Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.gradient.radial.outside1.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.gradient.radial.outside1.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -27,15 +27,15 @@ g.addColorStop(1, '#0f0'); ctx.fillStyle = g; ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,1, 0,255,0,255, "50,1", "0,255,0,255");-_assertPixel(offscreenCanvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");-_assertPixel(offscreenCanvas, 1,25, 0,255,0,255, "1,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 98,25, 0,255,0,255, "98,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,48, 0,255,0,255, "50,48", "0,255,0,255");-_assertPixel(offscreenCanvas, 98,48, 0,255,0,255, "98,48", "0,255,0,255");+_assertPixel(canvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");+_assertPixel(canvas, 50,1, 0,255,0,255, "50,1", "0,255,0,255");+_assertPixel(canvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");+_assertPixel(canvas, 1,25, 0,255,0,255, "1,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 98,25, 0,255,0,255, "98,25", "0,255,0,255");+_assertPixel(canvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255");+_assertPixel(canvas, 50,48, 0,255,0,255, "50,48", "0,255,0,255");+_assertPixel(canvas, 98,48, 0,255,0,255, "98,48", "0,255,0,255"); t.done(); });
After analyzing the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely variable renaming (from `offscreenCanvas` to `canvas`) and corresponding updates to the assertions. There are no security-related changes in the diff. Here's the structured response: Vulnerability Existed: no [No security vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.gradient.radial.outside1.html] [Lines 17-48] [Old Code: Used variable name 'offscreenCanvas'] [Fixed Code: Changed variable name to 'canvas'] The changes are purely cosmetic/refactoring in nature and don't address any security issues. The functionality remains exactly the same, only the variable name has been changed for consistency or clarity.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/browser/components/urlbar/tests/browser/browser_groupLabels.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/browser/components/urlbar/tests/browser/browser_groupLabels.js@@ -21,7 +21,7 @@ const FIREFOX_SUGGEST_LABEL = "Firefox Suggest"; // %s is replaced with the engine name.-const ENGINE_SUGGESTIONS_LABEL = "%s Suggestions";+const ENGINE_SUGGESTIONS_LABEL = "%s suggestions"; // Allow more time for Mac machines so they don't time out in verify mode. if (AppConstants.platform == "macosx") {
Analysis of the provided code diff:
1. Vulnerability Existed: no
String Formatting Consistency Fix [browser/components/urlbar/tests/browser/browser_groupLabels.js] [Lines 21]
Old Code: const ENGINE_SUGGESTIONS_LABEL = "%s Suggestions";
Fixed Code: const ENGINE_SUGGESTIONS_LABEL = "%s suggestions";
Additional Details:
- The change appears to be purely cosmetic, changing the capitalization of "Suggestions" to "suggestions" in a string constant.
- No security vulnerability is addressed in this change.
- This is likely a consistency fix for UI text formatting rather than a security-related modification.
- The modification doesn't affect any security-sensitive operations, input validation, or data handling.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-shapes/shape-outside/shape-box/shape-outside-padding-box-border-radius-001.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-shapes/shape-outside/shape-box/shape-outside-padding-box-border-radius-001.html@@ -9,7 +9,6 @@ <link rel="author" title="Mozilla" href="http://www.mozilla.org/"> <link rel="help" href="https://drafts.csswg.org/css-shapes-1/#shapes-from-box-values"> <link rel="match" href="reference/shape-outside-padding-box-border-radius-001-ref.html">- <meta name="flags" content=""> <meta name="assert" content="Test the boxes are wrapping around the left float shape defined by the padding-box and border-radius value."> <style> .container {
Analysis of the provided code diff: 1. Vulnerability Existed: no No security vulnerability found [File] [Lines 9] [Old Code] <meta name="flags" content=""> [Fixed Code] (line removed) Additional notes: - The diff shows removal of an empty meta "flags" tag, which doesn't appear to have any security implications - This change seems to be a cleanup of unnecessary markup rather than a security fix - No known vulnerabilities are associated with this change - The modification is in a test file, not production code, further reducing security relevance
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/gfx/src/nsITheme.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/gfx/src/nsITheme.h@@ -32,6 +32,9 @@ class StackingContextHelper; class RenderRootStateManager; } // namespace layers+namespace widget {+class Theme;+} // namespace widget namespace wr { class DisplayListBuilder; class IpcResourceUpdateQueue;@@ -268,4 +271,8 @@ extern already_AddRefed<nsITheme> do_GetBasicNativeThemeDoNotUseDirectly(); extern already_AddRefed<nsITheme> do_GetRDMThemeDoNotUseDirectly();+// Native theme creation function, these should never return null.+extern already_AddRefed<mozilla::widget::Theme>+do_CreateNativeThemeDoNotUseDirectly();+ #endif
Analyzing the provided code diff, I don't see any clear security vulnerabilities being fixed. The changes appear to be related to adding new functionality (a Theme class and its creation function) rather than fixing security issues.
Here's the structured response:
Vulnerability Existed: no
No security vulnerability found [File] [Lines 32-34, 271-273]
[Old Code]
(No previous declaration of widget::Theme or do_CreateNativeThemeDoNotUseDirectly)
[Fixed Code]
namespace widget {
class Theme;
} // namespace widget
...
extern already_AddRefed<mozilla::widget::Theme>
do_CreateNativeThemeDoNotUseDirectly();
The changes are:
1. Adding a forward declaration for widget::Theme class
2. Adding a declaration for a new theme creation function
These appear to be normal code additions rather than security fixes. The "DoNotUseDirectly" suffix suggests these are internal APIs that should be used with caution, but this is a common pattern for internal functions rather than indicating a security fix.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/mobile/android/examples/messaging_example/app/src/main/AndroidManifest.xml+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/mobile/android/examples/messaging_example/app/src/main/AndroidManifest.xml@@ -13,7 +13,9 @@ android:roundIcon="@mipmap/ic_launcher_round" android:supportsRtl="true" android:theme="@style/AppTheme">- <activity android:name=".MainActivity">+ <activity+ android:exported="true"+ android:name=".MainActivity"> <intent-filter> <action android:name="android.intent.action.MAIN" />@@ -22,4 +24,4 @@ </activity> </application>-</manifest>+</manifest>
Here's the analysis of the provided code diff:
Vulnerability Existed: yes
Exported Component Vulnerability [mobile/android/examples/messaging_example/app/src/main/AndroidManifest.xml] [Lines 13-22]
[Old Code]
```xml
<activity android:name=".MainActivity">
```
[Fixed Code]
```xml
<activity
android:exported="true"
android:name=".MainActivity">
```
Additional Details:
The vulnerability was related to an exported activity without explicit declaration. Starting with Android 12 (API level 31), activities, services, and broadcast receivers that use intent filters must explicitly declare their 'android:exported' attribute. The fix adds this explicit declaration, which is a security best practice to prevent unintended access to components. Without this, the activity could potentially be accessed by other applications, leading to security risks.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/gfx/src/nsFontMetrics.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/gfx/src/nsFontMetrics.cpp@@ -104,6 +104,10 @@ void GetSpacing(gfxTextRun::Range aRange, Spacing* aSpacing) const override { NS_ERROR("This shouldn't be called because we never enable spacing"); }+ gfx::ShapedTextFlags GetShapedTextFlags() const override {+ NS_ERROR("This shouldn't be called because we never enable hyphens");+ return gfx::ShapedTextFlags();+ } }; } // namespace
Analyzing the provided code diff, here's the security assessment:
1. Vulnerability Existed: not sure
[Potential Missing Override Implementation] [gfx/src/nsFontMetrics.cpp] [Lines 104-108]
[Old Code]
void GetSpacing(gfxTextRun::Range aRange, Spacing* aSpacing) const override {
NS_ERROR("This shouldn't be called because we never enable spacing");
}
[Fixed Code]
void GetSpacing(gfxTextRun::Range aRange, Spacing* aSpacing) const override {
NS_ERROR("This shouldn't be called because we never enable spacing");
}
gfx::ShapedTextFlags GetShapedTextFlags() const override {
NS_ERROR("This shouldn't be called because we never enable hyphens");
return gfx::ShapedTextFlags();
}
Additional Details:
- The diff shows the addition of a new virtual method override `GetShapedTextFlags()`
- This appears to be adding missing functionality rather than fixing a security vulnerability
- The change follows the same pattern as the existing `GetSpacing` method (raising an error for unexpected calls)
- Without more context about how this class is used, it's unclear if this was fixing a security issue or just completing the interface implementation
- The change could potentially prevent undefined behavior if this method was being called unexpectedly, but there's no clear evidence this was exploitable
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/xpcom/rust/moz_task/src/executor.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/xpcom/rust/moz_task/src/executor.rs@@ -3,12 +3,72 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ use crate::{get_current_thread, DispatchOptions, RunnableBuilder};-use async_task::Task;-use std::cell::Cell;-use std::sync::Arc;-use std::{fmt::Debug, future::Future, ptr};+use std::{+ cell::Cell,+ fmt::Debug,+ future::Future,+ pin::Pin,+ ptr,+ sync::Arc,+ task::{Context, Poll},+}; use xpcom::interfaces::{nsIEventTarget, nsIRunnablePriority}; use xpcom::RefPtr;++/// A spawned task.+///+/// A [`AsyncTask`] can be awaited to retrieve the output of its future.+///+/// Dropping an [`AsyncTask`] cancels it, which means its future won't be polled+/// again. To drop the [`AsyncTask`] handle without canceling it, use+/// [`detach()`][`AsyncTask::detach()`] instead. To cancel a task gracefully and+/// wait until it is fully destroyed, use the [`cancel()`][AsyncTask::cancel()]+/// method.+///+/// A task which is cancelled due to the nsIEventTarget it was dispatched to no+/// longer accepting events will never be resolved.+#[derive(Debug)]+#[must_use = "tasks get canceled when dropped, use `.detach()` to run them in the background"]+pub struct AsyncTask<T> {+ task: async_task::FallibleTask<T>,+}++impl<T> AsyncTask<T> {+ fn new(task: async_task::Task<T>) -> Self {+ AsyncTask {+ task: task.fallible(),+ }+ }++ /// Detaches the task to let it keep running in the background.+ pub fn detach(self) {+ self.task.detach()+ }++ /// Cancels the task and waits for it to stop running.+ ///+ /// Returns the task's output if it was completed just before it got canceled, or [`None`] if+ /// it didn't complete.+ ///+ /// While it's possible to simply drop the [`Task`] to cancel it, this is a cleaner way of+ /// canceling because it also waits for the task to stop running.+ pub async fn cancel(self) -> Option<T> {+ self.task.cancel().await+ }+}++impl<T> Future for AsyncTask<T> {+ type Output = T;++ fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {+ // Wrap the future produced by `AsyncTask` to never resolve if the+ // Runnable was dropped, and the task was cancelled.+ match Pin::new(&mut self.task).poll(cx) {+ Poll::Ready(Some(t)) => Poll::Ready(t),+ Poll::Ready(None) | Poll::Pending => Poll::Pending,+ }+ }+} enum SpawnTarget { BackgroundTask,@@ -119,7 +179,7 @@ F::Output: Send + 'static, { /// Run the future on the background task pool.- pub fn spawn(self) -> Task<F::Output> {+ pub fn spawn(self) -> AsyncTask<F::Output> { let config = Arc::new(TaskSpawnConfig { name: self.name, priority: self.priority,@@ -130,11 +190,11 @@ schedule(config.clone(), runnable) }); runnable.schedule();- task+ AsyncTask::new(task) } /// Run the future on the specified nsIEventTarget.- pub fn spawn_onto(self, target: &nsIEventTarget) -> Task<F::Output> {+ pub fn spawn_onto(self, target: &nsIEventTarget) -> AsyncTask<F::Output> { let config = Arc::new(TaskSpawnConfig { name: self.name, priority: self.priority,@@ -145,7 +205,7 @@ schedule(config.clone(), runnable) }); runnable.schedule();- task+ AsyncTask::new(task) } }@@ -163,7 +223,7 @@ /// This method may panic if run on a thread which cannot run local futures /// (e.g. due to it is not being an XPCOM thread, or if we are very late /// during shutdown).- pub fn spawn_local(self) -> Task<F::Output> {+ pub fn spawn_local(self) -> AsyncTask<F::Output> { let current_thread = get_current_thread().expect("cannot get current thread"); let config = Arc::new(TaskSpawnConfig { name: self.name,@@ -175,13 +235,13 @@ schedule(config.clone(), runnable) }); runnable.schedule();- task+ AsyncTask::new(task) } } /// Spawn a future onto the background task pool. The future will not be run on /// the main thread.-pub fn spawn<F>(name: &'static str, future: F) -> Task<F::Output>+pub fn spawn<F>(name: &'static str, future: F) -> AsyncTask<F::Output> where F: Future + Send + 'static, F::Output: Send + 'static,@@ -191,7 +251,7 @@ /// Spawn a potentially-blocking future onto the background task pool. The /// future will not be run on the main thread.-pub fn spawn_blocking<F>(name: &'static str, future: F) -> Task<F::Output>+pub fn spawn_blocking<F>(name: &'static str, future: F) -> AsyncTask<F::Output> where F: Future + Send + 'static, F::Output: Send + 'static,@@ -200,7 +260,7 @@ } /// Spawn a local future onto the current thread.-pub fn spawn_local<F>(name: &'static str, future: F) -> Task<F::Output>+pub fn spawn_local<F>(name: &'static str, future: F) -> AsyncTask<F::Output> where F: Future + 'static, F::Output: 'static,@@ -208,7 +268,7 @@ TaskBuilder::new(name, future).spawn_local() }-pub fn spawn_onto<F>(name: &'static str, target: &nsIEventTarget, future: F) -> Task<F::Output>+pub fn spawn_onto<F>(name: &'static str, target: &nsIEventTarget, future: F) -> AsyncTask<F::Output> where F: Future + Send + 'static, F::Output: Send + 'static,@@ -220,7 +280,7 @@ name: &'static str, target: &nsIEventTarget, future: F,-) -> Task<F::Output>+) -> AsyncTask<F::Output> where F: Future + Send + 'static, F::Output: Send + 'static,
Based on the provided code diff, I'll analyze it for security vulnerabilities:
1. Vulnerability Existed: not sure
[Potential Task Cancellation Handling] [xpcom/rust/moz_task/src/executor.rs] [Lines 3-72]
[Old Code]
use async_task::Task;
use std::cell::Cell;
use std::sync::Arc;
use std::{fmt::Debug, future::Future, ptr};
[Fixed Code]
Added AsyncTask wrapper with explicit cancellation handling and documentation about task behavior when dropped or cancelled.
The changes introduce better handling of task cancellation and cleanup, but it's unclear if this was fixing an actual vulnerability or just improving robustness. The new code prevents potential resource leaks by ensuring proper task cleanup through the AsyncTask wrapper.
2. Vulnerability Existed: not sure
[Potential Resource Leak] [xpcom/rust/moz_task/src/executor.rs] [Throughout file]
[Old Code]
Returned bare Task objects from spawn functions
[Fixed Code]
Wrapped all returned tasks in AsyncTask which ensures proper cleanup
The changes ensure that tasks are properly cleaned up when dropped, but again it's unclear if this was fixing an actual vulnerability or just improving code quality.
No clear security vulnerabilities were identified in the diff, but the changes do improve the robustness of task handling which could prevent potential issues related to resource leaks or improper task cancellation. The main changes revolve around better encapsulation of task lifecycle management rather than fixing specific security flaws.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/media/gmp/GMPParent.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/media/gmp/GMPParent.h@@ -168,6 +168,9 @@ bool DeallocPGMPTimerParent(PGMPTimerParent* aActor); mozilla::ipc::IPCResult RecvPGMPContentChildDestroyed();++ mozilla::ipc::IPCResult RecvFOGData(ByteBuf&& aBuf);+ bool IsUsed() { return mGMPContentChildCount > 0 || !mGetContentParentPromises.IsEmpty(); }
Let me analyze the code diff for potential security fixes. Vulnerability Existed: not sure Potential Information Leak Vulnerability [dom/media/gmp/GMPParent.h] [Lines added: 168-170] [Old Code] (none - new code added) [Fixed Code] mozilla::ipc::IPCResult RecvPGMPContentChildDestroyed(); + + mozilla::ipc::IPCResult RecvFOGData(ByteBuf&& aBuf); + Additional Details: 1. The diff shows the addition of a new message handler `RecvFOGData` that processes incoming ByteBuf data. While not clearly a security fix, the addition of new IPC message handlers always warrants security consideration. 2. The ByteBuf parameter suggests handling of potentially sensitive data (FOG likely refers to Firefox Origin Telemetry), which could be related to fixing information leaks or improper data handling. 3. Without more context about the implementation of RecvFOGData, we can't be certain if this fixes a vulnerability, but it appears to be adding new security-related functionality. Note: The diff doesn't show any removed or modified code, only additions, making it harder to identify clear security fixes. The addition could be part of a larger security improvement rather than fixing a specific vulnerability.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/compositing/2d.composite.image.destination-out.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/compositing/2d.composite.image.destination-out.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = 'rgba(0, 255, 255, 0.5)';@@ -32,7 +32,7 @@ promise.then(function(response) { createImageBitmap(response).then(bitmap => { ctx.drawImage(bitmap, 0, 0);- _assertPixelApprox(offscreenCanvas, 50,25, 0,255,255,32, "50,25", "0,255,255,32", 5);+ _assertPixelApprox(canvas, 50,25, 0,255,255,32, "50,25", "0,255,255,32", 5); }, t_fail); }).then(t_pass, t_fail);
Analyzing the provided code diff, here's the security analysis:
1. Vulnerability Existed: no
Variable Renaming [File: testing/web-platform/tests/html/canvas/offscreen/compositing/2d.composite.image.destination-out.worker.js] [Lines: 13-14, 32]
Old Code:
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertPixelApprox(offscreenCanvas, 50,25, 0,255,255,32, "50,25", "0,255,255,32", 5);
Fixed Code:
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertPixelApprox(canvas, 50,25, 0,255,255,32, "50,25", "0,255,255,32", 5);
Additional Details:
- The changes appear to be purely cosmetic/refactoring, renaming the variable from `offscreenCanvas` to `canvas`
- No security implications or vulnerabilities are addressed in this change
- The functionality remains identical, only the variable name has changed
- This appears to be part of code standardization rather than a security fix
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.composite.2.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.composite.2.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -23,7 +23,7 @@ ctx.shadowBlur = 1; ctx.fillStyle = '#0f0'; ctx.fillRect(-10, -10, 120, 70);-_assertPixelApprox(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255", 2);+_assertPixelApprox(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255", 2); t.done(); });
Based on the provided diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely variable renaming for better code clarity. Here's the analysis:
Vulnerability Existed: no
[No security vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.composite.2.worker.js] [Lines 13-23]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
...
_assertPixelApprox(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255", 2);
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
...
_assertPixelApprox(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255", 2);
The changes simply rename the variable `offscreenCanvas` to `canvas` for consistency or brevity, with no security implications. The functionality remains identical.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/js/src/shell/js.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/js/src/shell/js.cpp@@ -625,6 +625,9 @@ bool shell::enableToSource = false; bool shell::enablePropertyErrorMessageFix = false; bool shell::enableIteratorHelpers = false;+#ifdef NIGHTLY_BUILD+bool shell::enableArrayGrouping = true;+#endif bool shell::enablePrivateClassFields = false; bool shell::enablePrivateClassMethods = false; bool shell::enableErgonomicBrandChecks = true;@@ -4243,6 +4246,9 @@ .setToSourceEnabled(enableToSource) .setPropertyErrorMessageFixEnabled(enablePropertyErrorMessageFix) .setIteratorHelpersEnabled(enableIteratorHelpers)+#ifdef NIGHTLY_BUILD+ .setArrayGroupingEnabled(enableArrayGrouping)+#endif #ifdef ENABLE_NEW_SET_METHODS .setNewSetMethodsEnabled(enableNewSetMethods) #endif@@ -7097,21 +7103,6 @@ } args.rval().setObject(*wrapped);- return true;-}--static bool NukeCCW(JSContext* cx, unsigned argc, Value* vp) {- CallArgs args = CallArgsFromVp(argc, vp);-- if (args.length() != 1 || !args[0].isObject() ||- !IsCrossCompartmentWrapper(&args[0].toObject())) {- JS_ReportErrorNumberASCII(cx, my_GetErrorMessage, nullptr,- JSSMSG_INVALID_ARGS, "nukeCCW");- return false;- }-- NukeCrossCompartmentWrapper(cx, &args[0].toObject());- args.rval().setUndefined(); return true; }@@ -9572,10 +9563,6 @@ " systemPrincipal: If true, use the shell's trusted principals for the\n" " new realm. This creates a realm that's marked as a 'system' realm."),- JS_FN_HELP("nukeCCW", NukeCCW, 1, 0,-"nukeCCW(wrapper)",-" Nuke a CrossCompartmentWrapper, which turns it into a DeadProxyObject."),- JS_FN_HELP("nukeAllCCWs", NukeAllCCWs, 0, 0, "nukeAllCCWs()", " Like nukeCCW, but for all CrossCompartmentWrappers targeting the current realm."),@@ -11073,6 +11060,9 @@ enablePropertyErrorMessageFix = !op.getBoolOption("disable-property-error-message-fix"); enableIteratorHelpers = op.getBoolOption("enable-iterator-helpers");+#ifdef NIGHTLY_BUILD+ enableArrayGrouping = op.getBoolOption("enable-array-grouping");+#endif enablePrivateClassFields = !op.getBoolOption("disable-private-fields"); enablePrivateClassMethods = !op.getBoolOption("disable-private-methods"); enableErgonomicBrandChecks =@@ -11115,6 +11105,9 @@ .setPrivateClassFields(enablePrivateClassFields) .setPrivateClassMethods(enablePrivateClassMethods) .setErgnomicBrandChecks(enableErgonomicBrandChecks)+#ifdef NIGHTLY_BUILD+ .setArrayGrouping(enableArrayGrouping)+#endif #ifdef ENABLE_CHANGE_ARRAY_BY_COPY .setChangeArrayByCopy(enableChangeArrayByCopy) #endif@@ -11435,23 +11428,6 @@ if (op.getBoolOption("disable-bailout-loop-check")) { jit::JitOptions.disableBailoutLoopCheck = true; }--#if defined(JS_CODEGEN_ARM)- if (const char* str = op.getStringOption("arm-hwcap")) {- jit::ParseARMHwCapFlags(str);- jit::ComputeJitSupportFlags();- }-- int32_t fill = op.getIntOption("arm-asm-nop-fill");- if (fill >= 0) {- jit::Assembler::NopFill = fill;- }-- int32_t poolMaxOffset = op.getIntOption("asm-pool-max-offset");- if (poolMaxOffset >= 5 && poolMaxOffset <= 1024) {- jit::Assembler::AsmPoolMaxOffset = poolMaxOffset;- }-#endif #if defined(JS_SIMULATOR_ARM) if (op.getBoolOption("arm-sim-icache-checks")) {@@ -11914,20 +11890,6 @@ SetOutputFile("JS_STDOUT", &rcStdout, &gOutFile); SetOutputFile("JS_STDERR", &rcStderr, &gErrFile);-- // Start the engine.- if (const char* message = JS_InitWithFailureDiagnostic()) {- fprintf(gErrFile->fp, "JS_Init failed: %s\n", message);- return 1;- }-- // `selfHostedXDRBuffer` contains XDR buffer of the self-hosted JS.- // A part of it is borrowed by ImmutableScriptData of the self-hosted scripts.- //- // This buffer's should outlive JS_Shutdown.- Maybe<FileContents> selfHostedXDRBuffer;-- auto shutdownEngine = MakeScopeExit([] { JS_ShutDown(); }); OptionParser op("Usage: {progname} [options] [[script] scriptArgs*]");@@ -12083,6 +12045,8 @@ "property of null or undefined") || !op.addBoolOption('\0', "enable-iterator-helpers", "Enable iterator helpers") ||+ !op.addBoolOption('\0', "enable-array-grouping",+ "Enable Array Grouping") || !op.addBoolOption('\0', "disable-private-fields", "Disable private class fields") || !op.addBoolOption('\0', "disable-private-methods",@@ -12278,6 +12242,9 @@ "Disable functions that cause " "artificial OOMs") || !op.addBoolOption('\0', "no-threads", "Disable helper threads") ||+ !op.addBoolOption(+ '\0', "no-jit-backend",+ "Disable the JIT backend completely for this process") || #ifdef DEBUG !op.addBoolOption('\0', "dump-entrained-variables", "Print variables which are "@@ -12378,6 +12345,90 @@ return EXIT_SUCCESS; }+ // Note: DisableJitBackend must be called before JS_InitWithFailureDiagnostic.+ if (op.getBoolOption("no-jit-backend")) {+ JS::DisableJitBackend();+ }++#if defined(JS_CODEGEN_ARM)+ if (const char* str = op.getStringOption("arm-hwcap")) {+ jit::SetARMHwCapFlagsString(str);+ }++ int32_t fill = op.getIntOption("arm-asm-nop-fill");+ if (fill >= 0) {+ jit::Assembler::NopFill = fill;+ }++ int32_t poolMaxOffset = op.getIntOption("asm-pool-max-offset");+ if (poolMaxOffset >= 5 && poolMaxOffset <= 1024) {+ jit::Assembler::AsmPoolMaxOffset = poolMaxOffset;+ }+#endif++ // Fish around in `op` for various important compiler-configuration flags+ // and make sure they get handed on to any child processes we might create.+ // See bug 1700900. Semantically speaking, this is all rather dubious:+ //+ // * What set of flags need to be propagated in order to guarantee that the+ // child produces code that is "compatible" (in whatever sense) with that+ // produced by the parent? This isn't always easy to determine.+ //+ // * There's nothing that ensures that flags given to the child are+ // presented in the same order that they exist in the parent's `argv[]`.+ // That could be a problem in the case where two flags with contradictory+ // meanings are given, and they are presented to the child in the opposite+ // order. For example: --wasm-compiler=optimizing --wasm-compiler=baseline.++#if defined(JS_CODEGEN_X86) || defined(JS_CODEGEN_X64)+ MOZ_ASSERT(!js::jit::CPUFlagsHaveBeenComputed());++ if (op.getBoolOption("no-sse3")) {+ js::jit::CPUInfo::SetSSE3Disabled();+ if (!sCompilerProcessFlags.append("--no-sse3")) {+ return EXIT_FAILURE;+ }+ }+ if (op.getBoolOption("no-ssse3")) {+ js::jit::CPUInfo::SetSSSE3Disabled();+ if (!sCompilerProcessFlags.append("--no-ssse3")) {+ return EXIT_FAILURE;+ }+ }+ if (op.getBoolOption("no-sse4") || op.getBoolOption("no-sse41")) {+ js::jit::CPUInfo::SetSSE41Disabled();+ if (!sCompilerProcessFlags.append("--no-sse41")) {+ return EXIT_FAILURE;+ }+ }+ if (op.getBoolOption("no-sse42")) {+ js::jit::CPUInfo::SetSSE42Disabled();+ if (!sCompilerProcessFlags.append("--no-sse42")) {+ return EXIT_FAILURE;+ }+ }+ if (op.getBoolOption("enable-avx")) {+ js::jit::CPUInfo::SetAVXEnabled();+ if (!sCompilerProcessFlags.append("--enable-avx")) {+ return EXIT_FAILURE;+ }+ }+#endif++ // Start the engine.+ if (const char* message = JS_InitWithFailureDiagnostic()) {+ fprintf(gErrFile->fp, "JS_Init failed: %s\n", message);+ return 1;+ }++ // `selfHostedXDRBuffer` contains XDR buffer of the self-hosted JS.+ // A part of it is borrowed by ImmutableScriptData of the self-hosted scripts.+ //+ // This buffer's should outlive JS_Shutdown.+ Maybe<FileContents> selfHostedXDRBuffer;++ auto shutdownEngine = MakeScopeExit([] { JS_ShutDown(); });+ // Record aggregated telemetry data on disk. Do this as early as possible such // that the telemetry is recording both before starting the context and after // closing it.@@ -12634,67 +12685,6 @@ js::SetPreserveWrapperCallbacks(cx, DummyPreserveWrapperCallback, DummyHasReleasedWrapperCallback);-- // Fish around in `op` for various important compiler-configuration flags- // and make sure they get handed on to any child processes we might create.- // See bug 1700900. Semantically speaking, this is all rather dubious:- //- // * What set of flags need to be propagated in order to guarantee that the- // child produces code that is "compatible" (in whatever sense) with that- // produced by the parent? This isn't always easy to determine.- //- // * There's nothing that ensures that flags given to the child are- // presented in the same order that they exist in the parent's `argv[]`.- // That could be a problem in the case where two flags with contradictory- // meanings are given, and they are presented to the child in the opposite- // order. For example: --wasm-compiler=optimizing --wasm-compiler=baseline.--#if defined(JS_CODEGEN_X86) || defined(JS_CODEGEN_X64)- // The flags were computed by InitWithFailureDiagnostics().- MOZ_ASSERT(js::jit::CPUFlagsHaveBeenComputed());-- // Reset the SSE flags; they are recomputed below.- js::jit::CPUInfo::ResetSSEFlagsForTesting();-- if (op.getBoolOption("no-sse3")) {- js::jit::CPUInfo::SetSSE3Disabled();- if (!sCompilerProcessFlags.append("--no-sse3")) {- return EXIT_FAILURE;- }- }- if (op.getBoolOption("no-ssse3")) {- js::jit::CPUInfo::SetSSSE3Disabled();- if (!sCompilerProcessFlags.append("--no-ssse3")) {- return EXIT_FAILURE;- }- }- if (op.getBoolOption("no-sse4") || op.getBoolOption("no-sse41")) {- js::jit::CPUInfo::SetSSE41Disabled();- if (!sCompilerProcessFlags.append("--no-sse41")) {- return EXIT_FAILURE;- }- }- if (op.getBoolOption("no-sse42")) {- js::jit::CPUInfo::SetSSE42Disabled();- if (!sCompilerProcessFlags.append("--no-sse42")) {- return EXIT_FAILURE;- }- }- if (op.getBoolOption("enable-avx")) {- js::jit::CPUInfo::SetAVXEnabled();- if (!sCompilerProcessFlags.append("--enable-avx")) {- return EXIT_FAILURE;- }- }-- // Recompute flags.- js::jit::CPUInfo::GetSSEVersion();-#endif--#ifndef JS_CODEGEN_NONE- // At this point the flags must definitely be set.- MOZ_ASSERT(js::jit::CPUFlagsHaveBeenComputed());-#endif #ifndef __wasi__ // --disable-wasm-huge-memory needs to be propagated. See bug 1518210.
Based on the provided code diff, I'll analyze it for security fixes:
1. Vulnerability Existed: yes
Removal of Dangerous Functionality [js/src/shell/js.cpp] [Lines 7097-7103, 9572-9576]
Old Code:
```cpp
static bool NukeCCW(JSContext* cx, unsigned argc, Value* vp) {
CallArgs args = CallArgsFromVp(argc, vp);
if (args.length() != 1 || !args[0].isObject() ||
!IsCrossCompartmentWrapper(&args[0].toObject())) {
JS_ReportErrorNumberASCII(cx, my_GetErrorMessage, nullptr,
JSSMSG_INVALID_ARGS, "nukeCCW");
return false;
}
NukeCrossCompartmentWrapper(cx, &args[0].toObject());
args.rval().setUndefined();
return true;
}
```
Fixed Code:
(Function completely removed along with its help text)
2. Vulnerability Existed: not sure
ARM Hardware Capabilities Handling Change [js/src/shell/js.cpp] [Lines 11435-11448]
Old Code:
```cpp
#if defined(JS_CODEGEN_ARM)
if (const char* str = op.getStringOption("arm-hwcap")) {
jit::ParseARMHwCapFlags(str);
jit::ComputeJitSupportFlags();
}
```
Fixed Code:
(Moved to different location and changed to use SetARMHwCapFlagsString)
3. Vulnerability Existed: not sure
Compiler Flag Propagation Timing Change [js/src/shell/js.cpp] [Lines 12634-12685]
Old Code:
(Flag propagation was happening after engine initialization)
Fixed Code:
(Flag propagation moved before engine initialization)
The most clear security fix is the removal of the `nukeCCW` function, which was potentially dangerous as it allowed explicit destruction of cross-compartment wrappers. The other changes appear to be architectural improvements whose security implications aren't immediately clear from the diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.stroke.cap.1.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.stroke.cap.1.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; ctx.fillRect(0, 0, 100, 50);@@ -33,9 +33,9 @@ ctx.moveTo(100, -25); ctx.lineTo(150, -25); ctx.stroke();-_assertPixel(offscreenCanvas, 1,25, 0,255,0,255, "1,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 98,25, 0,255,0,255, "98,25", "0,255,0,255");+_assertPixel(canvas, 1,25, 0,255,0,255, "1,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 98,25, 0,255,0,255, "98,25", "0,255,0,255"); t.done(); });
After analyzing the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely variable renaming (from `offscreenCanvas` to `canvas`) and corresponding updates to function calls. Here's the analysis:
1. Vulnerability Existed: no
No vulnerability found [File] testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.stroke.cap.1.html [Lines] 17-33
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
...
_assertPixel(offscreenCanvas, 1,25, 0,255,0,255, "1,25", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
...
_assertPixel(canvas, 1,25, 0,255,0,255, "1,25", "0,255,0,255");
The changes are purely cosmetic/refactoring in nature and don't address any security issues. The functionality remains exactly the same, only the variable name has been changed for consistency or clarity.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/clap/src/macros.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/clap/src/macros.rs@@ -1,323 +1,78 @@-/// A convenience macro for loading the YAML file at compile time (relative to the current file,-/// like modules work). That YAML object can then be passed to this function.-///-/// # Panics-///-/// The YAML file must be properly formatted or this function will panic!(). A good way to-/// ensure this doesn't happen is to run your program with the `--help` switch. If this passes-/// without error, you needn't worry because the YAML is properly formatted.-///-/// # Examples-///-/// The following example shows how to load a properly formatted YAML file to build an instance-/// of an `App` struct.-///-/// ```ignore-/// # #[macro_use]-/// # extern crate clap;-/// # use clap::App;-/// # fn main() {-/// let yml = load_yaml!("app.yml");-/// let app = App::from_yaml(yml);-///-/// // continued logic goes here, such as `app.get_matches()` etc.-/// # }-/// ```+/// Deprecated in [Issue #3087](https://github.com/clap-rs/clap/issues/3087), maybe [`clap::Parser`][crate::Parser] would fit your use case? #[cfg(feature = "yaml")]+#[deprecated(+ since = "3.0.0",+ note = "Deprecated in Issue #3087, maybe clap::Parser would fit your use case?"+)] #[macro_export] macro_rules! load_yaml {- ($yml:expr) => {- &::clap::YamlLoader::load_from_str(include_str!($yml)).expect("failed to load YAML file")[0]- };-}--/// Convenience macro getting a typed value `T` where `T` implements [`std::str::FromStr`] from an-/// argument value. This macro returns a `Result<T,String>` which allows you as the developer to-/// decide what you'd like to do on a failed parse. There are two types of errors, parse failures-/// and those where the argument wasn't present (such as a non-required argument). You can use-/// it to get a single value, or a iterator as with the [`ArgMatches::values_of`]-///-/// # Examples-///-/// ```no_run-/// # #[macro_use]-/// # extern crate clap;-/// # use clap::App;-/// # fn main() {-/// let matches = App::new("myapp")-/// .arg_from_usage("[length] 'Set the length to use as a pos whole num, i.e. 20'")-/// .get_matches();-///-/// let len = value_t!(matches.value_of("length"), u32).unwrap_or_else(|e| e.exit());-/// let also_len = value_t!(matches, "length", u32).unwrap_or_else(|e| e.exit());-///-/// println!("{} + 2: {}", len, len + 2);-/// # }-/// ```-/// [`std::str::FromStr`]: https://doc.rust-lang.org/std/str/trait.FromStr.html-/// [`ArgMatches::values_of`]: ./struct.ArgMatches.html#method.values_of-/// [`Result<T,String>`]: https://doc.rust-lang.org/std/result/enum.Result.html-#[macro_export]+ ($yaml:expr) => {+ &$crate::YamlLoader::load_from_str(include_str!($yaml)).expect("failed to load YAML file")+ [0]+ };+}++/// Deprecated, replaced with [`ArgMatches::value_of_t`][crate::ArgMatches::value_of_t]+#[macro_export]+#[deprecated(since = "3.0.0", note = "Replaced with `ArgMatches::value_of_t`")] macro_rules! value_t { ($m:ident, $v:expr, $t:ty) => {- value_t!($m.value_of($v), $t)+ $crate::value_t!($m.value_of($v), $t) }; ($m:ident.value_of($v:expr), $t:ty) => {- if let Some(v) = $m.value_of($v) {- match v.parse::<$t>() {- Ok(val) => Ok(val),- Err(_) => Err(::clap::Error::value_validation_auto(format!(- "The argument '{}' isn't a valid value",- v- ))),- }- } else {- Err(::clap::Error::argument_not_found_auto($v))- }- };-}--/// Convenience macro getting a typed value `T` where `T` implements [`std::str::FromStr`] or-/// exiting upon error, instead of returning a [`Result`] type.-///-/// **NOTE:** This macro is for backwards compatibility sake. Prefer-/// [`value_t!(/* ... */).unwrap_or_else(|e| e.exit())`]-///-/// # Examples-///-/// ```no_run-/// # #[macro_use]-/// # extern crate clap;-/// # use clap::App;-/// # fn main() {-/// let matches = App::new("myapp")-/// .arg_from_usage("[length] 'Set the length to use as a pos whole num, i.e. 20'")-/// .get_matches();-///-/// let len = value_t_or_exit!(matches.value_of("length"), u32);-/// let also_len = value_t_or_exit!(matches, "length", u32);-///-/// println!("{} + 2: {}", len, len + 2);-/// # }-/// ```-/// [`std::str::FromStr`]: https://doc.rust-lang.org/std/str/trait.FromStr.html-/// [`Result`]: https://doc.rust-lang.org/std/result/enum.Result.html-/// [`value_t!(/* ... */).unwrap_or_else(|e| e.exit())`]: ./macro.value_t!.html-#[macro_export]+ $m.value_of_t::<$t>($v)+ };+}++/// Deprecated, replaced with [`ArgMatches::value_of_t_or_exit`][crate::ArgMatches::value_of_t_or_exit]+#[macro_export]+#[deprecated(+ since = "3.0.0",+ note = "Replaced with `ArgMatches::value_of_t_or_exit`"+)] macro_rules! value_t_or_exit { ($m:ident, $v:expr, $t:ty) => { value_t_or_exit!($m.value_of($v), $t) }; ($m:ident.value_of($v:expr), $t:ty) => {- if let Some(v) = $m.value_of($v) {- match v.parse::<$t>() {- Ok(val) => val,- Err(_) => ::clap::Error::value_validation_auto(format!(- "The argument '{}' isn't a valid value",- v- ))- .exit(),- }- } else {- ::clap::Error::argument_not_found_auto($v).exit()- }- };-}--/// Convenience macro getting a typed value [`Vec<T>`] where `T` implements [`std::str::FromStr`]-/// This macro returns a [`clap::Result<Vec<T>>`] which allows you as the developer to decide-/// what you'd like to do on a failed parse.-///-/// # Examples-///-/// ```no_run-/// # #[macro_use]-/// # extern crate clap;-/// # use clap::App;-/// # fn main() {-/// let matches = App::new("myapp")-/// .arg_from_usage("[seq]... 'A sequence of pos whole nums, i.e. 20 45'")-/// .get_matches();-///-/// let vals = values_t!(matches.values_of("seq"), u32).unwrap_or_else(|e| e.exit());-/// for v in &vals {-/// println!("{} + 2: {}", v, v + 2);-/// }-///-/// let vals = values_t!(matches, "seq", u32).unwrap_or_else(|e| e.exit());-/// for v in &vals {-/// println!("{} + 2: {}", v, v + 2);-/// }-/// # }-/// ```-/// [`std::str::FromStr`]: https://doc.rust-lang.org/std/str/trait.FromStr.html-/// [`Vec<T>`]: https://doc.rust-lang.org/std/vec/struct.Vec.html-/// [`clap::Result<Vec<T>>`]: ./type.Result.html-#[macro_export]+ $m.value_of_t_or_exit::<$t>($v)+ };+}++/// Deprecated, replaced with [`ArgMatches::values_of_t`][crate::ArgMatches::value_of_t]+#[macro_export]+#[deprecated(since = "3.0.0", note = "Replaced with `ArgMatches::values_of_t`")] macro_rules! values_t { ($m:ident, $v:expr, $t:ty) => { values_t!($m.values_of($v), $t) }; ($m:ident.values_of($v:expr), $t:ty) => {- if let Some(vals) = $m.values_of($v) {- let mut tmp = vec![];- let mut err = None;- for pv in vals {- match pv.parse::<$t>() {- Ok(rv) => tmp.push(rv),- Err(..) => {- err = Some(::clap::Error::value_validation_auto(format!(- "The argument '{}' isn't a valid value",- pv- )));- break;- }- }- }- match err {- Some(e) => Err(e),- None => Ok(tmp),- }- } else {- Err(::clap::Error::argument_not_found_auto($v))- }- };-}--/// Convenience macro getting a typed value [`Vec<T>`] where `T` implements [`std::str::FromStr`]-/// or exiting upon error.-///-/// **NOTE:** This macro is for backwards compatibility sake. Prefer-/// [`values_t!(/* ... */).unwrap_or_else(|e| e.exit())`]-///-/// # Examples-///-/// ```no_run-/// # #[macro_use]-/// # extern crate clap;-/// # use clap::App;-/// # fn main() {-/// let matches = App::new("myapp")-/// .arg_from_usage("[seq]... 'A sequence of pos whole nums, i.e. 20 45'")-/// .get_matches();-///-/// let vals = values_t_or_exit!(matches.values_of("seq"), u32);-/// for v in &vals {-/// println!("{} + 2: {}", v, v + 2);-/// }-///-/// // type for example only-/// let vals: Vec<u32> = values_t_or_exit!(matches, "seq", u32);-/// for v in &vals {-/// println!("{} + 2: {}", v, v + 2);-/// }-/// # }-/// ```-/// [`values_t!(/* ... */).unwrap_or_else(|e| e.exit())`]: ./macro.values_t!.html-/// [`std::str::FromStr`]: https://doc.rust-lang.org/std/str/trait.FromStr.html-/// [`Vec<T>`]: https://doc.rust-lang.org/std/vec/struct.Vec.html-#[macro_export]+ $m.values_of_t::<$t>($v)+ };+}++/// Deprecated, replaced with [`ArgMatches::values_of_t_or_exit`][crate::ArgMatches::value_of_t_or_exit]+#[macro_export]+#[deprecated(+ since = "3.0.0",+ note = "Replaced with `ArgMatches::values_of_t_or_exit`"+)] macro_rules! values_t_or_exit { ($m:ident, $v:expr, $t:ty) => { values_t_or_exit!($m.values_of($v), $t) }; ($m:ident.values_of($v:expr), $t:ty) => {- if let Some(vals) = $m.values_of($v) {- vals.map(|v| {- v.parse::<$t>().unwrap_or_else(|_| {- ::clap::Error::value_validation_auto(format!(- "One or more arguments aren't valid values"- ))- .exit()- })- })- .collect::<Vec<$t>>()- } else {- ::clap::Error::argument_not_found_auto($v).exit()- }- };-}--// _clap_count_exprs! is derived from https://github.com/DanielKeep/rust-grabbag-// commit: 82a35ca5d9a04c3b920622d542104e3310ee5b07-// License: MIT-// Copyright ⓒ 2015 grabbag contributors.-// Licensed under the MIT license (see LICENSE or <http://opensource.org-// /licenses/MIT>) or the Apache License, Version 2.0 (see LICENSE of-// <http://www.apache.org/licenses/LICENSE-2.0>), at your option. All-// files in the project carrying such notice may not be copied, modified,-// or distributed except according to those terms.-//-/// Counts the number of comma-delimited expressions passed to it. The result is a compile-time-/// evaluable expression, suitable for use as a static array size, or the value of a `const`.-///-/// # Examples-///-/// ```-/// # #[macro_use] extern crate clap;-/// # fn main() {-/// const COUNT: usize = _clap_count_exprs!(a, 5+1, "hi there!".into_string());-/// assert_eq!(COUNT, 3);-/// # }-/// ```-#[macro_export]-macro_rules! _clap_count_exprs {- () => { 0 };- ($e:expr) => { 1 };- ($e:expr, $($es:expr),+) => { 1 + $crate::_clap_count_exprs!($($es),*) };-}--/// Convenience macro to generate more complete enums with variants to be used as a type when-/// parsing arguments. This enum also provides a `variants()` function which can be used to-/// retrieve a `Vec<&'static str>` of the variant names, as well as implementing [`FromStr`] and-/// [`Display`] automatically.-///-/// **NOTE:** Case insensitivity is supported for ASCII characters only. It's highly recommended to-/// use [`Arg::case_insensitive(true)`] for args that will be used with these enums-///-/// **NOTE:** This macro automatically implements [`std::str::FromStr`] and [`std::fmt::Display`]-///-/// **NOTE:** These enums support pub (or not) and uses of the `#[derive()]` traits-///-/// # Examples-///-/// ```rust-/// # #[macro_use]-/// # extern crate clap;-/// # use clap::{App, Arg};-/// arg_enum!{-/// #[derive(PartialEq, Debug)]-/// pub enum Foo {-/// Bar,-/// Baz,-/// Qux-/// }-/// }-/// // Foo enum can now be used via Foo::Bar, or Foo::Baz, etc-/// // and implements std::str::FromStr to use with the value_t! macros-/// fn main() {-/// let m = App::new("app")-/// .arg(Arg::from_usage("<foo> 'the foo'")-/// .possible_values(&Foo::variants())-/// .case_insensitive(true))-/// .get_matches_from(vec![-/// "app", "baz"-/// ]);-/// let f = value_t!(m, "foo", Foo).unwrap_or_else(|e| e.exit());-///-/// assert_eq!(f, Foo::Baz);-/// }-/// ```-/// [`FromStr`]: https://doc.rust-lang.org/std/str/trait.FromStr.html-/// [`std::str::FromStr`]: https://doc.rust-lang.org/std/str/trait.FromStr.html-/// [`Display`]: https://doc.rust-lang.org/std/fmt/trait.Display.html-/// [`std::fmt::Display`]: https://doc.rust-lang.org/std/fmt/trait.Display.html-/// [`Arg::case_insensitive(true)`]: ./struct.Arg.html#method.case_insensitive+ $m.values_of_t_or_exit::<$t>($v)+ };+}++/// Deprecated, replaced with [`ArgEnum`][crate::ArgEnum]+#[deprecated(since = "3.0.0", note = "Replaced with `ArgEnum`")] #[macro_export] macro_rules! arg_enum { (@as_item $($i:item)*) => ($($i)*); (@impls ( $($tts:tt)* ) -> ($e:ident, $($v:ident),+)) => {- arg_enum!(@as_item+ $crate::arg_enum!(@as_item $($tts)* impl ::std::str::FromStr for $e {@@ -356,7 +111,7 @@ }); }; ($(#[$($m:meta),+])+ pub enum $e:ident { $($v:ident $(=$val:expr)*,)+ } ) => {- arg_enum!(@impls+ $crate::arg_enum!(@impls ($(#[$($m),+])+ pub enum $e { $($v$(=$val)*),+@@ -364,7 +119,7 @@ ); }; ($(#[$($m:meta),+])+ pub enum $e:ident { $($v:ident $(=$val:expr)*),+ } ) => {- arg_enum!(@impls+ $crate::arg_enum!(@impls ($(#[$($m),+])+ pub enum $e { $($v$(=$val)*),+@@ -372,7 +127,7 @@ ); }; ($(#[$($m:meta),+])+ enum $e:ident { $($v:ident $(=$val:expr)*,)+ } ) => {- arg_enum!(@impls+ $crate::arg_enum!(@impls ($(#[$($m),+])+ enum $e { $($v$(=$val)*),+@@ -380,7 +135,7 @@ ); }; ($(#[$($m:meta),+])+ enum $e:ident { $($v:ident $(=$val:expr)*),+ } ) => {- arg_enum!(@impls+ $crate::arg_enum!(@impls ($(#[$($m),+])+ enum $e { $($v$(=$val)*),+@@ -388,28 +143,28 @@ ); }; (pub enum $e:ident { $($v:ident $(=$val:expr)*,)+ } ) => {- arg_enum!(@impls+ $crate::arg_enum!(@impls (pub enum $e { $($v$(=$val)*),+ }) -> ($e, $($v),+) ); }; (pub enum $e:ident { $($v:ident $(=$val:expr)*),+ } ) => {- arg_enum!(@impls+ $crate::arg_enum!(@impls (pub enum $e { $($v$(=$val)*),+ }) -> ($e, $($v),+) ); }; (enum $e:ident { $($v:ident $(=$val:expr)*,)+ } ) => {- arg_enum!(@impls+ $crate::arg_enum!(@impls (enum $e { $($v$(=$val)*),+ }) -> ($e, $($v),+) ); }; (enum $e:ident { $($v:ident $(=$val:expr)*),+ } ) => {- arg_enum!(@impls+ $crate::arg_enum!(@impls (enum $e { $($v$(=$val)*),+ }) -> ($e, $($v),+)@@ -432,7 +187,7 @@ /// .get_matches(); /// # } /// ```-#[cfg(not(feature = "no_cargo"))]+#[cfg(feature = "cargo")] #[macro_export] macro_rules! crate_version { () => {@@ -461,43 +216,16 @@ /// .get_matches(); /// # } /// ```-#[cfg(not(feature = "no_cargo"))]+#[cfg(feature = "cargo")] #[macro_export] macro_rules! crate_authors { ($sep:expr) => {{- use std::ops::Deref;- #[allow(deprecated)]- use std::sync::{Once, ONCE_INIT};-- #[allow(missing_copy_implementations)]- #[allow(dead_code)]- struct CargoAuthors {- __private_field: (),- };-- impl Deref for CargoAuthors {- type Target = str;-- #[allow(unsafe_code)]- fn deref(&self) -> &'static str {- #[allow(deprecated)]- static ONCE: Once = ONCE_INIT;- static mut VALUE: *const String = 0 as *const String;-- unsafe {- ONCE.call_once(|| {- let s = env!("CARGO_PKG_AUTHORS").replace(':', $sep);- VALUE = Box::into_raw(Box::new(s));- });-- &(*VALUE)[..]- }- }- }-- &*CargoAuthors {- __private_field: (),- }+ clap::lazy_static::lazy_static! {+ static ref CACHED: String = env!("CARGO_PKG_AUTHORS").replace(':', $sep);+ }++ let s: &'static str = &*CACHED;+ s }}; () => { env!("CARGO_PKG_AUTHORS")@@ -518,7 +246,7 @@ /// .get_matches(); /// # } /// ```-#[cfg(not(feature = "no_cargo"))]+#[cfg(feature = "cargo")] #[macro_export] macro_rules! crate_description { () => {@@ -539,7 +267,7 @@ /// .get_matches(); /// # } /// ```-#[cfg(not(feature = "no_cargo"))]+#[cfg(feature = "cargo")] #[macro_export] macro_rules! crate_name { () => {@@ -551,7 +279,7 @@ /// /// Equivalent to using the `crate_*!` macros with their respective fields. ///-/// Provided separator is for the [`crate_authors!`](macro.crate_authors.html) macro,+/// Provided separator is for the [`crate_authors!`] macro, /// refer to the documentation therefor. /// /// **NOTE:** Changing the values in your `Cargo.toml` does not trigger a re-build automatically,@@ -570,156 +298,398 @@ /// let m = app_from_crate!().get_matches(); /// # } /// ```-#[cfg(not(feature = "no_cargo"))]+#[cfg(feature = "cargo")] #[macro_export] macro_rules! app_from_crate {- () => {- $crate::App::new(crate_name!())- .version(crate_version!())- .author(crate_authors!())- .about(crate_description!())- };- ($sep:expr) => {- $crate::App::new(crate_name!())- .version(crate_version!())- .author(crate_authors!($sep))- .about(crate_description!())- };-}--/// Build `App`, `Arg`s, `SubCommand`s and `Group`s with Usage-string like input-/// but without the associated parsing runtime cost.-///-/// `clap_app!` also supports several shorthand syntaxes.+ () => {{+ let mut app = $crate::App::new($crate::crate_name!()).version($crate::crate_version!());++ let author = $crate::crate_authors!(", ");+ if !author.is_empty() {+ app = app.author(author)+ }++ let about = $crate::crate_description!();+ if !about.is_empty() {+ app = app.about(about)+ }++ app+ }};+ ($sep:expr) => {{+ let mut app = $crate::App::new($crate::crate_name!()).version($crate::crate_version!());++ let author = $crate::crate_authors!($sep);+ if !author.is_empty() {+ app = app.author(author)+ }++ let about = $crate::crate_description!();+ if !about.is_empty() {+ app = app.about(about)+ }++ app+ }};+}++#[doc(hidden)]+#[macro_export]+macro_rules! arg_impl {+ ( @string $val:ident ) => {+ stringify!($val)+ };+ ( @string $val:literal ) => {{+ let ident_or_string_literal: &str = $val;+ ident_or_string_literal+ }};+ ( @string $val:tt ) => {+ ::std::compile_error!("Only identifiers or string literals supported");+ };+ ( @string ) => {+ None+ };++ ( @char $val:ident ) => {{+ let ident_or_char_literal = stringify!($val);+ debug_assert_eq!(+ ident_or_char_literal.len(),+ 1,+ "Single-letter identifier expected, got {}",+ ident_or_char_literal+ );+ ident_or_char_literal.chars().next().unwrap()+ }};+ ( @char $val:literal ) => {{+ let ident_or_char_literal: char = $val;+ ident_or_char_literal+ }};+ ( @char ) => {{+ None+ }};++ (+ @arg+ ($arg:expr)+ --$long:ident+ $($tail:tt)*+ ) => {+ $crate::arg_impl! {+ @arg+ ({+ debug_assert_eq!($arg.get_value_names(), None, "Flags should precede values");+ debug_assert!(!$arg.is_set($crate::ArgSettings::MultipleOccurrences), "Flags should precede `...`");++ let mut arg = $arg;+ let long = $crate::arg_impl! { @string $long };+ if arg.get_name().is_empty() {+ arg = arg.name(long);+ }+ arg.long(long)+ })+ $($tail)*+ }+ };+ (+ @arg+ ($arg:expr)+ --$long:literal+ $($tail:tt)*+ ) => {+ $crate::arg_impl! {+ @arg+ ({+ debug_assert_eq!($arg.get_value_names(), None, "Flags should precede values");+ debug_assert!(!$arg.is_set($crate::ArgSettings::MultipleOccurrences), "Flags should precede `...`");++ let mut arg = $arg;+ let long = $crate::arg_impl! { @string $long };+ if arg.get_name().is_empty() {+ arg = arg.name(long);+ }+ arg.long(long)+ })+ $($tail)*+ }+ };+ (+ @arg+ ($arg:expr)+ -$short:ident+ $($tail:tt)*+ ) => {+ $crate::arg_impl! {+ @arg+ ({+ debug_assert_eq!($arg.get_long(), None, "Short flags should precede long flags");+ debug_assert_eq!($arg.get_value_names(), None, "Flags should precede values");+ debug_assert!(!$arg.is_set($crate::ArgSettings::MultipleOccurrences), "Flags should precede `...`");++ $arg.short($crate::arg_impl! { @char $short })+ })+ $($tail)*+ }+ };+ (+ @arg+ ($arg:expr)+ -$short:literal+ $($tail:tt)*+ ) => {+ $crate::arg_impl! {+ @arg+ ({+ debug_assert_eq!($arg.get_long(), None, "Short flags should precede long flags");+ debug_assert_eq!($arg.get_value_names(), None, "Flags should precede values");+ debug_assert!(!$arg.is_set($crate::ArgSettings::MultipleOccurrences), "Flags should precede `...`");++ $arg.short($crate::arg_impl! { @char $short })+ })+ $($tail)*+ }+ };+ (+ @arg+ ($arg:expr)+ <$value_name:ident>+ $($tail:tt)*+ ) => {+ $crate::arg_impl! {+ @arg+ ({+ debug_assert!(!$arg.is_set($crate::ArgSettings::MultipleOccurrences), "Values should precede `...`");+ debug_assert_eq!($arg.get_value_names(), None, "Multiple values not yet supported");++ let mut arg = $arg;++ arg = arg.required(true);+ arg = arg.takes_value(true);++ let value_name = $crate::arg_impl! { @string $value_name };+ if arg.get_name().is_empty() {+ arg = arg.name(value_name);+ }+ arg.value_name(value_name)+ })+ $($tail)*+ }+ };+ (+ @arg+ ($arg:expr)+ [$value_name:ident]+ $($tail:tt)*+ ) => {+ $crate::arg_impl! {+ @arg+ ({+ debug_assert!(!$arg.is_set($crate::ArgSettings::MultipleOccurrences), "Values should precede `...`");+ debug_assert_eq!($arg.get_value_names(), None, "Multiple values not yet supported");++ let mut arg = $arg;++ if arg.get_long().is_none() && arg.get_short().is_none() {+ arg = arg.required(false);+ } else {+ arg = arg.min_values(0).max_values(1);+ }+ arg = arg.takes_value(true);++ let value_name = $crate::arg_impl! { @string $value_name };+ if arg.get_name().is_empty() {+ arg = arg.name(value_name);+ }+ arg.value_name(value_name)+ })+ $($tail)*+ }+ };+ (+ @arg+ ($arg:expr)+ ...+ $($tail:tt)*+ ) => {+ $crate::arg_impl! {+ @arg+ ({+ $arg.multiple_occurrences(true)+ })+ $($tail)*+ }+ };+ (+ @arg+ ($arg:expr)+ $help:literal+ ) => {+ $arg.help($help)+ };+ (+ @arg+ ($arg:expr)+ ) => {+ $arg+ };+}++/// Create an [`Arg`] from a usage string.+///+/// Allows creation of basic settings for the [`Arg`].+///+/// **NOTE**: Not all settings may be set using the usage string method. Some properties are+/// only available via the builder pattern.+///+/// # Syntax+///+/// Usage strings typically following the form:+///+/// ```notrust+/// [explicit name] [short] [long] [value names] [...] [help string]+/// ```+///+/// ### Explicit Name+///+/// The name may be either a bare-word or a string, followed by a `:`, like `name:` or+/// `"name":`.+///+/// *Note:* This is an optional field, if it's omitted the argument will use one of the additional+/// fields as the name using the following priority order:+///+/// 1. Explicit Name+/// 2. Long+/// 3. Value Name+///+/// See [`Arg::name`][crate::Arg::name].+///+/// ### Short+///+/// A short flag is a `-` followed by either a bare-character or quoted character, like `-f` or+/// `-'f'`.+///+/// See [`Arg::short`][crate::Arg::short].+///+/// ### Long+///+/// A long flag is a `--` followed by either a bare-word or a string, like `--foo` or+/// `--"foo"`.+///+/// See [`Arg::long`][crate::Arg::long].+///+/// ### Values (Value Notation)+///+/// This is set by placing bare-word between:+/// - `[]` like `[FOO]`+/// - Positional argument: optional+/// - Named argument: optional value+/// - `<>` like `<FOO>`: required+///+/// See [`Arg::value_name`][crate::Arg::value_name].+///+/// ### `...`+///+/// `...` (three consecutive dots/periods) specifies that this argument may occur multiple+/// times (not to be confused with multiple values per occurrence).+///+/// See [`Arg::multiple_occurrences`][crate::Arg::multiple_occurrences].+///+/// ### Help String+///+/// The help string is denoted between a pair of single quotes `''` and may contain any+/// characters. /// /// # Examples ///-/// ```no_run-/// # #[macro_use]-/// # extern crate clap;-/// # fn main() {-/// let matches = clap_app!(myapp =>-/// (version: "1.0")-/// (author: "Kevin K. <[email protected]>")-/// (about: "Does awesome things")-/// (@arg CONFIG: -c --config +takes_value "Sets a custom config file")-/// (@arg INPUT: +required "Sets the input file to use")-/// (@arg debug: -d ... "Sets the level of debugging information")-/// (@group difficulty =>-/// (@arg hard: -h --hard "Sets hard mode")-/// (@arg normal: -n --normal "Sets normal mode")-/// (@arg easy: -e --easy "Sets easy mode")-/// )-/// (@subcommand test =>-/// (about: "controls testing features")-/// (version: "1.3")-/// (author: "Someone E. <[email protected]>")-/// (@arg verbose: -v --verbose "Print test information verbosely")-/// )-/// )-/// .get_matches();-/// # }+/// ```rust+/// # use clap::{App, Arg, arg};+/// App::new("prog")+/// .args(&[+/// arg!(--config <FILE> "a required file for the configuration and no short"),+/// arg!(-d --debug ... "turns on debugging information and allows multiples"),+/// arg!([input] "an optional input file to use")+/// ])+/// # ; /// ```-/// # Shorthand Syntax for Args-///-/// * A single hyphen followed by a character (such as `-c`) sets the [`Arg::short`]-/// * A double hyphen followed by a character or word (such as `--config`) sets [`Arg::long`]-/// * If one wishes to use a [`Arg::long`] with a hyphen inside (i.e. `--config-file`), you-/// must use `--("config-file")` due to limitations of the Rust macro system.-/// * Three dots (`...`) sets [`Arg::multiple(true)`]-/// * Angled brackets after either a short or long will set [`Arg::value_name`] and-/// `Arg::required(true)` such as `--config <FILE>` = `Arg::value_name("FILE")` and-/// `Arg::required(true)`-/// * Square brackets after either a short or long will set [`Arg::value_name`] and-/// `Arg::required(false)` such as `--config [FILE]` = `Arg::value_name("FILE")` and-/// `Arg::required(false)`-/// * There are short hand syntaxes for Arg methods that accept booleans-/// * A plus sign will set that method to `true` such as `+required` = `Arg::required(true)`-/// * An exclamation will set that method to `false` such as `!required` = `Arg::required(false)`-/// * A `#{min, max}` will set [`Arg::min_values(min)`] and [`Arg::max_values(max)`]-/// * An asterisk (`*`) will set `Arg::required(true)`-/// * Curly brackets around a `fn` will set [`Arg::validator`] as in `{fn}` = `Arg::validator(fn)`-/// * An Arg method that accepts a string followed by square brackets will set that method such as-/// `conflicts_with[FOO]` will set `Arg::conflicts_with("FOO")` (note the lack of quotes around-/// `FOO` in the macro)-/// * An Arg method that takes a string and can be set multiple times (such as-/// [`Arg::conflicts_with`]) followed by square brackets and a list of values separated by spaces-/// will set that method such as `conflicts_with[FOO BAR BAZ]` will set-/// `Arg::conflicts_with("FOO")`, `Arg::conflicts_with("BAR")`, and `Arg::conflicts_with("BAZ")`-/// (note the lack of quotes around the values in the macro)-///-/// # Shorthand Syntax for Groups-///-/// * There are short hand syntaxes for `ArgGroup` methods that accept booleans-/// * A plus sign will set that method to `true` such as `+required` = `ArgGroup::required(true)`-/// * An exclamation will set that method to `false` such as `!required` = `ArgGroup::required(false)`-///-/// [`Arg::short`]: ./struct.Arg.html#method.short-/// [`Arg::long`]: ./struct.Arg.html#method.long-/// [`Arg::multiple(true)`]: ./struct.Arg.html#method.multiple-/// [`Arg::value_name`]: ./struct.Arg.html#method.value_name-/// [`Arg::min_values(min)`]: ./struct.Arg.html#method.min_values-/// [`Arg::max_values(max)`]: ./struct.Arg.html#method.max_values-/// [`Arg::validator`]: ./struct.Arg.html#method.validator-/// [`Arg::conflicts_with`]: ./struct.Arg.html#method.conflicts_with+/// [`Arg`]: ./struct.Arg.html+#[macro_export]+macro_rules! arg {+ ( $name:ident: $($tail:tt)+ ) => {+ $crate::arg_impl! {+ @arg ($crate::Arg::new($crate::arg_impl! { @string $name })) $($tail)++ }+ };+ ( $($tail:tt)+ ) => {{+ let arg = $crate::arg_impl! {+ @arg ($crate::Arg::default()) $($tail)++ };+ debug_assert!(!arg.get_name().is_empty(), "Without a value or long flag, the `name:` prefix is required");+ arg+ }};+}++/// Deprecated, replaced with [`clap::Parser`][crate::Parser] and [`clap::arg!`][crate::arg] (Issue clap-rs/clap#2835)+#[deprecated(+ since = "3.0.0",+ note = "Replaced with `clap::Parser` for a declarative API (Issue clap-rs/clap#2835)"+)] #[macro_export] macro_rules! clap_app { (@app ($builder:expr)) => { $builder }; (@app ($builder:expr) (@arg ($name:expr): $($tail:tt)*) $($tt:tt)*) => {- clap_app!{ @app+ $crate::clap_app!{ @app ($builder.arg(- clap_app!{ @arg ($crate::Arg::with_name($name)) (-) $($tail)* }))+ $crate::clap_app!{ @arg ($crate::Arg::new($name)) (-) $($tail)* })) $($tt)* } }; (@app ($builder:expr) (@arg $name:ident: $($tail:tt)*) $($tt:tt)*) => {- clap_app!{ @app+ $crate::clap_app!{ @app ($builder.arg(- clap_app!{ @arg ($crate::Arg::with_name(stringify!($name))) (-) $($tail)* }))+ $crate::clap_app!{ @arg ($crate::Arg::new(stringify!($name))) (-) $($tail)* })) $($tt)* } }; (@app ($builder:expr) (@setting $setting:ident) $($tt:tt)*) => {- clap_app!{ @app+ $crate::clap_app!{ @app ($builder.setting($crate::AppSettings::$setting)) $($tt)* } }; // Treat the application builder as an argument to set its attributes (@app ($builder:expr) (@attributes $($attr:tt)*) $($tt:tt)*) => {- clap_app!{ @app (clap_app!{ @arg ($builder) $($attr)* }) $($tt)* }+ $crate::clap_app!{ @app ($crate::clap_app!{ @arg ($builder) $($attr)* }) $($tt)* } }; (@app ($builder:expr) (@group $name:ident => $($tail:tt)*) $($tt:tt)*) => {- clap_app!{ @app- (clap_app!{ @group ($builder, $crate::ArgGroup::with_name(stringify!($name))) $($tail)* })+ $crate::clap_app!{ @app+ ($crate::clap_app!{ @group ($builder, $crate::ArgGroup::new(stringify!($name))) $($tail)* }) $($tt)* } }; (@app ($builder:expr) (@group $name:ident !$ident:ident => $($tail:tt)*) $($tt:tt)*) => {- clap_app!{ @app- (clap_app!{ @group ($builder, $crate::ArgGroup::with_name(stringify!($name)).$ident(false)) $($tail)* })+ $crate::clap_app!{ @app+ ($crate::clap_app!{ @group ($builder, $crate::ArgGroup::new(stringify!($name)).$ident(false)) $($tail)* })
After analyzing the provided code diff, I don't identify any clear security vulnerabilities being fixed. The changes appear to be primarily: 1. Deprecating old macros and replacing them with new implementations 2. Code cleanup and reorganization 3. Adding new features and functionality Here's the analysis following the requested format: Vulnerability Existed: no No security vulnerabilities identified [third_party/rust/clap/src/macros.rs] [All lines] [Old code] [Fixed code] The changes include: 1. Deprecating the `load_yaml!` macro and suggesting `clap::Parser` as alternative 2. Deprecating value_t macros in favor of new methods 3. Deprecating `arg_enum!` in favor of `ArgEnum` 4. Various code improvements and refactoring The diff shows modernization of the codebase rather than security fixes. The changes are focused on: - Better error handling - Improved macro implementations - Deprecation of older APIs - Addition of new features - Code organization improvements No specific security vulnerabilities are being addressed in these changes. The modifications appear to be part of normal code maintenance and evolution of the library.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.stroke.union.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.stroke.union.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -25,7 +25,7 @@ ctx.moveTo(100, 40); ctx.lineTo(0, 40); ctx.stroke();-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
After analyzing the provided code diff, I don't see any security-related fixes. The changes appear to be purely cosmetic/refactoring, renaming a variable from `offscreenCanvas` to `canvas` for consistency. Here's the analysis following your requested format:
Vulnerability Existed: no
[No security vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.stroke.union.worker.js] [Lines 13-25]
[Old Code: var offscreenCanvas = new OffscreenCanvas(100, 50); var ctx = offscreenCanvas.getContext('2d'); ... _assertPixel(offscreenCanvas, ...)]
[Fixed Code: var canvas = new OffscreenCanvas(100, 50); var ctx = canvas.getContext('2d'); ... _assertPixel(canvas, ...)]
The changes are:
1. Variable name change from `offscreenCanvas` to `canvas`
2. Corresponding updates to references of this variable
3. No changes to the actual logic or security-related functionality
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.css-color-4-rgb-1.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.css-color-4-rgb-1.worker.js@@ -13,14 +13,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillStyle = 'rgb(0, 255.0, 0)'; ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
Based on the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely cosmetic/refactoring changes (variable renaming) rather than security-related fixes. Here's the analysis:
Vulnerability Existed: no
No security vulnerability found [File] [Lines 13-14, 20]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
The changes simply rename the variable `offscreenCanvas` to `canvas` and update its references accordingly. There are no changes to the actual security-sensitive operations or data handling. The functionality remains exactly the same, just with a different variable name.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/darling/src/macros_public.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/darling/src/macros_public.rs@@ -12,9 +12,7 @@ /// /// ```rust /// # extern crate syn;-/// #-/// # #[macro_use]-/// # extern crate darling_core;+/// # use darling_core::uses_type_params; /// # /// struct MyField { /// ty: syn::Type,
Based on the provided diff, I'll analyze it for potential security vulnerabilities: 1. Vulnerability Existed: no Dependency Visibility Change [third_party/rust/darling/src/macros_public.rs] [Lines 12-15] Old Code: ```rust # extern crate syn; # # #[macro_use] # extern crate darling_core; ``` Fixed Code: ```rust # extern crate syn; # use darling_core::uses_type_params; ``` Additional Details: This change appears to be a documentation improvement rather than a security fix. It updates the example code to use a more modern Rust import style (using `use` instead of `#[macro_use]`), but doesn't address any security vulnerability. The diff shows only documentation/example code changes in a Rust macro's public documentation. There are no apparent security vulnerabilities being fixed in this change - it's purely a style/usage improvement in example code. No actual functionality or security-relevant code was modified.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/wgpu-core/src/device/mod.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/wgpu-core/src/device/mod.rs@@ -597,13 +597,13 @@ fn create_texture_from_hal( &self, hal_texture: A::Texture,+ hal_usage: hal::TextureUses, self_id: id::DeviceId, desc: &resource::TextureDescriptor, format_features: wgt::TextureFormatFeatures,+ clear_mode: resource::TextureClearMode<A>, ) -> resource::Texture<A> { debug_assert_eq!(self_id.backend(), A::VARIANT);-- let hal_usage = conv::map_texture_usage(desc.usage, desc.format.into()); resource::Texture { inner: resource::TextureInner::Native {@@ -618,13 +618,14 @@ format_features, initialization_status: TextureInitTracker::new( desc.mip_level_count,- desc.size.depth_or_array_layers,+ desc.array_layer_count(), ), full_range: TextureSelector { levels: 0..desc.mip_level_count, layers: 0..desc.array_layer_count(), }, life_guard: LifeGuard::new(desc.label.borrow_or_default()),+ clear_mode, } }@@ -634,9 +635,69 @@ adapter: &crate::instance::Adapter<A>, desc: &resource::TextureDescriptor, ) -> Result<resource::Texture<A>, resource::CreateTextureError> {- // Enforce COPY_DST, otherwise we wouldn't be able to initialize the texture.- let hal_usage =- conv::map_texture_usage(desc.usage, desc.format.into()) | hal::TextureUses::COPY_DST;+ let format_desc = desc.format.describe();++ // Depth textures can only be 2D+ if format_desc.sample_type == wgt::TextureSampleType::Depth+ && desc.dimension != wgt::TextureDimension::D2+ {+ return Err(resource::CreateTextureError::InvalidDepthKind(+ desc.dimension,+ desc.format,+ ));+ }++ let format_features = self+ .describe_format_features(adapter, desc.format)+ .map_err(|error| resource::CreateTextureError::MissingFeatures(desc.format, error))?;++ if desc.usage.is_empty() {+ return Err(resource::CreateTextureError::EmptyUsage);+ }++ let missing_allowed_usages = desc.usage - format_features.allowed_usages;+ if !missing_allowed_usages.is_empty() {+ return Err(resource::CreateTextureError::InvalidUsages(+ missing_allowed_usages,+ desc.format,+ ));+ }++ conv::check_texture_dimension_size(+ desc.dimension,+ desc.size,+ desc.sample_count,+ &self.limits,+ )?;++ let mips = desc.mip_level_count;+ let max_levels_allowed = desc.size.max_mips(desc.dimension).min(hal::MAX_MIP_LEVELS);+ if mips == 0 || mips > max_levels_allowed {+ return Err(resource::CreateTextureError::InvalidMipLevelCount {+ requested: mips,+ maximum: max_levels_allowed,+ });+ }++ // Enforce having COPY_DST/DEPTH_STENCIL_WRIT/COLOR_TARGET otherwise we wouldn't be able to initialize the texture.+ let hal_usage = conv::map_texture_usage(desc.usage, desc.format.into())+ | if format_desc.sample_type == wgt::TextureSampleType::Depth {+ hal::TextureUses::DEPTH_STENCIL_WRITE+ } else if desc.usage.contains(wgt::TextureUsages::COPY_DST) {+ hal::TextureUses::COPY_DST // (set already)+ } else {+ // Use COPY_DST only if we can't use COLOR_TARGET+ if format_features+ .allowed_usages+ .contains(wgt::TextureUsages::RENDER_ATTACHMENT)+ && desc.dimension != wgt::TextureDimension::D3+ // Render targets into 3D textures are not+ {+ hal::TextureUses::COLOR_TARGET+ } else {+ hal::TextureUses::COPY_DST+ }+ }; let hal_desc = hal::TextureDescriptor { label: desc.label.borrow_option(),@@ -649,41 +710,65 @@ memory_flags: hal::MemoryFlags::empty(), };- let format_features = self- .describe_format_features(adapter, desc.format)- .map_err(|error| resource::CreateTextureError::MissingFeatures(desc.format, error))?;-- if desc.usage.is_empty() {- return Err(resource::CreateTextureError::EmptyUsage);- }-- let missing_allowed_usages = desc.usage - format_features.allowed_usages;- if !missing_allowed_usages.is_empty() {- return Err(resource::CreateTextureError::InvalidUsages(- missing_allowed_usages,- desc.format,- ));- }-- conv::check_texture_dimension_size(- desc.dimension,- desc.size,- desc.sample_count,- &self.limits,- )?;-- let mips = desc.mip_level_count;- if mips == 0 || mips > hal::MAX_MIP_LEVELS || mips > desc.size.max_mips() {- return Err(resource::CreateTextureError::InvalidMipLevelCount(mips));- }-- let raw = unsafe {+ let raw_texture = unsafe { self.raw .create_texture(&hal_desc) .map_err(DeviceError::from)? };- let mut texture = self.create_texture_from_hal(raw, self_id, desc, format_features);+ let clear_mode = if hal_usage+ .intersects(hal::TextureUses::DEPTH_STENCIL_WRITE | hal::TextureUses::COLOR_TARGET)+ {+ let (is_color, usage) =+ if desc.format.describe().sample_type == wgt::TextureSampleType::Depth {+ (false, hal::TextureUses::DEPTH_STENCIL_WRITE)+ } else {+ (true, hal::TextureUses::COLOR_TARGET)+ };+ let dimension = match desc.dimension {+ wgt::TextureDimension::D1 => wgt::TextureViewDimension::D1,+ wgt::TextureDimension::D2 => wgt::TextureViewDimension::D2,+ wgt::TextureDimension::D3 => unreachable!(),+ };++ let mut clear_views = SmallVec::new();+ for mip_level in 0..desc.mip_level_count {+ for array_layer in 0..desc.size.depth_or_array_layers {+ let desc = hal::TextureViewDescriptor {+ label: Some("clear texture view"),+ format: desc.format,+ dimension,+ usage,+ range: wgt::ImageSubresourceRange {+ aspect: wgt::TextureAspect::All,+ base_mip_level: mip_level,+ mip_level_count: NonZeroU32::new(1),+ base_array_layer: array_layer,+ array_layer_count: NonZeroU32::new(1),+ },+ };+ clear_views.push(+ unsafe { self.raw.create_texture_view(&raw_texture, &desc) }+ .map_err(DeviceError::from)?,+ );+ }+ }+ resource::TextureClearMode::RenderPass {+ clear_views,+ is_color,+ }+ } else {+ resource::TextureClearMode::BufferCopy+ };++ let mut texture = self.create_texture_from_hal(+ raw_texture,+ hal_usage,+ self_id,+ desc,+ format_features,+ clear_mode,+ ); texture.hal_usage = hal_usage; Ok(texture) }@@ -701,6 +786,7 @@ let view_dim = match desc.dimension { Some(dim) => {+ // check if the dimension is compatible with the texture if texture.desc.dimension != dim.compatible_texture_dimension() { return Err( resource::CreateTextureViewError::InvalidTextureViewDimension {@@ -708,6 +794,14 @@ texture: texture.desc.dimension, }, );+ }+ // check if multisampled texture is seen as anything but 2D+ match dim {+ wgt::TextureViewDimension::D2 | wgt::TextureViewDimension::D2Array => {}+ _ if texture.desc.sample_count > 1 => {+ return Err(resource::CreateTextureViewError::InvalidMultisampledTextureViewDimension(dim));+ }+ _ => {} } dim }@@ -1455,11 +1549,10 @@ ) -> Result<(), binding_model::CreateBindGroupError> { // Careful here: the texture may no longer have its own ref count, // if it was deleted by the user.- let parent_id = view.parent_id.value;- let texture = &texture_guard[parent_id];+ let texture = &texture_guard[view.parent_id.value]; used.textures .change_extend(- parent_id,+ view.parent_id.value, &view.parent_id.ref_count, view.selector.clone(), internal_use,@@ -1468,7 +1561,7 @@ check_texture_usage(texture.desc.usage, pub_usage)?; used_texture_ranges.push(TextureInitTrackerAction {- id: parent_id.0,+ id: view.parent_id.value.0, range: TextureInitRange { mip_range: view.desc.range.mip_range(&texture.desc), layer_range: view.desc.range.layer_range(&texture.desc),@@ -1797,19 +1890,19 @@ view_samples: view.samples, }); }- match (sample_type, format_info.sample_type, view.format_features.filterable) {- (Tst::Uint, Tst::Uint, ..) |- (Tst::Sint, Tst::Sint, ..) |- (Tst::Depth, Tst::Depth, ..) |+ match (sample_type, format_info.sample_type) {+ (Tst::Uint, Tst::Uint) |+ (Tst::Sint, Tst::Sint) |+ (Tst::Depth, Tst::Depth) | // if we expect non-filterable, accept anything float- (Tst::Float { filterable: false }, Tst::Float { .. }, ..) |+ (Tst::Float { filterable: false }, Tst::Float { .. }) | // if we expect filterable, require it- (Tst::Float { filterable: true }, Tst::Float { filterable: true }, ..) |+ (Tst::Float { filterable: true }, Tst::Float { filterable: true }) |+ // if we expect float, also accept depth+ (Tst::Float { .. }, Tst::Depth, ..) => {} // if we expect filterable, also accept Float that is defined as unfilterable if filterable feature is explicitly enabled // (only hit if wgt::Features::TEXTURE_ADAPTER_SPECIFIC_FORMAT_FEATURES is enabled)- (Tst::Float { filterable: true }, Tst::Float { .. }, true) |- // if we expect float, also accept depth- (Tst::Float { .. }, Tst::Depth, ..) => {}+ (Tst::Float { filterable: true }, Tst::Float { .. }) if view.format_features.flags.contains(wgt::TextureFormatFeatureFlags::FILTERABLE) => {} _ => { return Err(Error::InvalidTextureSampleType { binding,@@ -2175,6 +2268,8 @@ hub: &Hub<A, G>, token: &mut Token<Self>, ) -> Result<pipeline::RenderPipeline<A>, pipeline::CreateRenderPipelineError> {+ use wgt::TextureFormatFeatureFlags as Tfff;+ //TODO: only lock mutable if the layout is derived let (mut pipeline_layout_guard, mut token) = hub.pipeline_layouts.write(token); let (mut bgl_guard, mut token) = hub.bind_group_layouts.write(&mut token);@@ -2320,12 +2415,16 @@ { break Some(pipeline::ColorStateError::FormatNotRenderable(cs.format)); }- if cs.blend.is_some() && !format_features.filterable {+ if cs.blend.is_some() && !format_features.flags.contains(Tfff::FILTERABLE) { break Some(pipeline::ColorStateError::FormatNotBlendable(cs.format)); } if !hal::FormatAspects::from(cs.format).contains(hal::FormatAspects::COLOR) { break Some(pipeline::ColorStateError::FormatNotColor(cs.format)); }+ if desc.multisample.count > 1 && !format_features.flags.contains(Tfff::MULTISAMPLE)+ {+ break Some(pipeline::ColorStateError::FormatNotMultisampled(cs.format));+ } break None; };@@ -2336,8 +2435,8 @@ if let Some(ds) = depth_stencil_state { let error = loop {- if !self- .describe_format_features(adapter, ds.format)?+ let format_features = self.describe_format_features(adapter, ds.format)?;+ if !format_features .allowed_usages .contains(wgt::TextureUsages::RENDER_ATTACHMENT) {@@ -2345,6 +2444,7 @@ ds.format, )); }+ let aspect = hal::FormatAspects::from(ds.format); if ds.is_depth_enabled() && !aspect.contains(hal::FormatAspects::DEPTH) { break Some(pipeline::DepthStencilStateError::FormatNotDepth(ds.format));@@ -2354,6 +2454,13 @@ ds.format, )); }+ if desc.multisample.count > 1 && !format_features.flags.contains(Tfff::MULTISAMPLE)+ {+ break Some(pipeline::DepthStencilStateError::FormatNotMultisampled(+ ds.format,+ ));+ }+ break None; }; if let Some(e) = error {@@ -3323,8 +3430,14 @@ Err(error) => break error, };- let mut texture =- device.create_texture_from_hal(hal_texture, device_id, desc, format_features);+ let mut texture = device.create_texture_from_hal(+ hal_texture,+ conv::map_texture_usage(desc.usage, desc.format.into()),+ device_id,+ desc,+ format_features,+ resource::TextureClearMode::None,+ ); if desc.usage.contains(wgt::TextureUsages::COPY_DST) { texture.hal_usage |= hal::TextureUses::COPY_DST; }@@ -3380,22 +3493,37 @@ trace.lock().add(trace::Action::FreeTexture(texture_id)); }+ let last_submit_index = texture.life_guard.life_count();++ let clear_views =+ match std::mem::replace(&mut texture.clear_mode, resource::TextureClearMode::None) {+ resource::TextureClearMode::BufferCopy => SmallVec::new(),+ resource::TextureClearMode::RenderPass { clear_views, .. } => clear_views,+ resource::TextureClearMode::None => SmallVec::new(),+ };+ match texture.inner { resource::TextureInner::Native { ref mut raw } => { let raw = raw.take().ok_or(resource::DestroyError::AlreadyDestroyed)?;- let temp = queue::TempResource::Texture(raw);+ let temp = queue::TempResource::Texture(raw, clear_views); if device.pending_writes.dst_textures.contains(&texture_id) { device.pending_writes.temp_resources.push(temp); } else {- let last_submit_index = texture.life_guard.life_count(); drop(texture_guard); device .lock_life(&mut token) .schedule_resource_destruction(temp, last_submit_index); } }- resource::TextureInner::Surface { .. } => {} //TODO+ resource::TextureInner::Surface { .. } => {+ for clear_view in clear_views {+ unsafe {+ device.raw.destroy_texture_view(clear_view);+ }+ }+ // TODO?+ } } Ok(())
Here's the analysis of the provided code diff for security fixes: 1. Vulnerability Existed: yes Improper Input Validation [third_party/rust/wgpu-core/src/device/mod.rs] [Lines 634-679] [Old Code] No validation for depth texture dimensions or mip level counts [Fixed Code] Added validation for: - Depth textures must be 2D - Mip level counts must be within allowed range - Texture usage flags must be valid for the format 2. Vulnerability Existed: yes Insufficient Texture Usage Validation [third_party/rust/wgpu-core/src/device/mod.rs] [Lines 634-679] [Old Code] Simple COPY_DST enforcement without comprehensive usage checks [Fixed Code] Added comprehensive usage validation: - Checks for empty usage - Validates against allowed format features - Properly handles depth/stencil and color target cases 3. Vulnerability Existed: yes Texture View Dimension Validation [third_party/rust/wgpu-core/src/device/mod.rs] [Lines 786-794] [Old Code] No validation for multisampled texture view dimensions [Fixed Code] Added validation that multisampled textures can only be viewed as 2D or 2DArray 4. Vulnerability Existed: yes Texture Clear Mode Handling [third_party/rust/wgpu-core/src/device/mod.rs] [Lines 3493-3501] [Old Code] No proper cleanup of clear views when destroying textures [Fixed Code] Properly handles cleanup of clear views in all cases (BufferCopy, RenderPass, None) 5. Vulnerability Existed: not sure Texture Sample Type Validation [third_party/rust/wgpu-core/src/device/mod.rs] [Lines 1890-1903] [Old Code] Basic sample type matching [Fixed Code] Enhanced validation including filterable flag checks and format feature flags 6. Vulnerability Existed: yes Multisample Format Validation [third_party/rust/wgpu-core/src/device/mod.rs] [Lines 2415-2429, 2454-2459] [Old Code] No validation for multisample format capabilities [Fixed Code] Added checks for Tfff::MULTISAMPLE flag when multisampling is used The changes primarily focus on adding proper validation for texture creation and usage, fixing potential security issues related to: - Improper input validation - Insufficient resource usage checks - Improper cleanup of resources - Missing validation for special cases (multisampling, depth textures) These fixes help prevent potential: - Memory corruption - Invalid resource access - GPU crashes - Security bypasses through malformed resources
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/drawing-images-to-the-canvas/2d.drawImage.9arg.sourcepos.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/drawing-images-to-the-canvas/2d.drawImage.9arg.sourcepos.worker.js@@ -14,8 +14,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -31,10 +31,10 @@ promise.then(function(response) { createImageBitmap(response).then(bitmap => { ctx.drawImage(bitmap, 140, 20, 100, 50, 0, 0, 100, 50);- _assertPixelApprox(offscreenCanvas, 0,0, 0,255,0,255, "0,0", "0,255,0,255", 2);- _assertPixelApprox(offscreenCanvas, 99,0, 0,255,0,255, "99,0", "0,255,0,255", 2);- _assertPixelApprox(offscreenCanvas, 0,49, 0,255,0,255, "0,49", "0,255,0,255", 2);- _assertPixelApprox(offscreenCanvas, 99,49, 0,255,0,255, "99,49", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 0,0, 0,255,0,255, "0,0", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 99,0, 0,255,0,255, "99,0", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 0,49, 0,255,0,255, "0,49", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 99,49, 0,255,0,255, "99,49", "0,255,0,255", 2); }, t_fail); }).then(t_pass, t_fail);
Analysis of the provided code diff:
1. Vulnerability Existed: no
No specific vulnerability found [File] [Lines 14-15, 31-34]
Old Code:
```javascript
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
...
_assertPixelApprox(offscreenCanvas, 0,0, 0,255,0,255, "0,0", "0,255,0,255", 2);
```
Fixed Code:
```javascript
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
...
_assertPixelApprox(canvas, 0,0, 0,255,0,255, "0,0", "0,255,0,255", 2);
```
Additional Details:
- The changes appear to be purely variable renaming from `offscreenCanvas` to `canvas` for consistency or readability
- No security-related changes were made in this diff
- The functionality remains exactly the same, only the variable name was changed
- No vulnerabilities were introduced or fixed by this change
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.isPointInPath.basic.2.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.isPointInPath.basic.2.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.rect(20, 0, 20, 20); _assertSame(ctx.isPointInPath(10, 10), false, "ctx.isPointInPath(10, 10)", "false");
Analysis of the provided code diff:
1. Vulnerability Existed: no
No security vulnerability found [File] testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.isPointInPath.basic.2.html [Lines] 17-18
Old Code:
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
Fixed Code:
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
Additional Notes:
- The changes appear to be purely variable renaming (from 'offscreenCanvas' to 'canvas')
- No security-related changes or fixes were made in this diff
- The functionality remains exactly the same, only the variable name was changed for better clarity/consistency
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/gfx/layers/ipc/CanvasTranslator.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/gfx/layers/ipc/CanvasTranslator.h@@ -174,6 +174,9 @@ RemoveDataSurface(aRefPtr); InlineTranslator::RemoveSourceSurface(aRefPtr); }++ already_AddRefed<gfx::SourceSurface> LookupExternalSurface(+ uint64_t aKey) final; /** * Gets the cached DataSourceSurface, if it exists, associated with a
I'll analyze the provided code diff for security fixes. Since the diff shows only additions and no modifications or deletions of existing code, it's challenging to identify specific security vulnerabilities that were fixed. However, I'll analyze it based on what's shown.
Vulnerability Existed: not sure
Potential Missing Security Check [File] gfx/layers/ipc/CanvasTranslator.h [Lines] 174-177
[Old Code]
RemoveDataSurface(aRefPtr);
InlineTranslator::RemoveSourceSurface(aRefPtr);
}
[Fixed Code]
RemoveDataSurface(aRefPtr);
InlineTranslator::RemoveSourceSurface(aRefPtr);
}
already_AddRefed<gfx::SourceSurface> LookupExternalSurface(
uint64_t aKey) final;
Additional Details:
- The addition of `LookupExternalSurface` method suggests new functionality for looking up external surfaces by key
- Without seeing the implementation, we can't be certain about security implications
- The method deals with external resources which could potentially be a security boundary
- The `final` keyword suggests this is meant to be an endpoint for inheritance, which could be a security-conscious design choice
Note: Since this is only a header file change and we don't see the implementation or the context of what was fixed, it's difficult to identify specific vulnerabilities. The addition could be part of a larger security fix that isn't fully visible in this diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.