }+ Self::VIDEO_ENCODE_H265_RATE_CONTROL_LAYER_INFO_EXT => {+ Some("VIDEO_ENCODE_H265_RATE_CONTROL_LAYER_INFO_EXT")+ } Self::VIDEO_DECODE_H264_CAPABILITIES_EXT => Some("VIDEO_DECODE_H264_CAPABILITIES_EXT"), Self::VIDEO_DECODE_H264_SESSION_CREATE_INFO_EXT => { Some("VIDEO_DECODE_H264_SESSION_CREATE_INFO_EXT")@@ -4074,6 +4081,25 @@ } Self::TEXTURE_LOD_GATHER_FORMAT_PROPERTIES_AMD => { Some("TEXTURE_LOD_GATHER_FORMAT_PROPERTIES_AMD")+ }+ Self::RENDERING_INFO_KHR => Some("RENDERING_INFO_KHR"),+ Self::RENDERING_ATTACHMENT_INFO_KHR => Some("RENDERING_ATTACHMENT_INFO_KHR"),+ Self::PIPELINE_RENDERING_CREATE_INFO_KHR => Some("PIPELINE_RENDERING_CREATE_INFO_KHR"),+ Self::PHYSICAL_DEVICE_DYNAMIC_RENDERING_FEATURES_KHR => {+ Some("PHYSICAL_DEVICE_DYNAMIC_RENDERING_FEATURES_KHR")+ }+ Self::COMMAND_BUFFER_INHERITANCE_RENDERING_INFO_KHR => {+ Some("COMMAND_BUFFER_INHERITANCE_RENDERING_INFO_KHR")+ }+ Self::RENDERING_FRAGMENT_SHADING_RATE_ATTACHMENT_INFO_KHR => {+ Some("RENDERING_FRAGMENT_SHADING_RATE_ATTACHMENT_INFO_KHR")+ }+ Self::RENDERING_FRAGMENT_DENSITY_MAP_ATTACHMENT_INFO_EXT => {+ Some("RENDERING_FRAGMENT_DENSITY_MAP_ATTACHMENT_INFO_EXT")+ }+ Self::ATTACHMENT_SAMPLE_COUNT_INFO_AMD => Some("ATTACHMENT_SAMPLE_COUNT_INFO_AMD"),+ Self::MULTIVIEW_PER_VIEW_ATTRIBUTES_INFO_NVX => {+ Some("MULTIVIEW_PER_VIEW_ATTRIBUTES_INFO_NVX") } Self::STREAM_DESCRIPTOR_SURFACE_CREATE_INFO_GGP => { Some("STREAM_DESCRIPTOR_SURFACE_CREATE_INFO_GGP")@@ -4230,6 +4256,9 @@ Some("MEMORY_GET_ANDROID_HARDWARE_BUFFER_INFO_ANDROID") } Self::EXTERNAL_FORMAT_ANDROID => Some("EXTERNAL_FORMAT_ANDROID"),+ Self::ANDROID_HARDWARE_BUFFER_FORMAT_PROPERTIES_2_ANDROID => {+ Some("ANDROID_HARDWARE_BUFFER_FORMAT_PROPERTIES_2_ANDROID")+ } Self::PHYSICAL_DEVICE_INLINE_UNIFORM_BLOCK_FEATURES_EXT => { Some("PHYSICAL_DEVICE_INLINE_UNIFORM_BLOCK_FEATURES_EXT") }@@ -4351,6 +4380,9 @@ } Self::IMAGE_DRM_FORMAT_MODIFIER_PROPERTIES_EXT => { Some("IMAGE_DRM_FORMAT_MODIFIER_PROPERTIES_EXT")+ }+ Self::DRM_FORMAT_MODIFIER_PROPERTIES_LIST_2_EXT => {+ Some("DRM_FORMAT_MODIFIER_PROPERTIES_LIST_2_EXT") } Self::VALIDATION_CACHE_CREATE_INFO_EXT => Some("VALIDATION_CACHE_CREATE_INFO_EXT"), Self::SHADER_MODULE_VALIDATION_CACHE_CREATE_INFO_EXT => {@@ -4746,6 +4778,9 @@ } Self::VIDEO_ENCODE_INFO_KHR => Some("VIDEO_ENCODE_INFO_KHR"), Self::VIDEO_ENCODE_RATE_CONTROL_INFO_KHR => Some("VIDEO_ENCODE_RATE_CONTROL_INFO_KHR"),+ Self::VIDEO_ENCODE_RATE_CONTROL_LAYER_INFO_KHR => {+ Some("VIDEO_ENCODE_RATE_CONTROL_LAYER_INFO_KHR")+ } Self::PHYSICAL_DEVICE_DIAGNOSTICS_CONFIG_FEATURES_NV => { Some("PHYSICAL_DEVICE_DIAGNOSTICS_CONFIG_FEATURES_NV") }@@ -4821,6 +4856,12 @@ Self::PHYSICAL_DEVICE_4444_FORMATS_FEATURES_EXT => { Some("PHYSICAL_DEVICE_4444_FORMATS_FEATURES_EXT") }+ Self::PHYSICAL_DEVICE_RASTERIZATION_ORDER_ATTACHMENT_ACCESS_FEATURES_ARM => {+ Some("PHYSICAL_DEVICE_RASTERIZATION_ORDER_ATTACHMENT_ACCESS_FEATURES_ARM")+ }+ Self::PHYSICAL_DEVICE_RGBA10X6_FORMATS_FEATURES_EXT => {+ Some("PHYSICAL_DEVICE_RGBA10X6_FORMATS_FEATURES_EXT")+ } Self::DIRECTFB_SURFACE_CREATE_INFO_EXT => Some("DIRECTFB_SURFACE_CREATE_INFO_EXT"), Self::PHYSICAL_DEVICE_MUTABLE_DESCRIPTOR_TYPE_FEATURES_VALVE => { Some("PHYSICAL_DEVICE_MUTABLE_DESCRIPTOR_TYPE_FEATURES_VALVE")@@ -4838,9 +4879,16 @@ Some("VERTEX_INPUT_ATTRIBUTE_DESCRIPTION_2_EXT") } Self::PHYSICAL_DEVICE_DRM_PROPERTIES_EXT => Some("PHYSICAL_DEVICE_DRM_PROPERTIES_EXT"),+ Self::PHYSICAL_DEVICE_DEPTH_CLIP_CONTROL_FEATURES_EXT => {+ Some("PHYSICAL_DEVICE_DEPTH_CLIP_CONTROL_FEATURES_EXT")+ }+ Self::PIPELINE_VIEWPORT_DEPTH_CLIP_CONTROL_CREATE_INFO_EXT => {+ Some("PIPELINE_VIEWPORT_DEPTH_CLIP_CONTROL_CREATE_INFO_EXT")+ } Self::PHYSICAL_DEVICE_PRIMITIVE_TOPOLOGY_LIST_RESTART_FEATURES_EXT => { Some("PHYSICAL_DEVICE_PRIMITIVE_TOPOLOGY_LIST_RESTART_FEATURES_EXT") }+ Self::FORMAT_PROPERTIES_3_KHR => Some("FORMAT_PROPERTIES_3_KHR"), Self::IMPORT_MEMORY_ZIRCON_HANDLE_INFO_FUCHSIA => { Some("IMPORT_MEMORY_ZIRCON_HANDLE_INFO_FUCHSIA") }@@ -4855,6 +4903,30 @@ } Self::SEMAPHORE_GET_ZIRCON_HANDLE_INFO_FUCHSIA => { Some("SEMAPHORE_GET_ZIRCON_HANDLE_INFO_FUCHSIA")+ }+ Self::BUFFER_COLLECTION_CREATE_INFO_FUCHSIA => {+ Some("BUFFER_COLLECTION_CREATE_INFO_FUCHSIA")+ }+ Self::IMPORT_MEMORY_BUFFER_COLLECTION_FUCHSIA => {+ Some("IMPORT_MEMORY_BUFFER_COLLECTION_FUCHSIA")+ }+ Self::BUFFER_COLLECTION_IMAGE_CREATE_INFO_FUCHSIA => {+ Some("BUFFER_COLLECTION_IMAGE_CREATE_INFO_FUCHSIA")+ }+ Self::BUFFER_COLLECTION_PROPERTIES_FUCHSIA => {+ Some("BUFFER_COLLECTION_PROPERTIES_FUCHSIA")+ }+ Self::BUFFER_CONSTRAINTS_INFO_FUCHSIA => Some("BUFFER_CONSTRAINTS_INFO_FUCHSIA"),+ Self::BUFFER_COLLECTION_BUFFER_CREATE_INFO_FUCHSIA => {+ Some("BUFFER_COLLECTION_BUFFER_CREATE_INFO_FUCHSIA")+ }+ Self::IMAGE_CONSTRAINTS_INFO_FUCHSIA => Some("IMAGE_CONSTRAINTS_INFO_FUCHSIA"),+ Self::IMAGE_FORMAT_CONSTRAINTS_INFO_FUCHSIA => {+ Some("IMAGE_FORMAT_CONSTRAINTS_INFO_FUCHSIA")+ }+ Self::SYSMEM_COLOR_SPACE_FUCHSIA => Some("SYSMEM_COLOR_SPACE_FUCHSIA"),+ Self::BUFFER_COLLECTION_CONSTRAINTS_INFO_FUCHSIA => {+ Some("BUFFER_COLLECTION_CONSTRAINTS_INFO_FUCHSIA") } Self::SUBPASS_SHADING_PIPELINE_CREATE_INFO_HUAWEI => { Some("SUBPASS_SHADING_PIPELINE_CREATE_INFO_HUAWEI")@@ -4888,14 +4960,48 @@ Self::QUEUE_FAMILY_GLOBAL_PRIORITY_PROPERTIES_EXT => { Some("QUEUE_FAMILY_GLOBAL_PRIORITY_PROPERTIES_EXT") }+ Self::PHYSICAL_DEVICE_IMAGE_VIEW_MIN_LOD_FEATURES_EXT => {+ Some("PHYSICAL_DEVICE_IMAGE_VIEW_MIN_LOD_FEATURES_EXT")+ }+ Self::IMAGE_VIEW_MIN_LOD_CREATE_INFO_EXT => Some("IMAGE_VIEW_MIN_LOD_CREATE_INFO_EXT"), Self::PHYSICAL_DEVICE_MULTI_DRAW_FEATURES_EXT => { Some("PHYSICAL_DEVICE_MULTI_DRAW_FEATURES_EXT") } Self::PHYSICAL_DEVICE_MULTI_DRAW_PROPERTIES_EXT => { Some("PHYSICAL_DEVICE_MULTI_DRAW_PROPERTIES_EXT") }+ Self::PHYSICAL_DEVICE_BORDER_COLOR_SWIZZLE_FEATURES_EXT => {+ Some("PHYSICAL_DEVICE_BORDER_COLOR_SWIZZLE_FEATURES_EXT")+ }+ Self::SAMPLER_BORDER_COLOR_COMPONENT_MAPPING_CREATE_INFO_EXT => {+ Some("SAMPLER_BORDER_COLOR_COMPONENT_MAPPING_CREATE_INFO_EXT")+ } Self::PHYSICAL_DEVICE_PAGEABLE_DEVICE_LOCAL_MEMORY_FEATURES_EXT => { Some("PHYSICAL_DEVICE_PAGEABLE_DEVICE_LOCAL_MEMORY_FEATURES_EXT")+ }+ Self::PHYSICAL_DEVICE_MAINTENANCE_4_FEATURES_KHR => {+ Some("PHYSICAL_DEVICE_MAINTENANCE_4_FEATURES_KHR")+ }+ Self::PHYSICAL_DEVICE_MAINTENANCE_4_PROPERTIES_KHR => {+ Some("PHYSICAL_DEVICE_MAINTENANCE_4_PROPERTIES_KHR")+ }+ Self::DEVICE_BUFFER_MEMORY_REQUIREMENTS_KHR => {+ Some("DEVICE_BUFFER_MEMORY_REQUIREMENTS_KHR")+ }+ Self::DEVICE_IMAGE_MEMORY_REQUIREMENTS_KHR => {+ Some("DEVICE_IMAGE_MEMORY_REQUIREMENTS_KHR")+ }+ Self::PHYSICAL_DEVICE_FRAGMENT_DENSITY_MAP_OFFSET_FEATURES_QCOM => {+ Some("PHYSICAL_DEVICE_FRAGMENT_DENSITY_MAP_OFFSET_FEATURES_QCOM")+ }+ Self::PHYSICAL_DEVICE_FRAGMENT_DENSITY_MAP_OFFSET_PROPERTIES_QCOM => {+ Some("PHYSICAL_DEVICE_FRAGMENT_DENSITY_MAP_OFFSET_PROPERTIES_QCOM")+ }+ Self::SUBPASS_FRAGMENT_DENSITY_MAP_OFFSET_END_INFO_QCOM => {+ Some("SUBPASS_FRAGMENT_DENSITY_MAP_OFFSET_END_INFO_QCOM")+ }+ Self::PHYSICAL_DEVICE_LINEAR_COLOR_ATTACHMENT_FEATURES_NV => {+ Some("PHYSICAL_DEVICE_LINEAR_COLOR_ATTACHMENT_FEATURES_NV") } Self::PHYSICAL_DEVICE_SUBGROUP_PROPERTIES => { Some("PHYSICAL_DEVICE_SUBGROUP_PROPERTIES")@@ -5196,6 +5302,18 @@ SubpassDescriptionFlags::SHADER_RESOLVE_QCOM.0, "SHADER_RESOLVE_QCOM", ),+ (+ SubpassDescriptionFlags::RASTERIZATION_ORDER_ATTACHMENT_COLOR_ACCESS_ARM.0,+ "RASTERIZATION_ORDER_ATTACHMENT_COLOR_ACCESS_ARM",+ ),+ (+ SubpassDescriptionFlags::RASTERIZATION_ORDER_ATTACHMENT_DEPTH_ACCESS_ARM.0,+ "RASTERIZATION_ORDER_ATTACHMENT_DEPTH_ACCESS_ARM",+ ),+ (+ SubpassDescriptionFlags::RASTERIZATION_ORDER_ATTACHMENT_STENCIL_ACCESS_ARM.0,+ "RASTERIZATION_ORDER_ATTACHMENT_STENCIL_ACCESS_ARM",+ ), ]; debug_flags(f, KNOWN, self.0) }@@ -5470,6 +5588,10 @@ "ENCODE_H264_EXT", ), (+ VideoCodecOperationFlagsKHR::ENCODE_H265_EXT.0,+ "ENCODE_H265_EXT",+ ),+ ( VideoCodecOperationFlagsKHR::DECODE_H264_EXT.0, "DECODE_H264_EXT", ),@@ -5634,11 +5756,86 @@ debug_flags(f, KNOWN, self.0) } }+impl fmt::Debug for VideoEncodeH264RateControlStructureFlagsEXT {+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {+ const KNOWN: &[(Flags, &str)] = &[+ (+ VideoEncodeH264RateControlStructureFlagsEXT::UNKNOWN.0,+ "UNKNOWN",+ ),+ (VideoEncodeH264RateControlStructureFlagsEXT::FLAT.0, "FLAT"),+ (+ VideoEncodeH264RateControlStructureFlagsEXT::DYADIC.0,+ "DYADIC",+ ),+ ];+ debug_flags(f, KNOWN, self.0)+ }+}+impl fmt::Debug for VideoEncodeH265CapabilityFlagsEXT {+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {+ const KNOWN: &[(Flags, &str)] = &[];+ debug_flags(f, KNOWN, self.0)+ }+}+impl fmt::Debug for VideoEncodeH265CreateFlagsEXT {+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {+ const KNOWN: &[(Flags, &str)] = &[];+ debug_flags(f, KNOWN, self.0)+ }+}+impl fmt::Debug for VideoEncodeH265CtbSizeFlagsEXT {+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {+ const KNOWN: &[(Flags, &str)] = &[+ (VideoEncodeH265CtbSizeFlagsEXT::TYPE_8.0, "TYPE_8"),+ (VideoEncodeH265CtbSizeFlagsEXT::TYPE_16.0, "TYPE_16"),+ (VideoEncodeH265CtbSizeFlagsEXT::TYPE_32.0, "TYPE_32"),+ (VideoEncodeH265CtbSizeFlagsEXT::TYPE_64.0, "TYPE_64"),+ ];+ debug_flags(f, KNOWN, self.0)+ }+}+impl fmt::Debug for VideoEncodeH265InputModeFlagsEXT {+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {+ const KNOWN: &[(Flags, &str)] = &[+ (VideoEncodeH265InputModeFlagsEXT::FRAME.0, "FRAME"),+ (VideoEncodeH265InputModeFlagsEXT::SLICE.0, "SLICE"),+ (VideoEncodeH265InputModeFlagsEXT::NON_VCL.0, "NON_VCL"),+ ];+ debug_flags(f, KNOWN, self.0)+ }+}+impl fmt::Debug for VideoEncodeH265OutputModeFlagsEXT {+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {+ const KNOWN: &[(Flags, &str)] = &[+ (VideoEncodeH265OutputModeFlagsEXT::FRAME.0, "FRAME"),+ (VideoEncodeH265OutputModeFlagsEXT::SLICE.0, "SLICE"),+ (VideoEncodeH265OutputModeFlagsEXT::NON_VCL.0, "NON_VCL"),+ ];+ debug_flags(f, KNOWN, self.0)+ }+}+impl fmt::Debug for VideoEncodeH265RateControlStructureFlagsEXT {+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {+ const KNOWN: &[(Flags, &str)] = &[+ (+ VideoEncodeH265RateControlStructureFlagsEXT::UNKNOWN.0,+ "UNKNOWN",+ ),+ (VideoEncodeH265RateControlStructureFlagsEXT::FLAT.0, "FLAT"),+ (+ VideoEncodeH265RateControlStructureFlagsEXT::DYADIC.0,+ "DYADIC",+ ),+ ];+ debug_flags(f, KNOWN, self.0)+ }+} impl fmt::Debug for VideoEncodeRateControlFlagsKHR { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { const KNOWN: &[(Flags, &str)] = &[ (VideoEncodeRateControlFlagsKHR::DEFAULT.0, "DEFAULT"),- (VideoEncodeRateControlFlagsKHR::RESET.0, "RESET"),+ (VideoEncodeRateControlFlagsKHR::RESERVED_0.0, "RESERVED_0"), ]; debug_flags(f, KNOWN, self.0) }
After analyzing the provided code diff, I don't find any clear security vulnerabilities being fixed. The changes appear to be primarily: 1. Moving the `debug_flags` function to a prelude module 2. Adding new enum values and flags for various Vulkan extensions and features 3. Updating naming conventions (e.g., `NONE_EXT` to `NONE_KHR`) 4. Adding support for new Vulkan extensions and platforms Here's the analysis following your requested format: Vulnerability Existed: no No security vulnerability found [third_party/rust/ash/src/vk/const_debugs.rs] [Various lines] [Various old code] [Various updated code] The changes appear to be routine updates to support new Vulkan features and extensions rather than security fixes. The modifications include: - Adding new flags and enum values - Supporting new platforms (Fuchsia, QCOM, AMD, etc.) - Updating to newer Vulkan specifications - Improving debug output formatting No specific security vulnerabilities are being addressed in this diff. The changes are focused on functionality expansion and maintenance rather than security fixes.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/ipc/RefMessageBodyService.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/ipc/RefMessageBodyService.cpp@@ -12,7 +12,6 @@ #include "mozilla/RefPtr.h" #include "mozilla/dom/ipc/StructuredCloneData.h" #include "nsBaseHashtable.h"-#include "nsContentUtils.h" #include "nsDebug.h" namespace mozilla::dom {@@ -58,7 +57,7 @@ MOZ_ASSERT(body); nsID uuid = {};- aRv = nsContentUtils::GenerateUUIDInPlace(uuid);+ aRv = nsID::GenerateUUIDInPlace(uuid); if (NS_WARN_IF(aRv.Failed())) { return nsID(); }
Here's the analysis of the provided code diff:
1. Vulnerability Existed: not sure
Potential UUID Generation Vulnerability [dom/ipc/RefMessageBodyService.cpp] [Lines 58]
Old Code:
aRv = nsContentUtils::GenerateUUIDInPlace(uuid);
Fixed Code:
aRv = nsID::GenerateUUIDInPlace(uuid);
Additional Details:
- The change involves switching from using nsContentUtils::GenerateUUIDInPlace to nsID::GenerateUUIDInPlace for UUID generation.
- While this is clearly a security-related change (as UUID generation often has security implications), I cannot determine with certainty if the previous implementation had a specific vulnerability.
- The change might be related to moving UUID generation to a more appropriate class (nsID) rather than using a general utility class (nsContentUtils), which could improve security by reducing attack surface.
- It could also be related to thread safety or randomness quality improvements in the UUID generation, but without more context, I can't identify a specific vulnerability name.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/js/src/devtools/rootAnalysis/analyze.py+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/js/src/devtools/rootAnalysis/analyze.py@@ -120,11 +120,21 @@ "{analysis_scriptdir}/computeCallgraph.js", "{typeInfo}", Output("rawcalls"),+ Output("rawEdges"), "{i}", "{n}", ], "multi-output": True,- "outputs": ["rawcalls.{i}.of.{n}"],+ "outputs": ["rawcalls.{i}.of.{n}", "gcEdges.{i}.of.{n}"],+ },+ "mergeJSON": {+ "command": [+ "{js}",+ "{analysis_scriptdir}/mergeJSON.js",+ MultiInput("{rawEdges}"),+ Output("gcEdges"),+ ],+ "outputs": ["gcEdges.json"], }, "gcFunctions": { "command": [@@ -135,14 +145,12 @@ Output("callgraph"), Output("gcFunctions"), Output("gcFunctions_list"),- Output("gcEdges"), Output("limitedFunctions_list"), ], "outputs": [ "callgraph.txt", "gcFunctions.txt", "gcFunctions.lst",- "gcEdges.txt", "limitedFunctions.lst", ], },@@ -432,6 +440,7 @@ "gcTypes", "rawcalls", "gcFunctions",+ "mergeJSON", "allFunctions", "hazards", "gather-hazards",
Based on the provided code diff, here's the security analysis:
1. Vulnerability Existed: not sure
[Potential Output File Handling Issue] [js/src/devtools/rootAnalysis/analyze.py] [Lines 120-135]
[Old Code]
"outputs": ["rawcalls.{i}.of.{n}"],
[Fixed Code]
"outputs": ["rawcalls.{i}.of.{n}", "gcEdges.{i}.of.{n}"],
Additional Details: The change adds a new output file handling, but it's unclear if the previous version had any security issues. The modification might be related to better file handling practices.
2. Vulnerability Existed: not sure
[Potential Data Processing Separation] [js/src/devtools/rootAnalysis/analyze.py] [Lines 135-145]
[Old Code]
Output("gcEdges") was part of "gcFunctions" command
[Fixed Code]
"gcEdges" processing moved to separate "mergeJSON" command
Additional Details: The change separates the processing of gcEdges into a dedicated command, which might improve security by isolating different processing steps, but we can't be certain if this fixes a specific vulnerability.
3. Vulnerability Existed: not sure
[Potential Missing Dependency] [js/src/devtools/rootAnalysis/analyze.py] [Lines 432-440]
[Old Code]
Missing "mergeJSON" in the task list
[Fixed Code]
"mergeJSON" added to the task list
Additional Details: The addition of "mergeJSON" to the task list ensures proper execution order, which might prevent race conditions or incomplete processing, but we can't confirm if this was actually a security issue.
Note: The changes appear to be architectural improvements rather than direct security fixes. The modifications primarily involve better organization of data processing steps and output file handling, which could indirectly improve security but don't clearly address any specific known vulnerabilities.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.