Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/promise/PromiseNativeHandler.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/promise/PromiseNativeHandler.h@@ -10,6 +10,7 @@ #include <functional> #include "js/TypeDecls.h" #include "js/Value.h"+#include "mozilla/ErrorResult.h" #include "mozilla/Maybe.h" #include "nsISupports.h"@@ -27,12 +28,12 @@ public: MOZ_CAN_RUN_SCRIPT- virtual void ResolvedCallback(JSContext* aCx,- JS::Handle<JS::Value> aValue) = 0;+ virtual void ResolvedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue,+ ErrorResult& aRv) = 0; MOZ_CAN_RUN_SCRIPT- virtual void RejectedCallback(JSContext* aCx,- JS::Handle<JS::Value> aValue) = 0;+ virtual void RejectedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue,+ ErrorResult& aRv) = 0; }; // This class is used to set C++ callbacks once a dom Promise a resolved or@@ -50,8 +51,10 @@ void Clear();- void ResolvedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue) override;- void RejectedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue) override;+ void ResolvedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue,+ ErrorResult& aRv) override;+ void RejectedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue,+ ErrorResult& aRv) override; private: ~DomPromiseListener();
Let me analyze the code diff for security fixes: 1. Vulnerability Existed: not sure [Potential Error Handling Improvement] [dom/promise/PromiseNativeHandler.h] [Lines 27-32, 50-55] [Old Code] virtual void ResolvedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue) = 0; virtual void RejectedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue) = 0; [Fixed Code] virtual void ResolvedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue, ErrorResult& aRv) = 0; virtual void RejectedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue, ErrorResult& aRv) = 0; The main change appears to be adding ErrorResult parameters to callback functions. While this isn't fixing a specific named vulnerability, it improves error handling which could potentially prevent security issues related to uncaught exceptions or improper error states. The addition suggests better error propagation in promise handling. Note: No specific vulnerability name is identified since this appears to be more of a general robustness improvement rather than fixing a particular security flaw. The change could help prevent potential issues related to error handling, but we can't be certain about specific vulnerabilities it might be addressing.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/editing/data/insertunorderedlist.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/editing/data/insertunorderedlist.js@@ -739,5 +739,35 @@ [["defaultparagraphseparator","p"],["insertunorderedlist",""]], "<ul>{<li style=\"font-size:1.3em\">1</li><li style=\"font-size:1.1em\">2</li>}</ul>", [true,true],- {"defaultparagraphseparator":[false,false,"div",false,false,"p"],"insertunorderedlist":[false,false,"",false,true,""]}]+ {"defaultparagraphseparator":[false,false,"div",false,false,"p"],"insertunorderedlist":[false,false,"",false,true,""]}],+["{}",+ [["insertunorderedlist",""],["inserttext","abc"]],+ ["<ul><li>abc</li></ul>",+ "<ul><li>abc<br></li></ul>"],+ [true,true],+ {"insertunorderedlist":[false,false,"false",false,true,"true"]}],+["<div>{}</div>",+ [["insertunorderedlist",""],["inserttext","abc"]],+ ["<div><ul><li>abc</li></ul></div>",+ "<div><ul><li>abc<br></li></ul></div>"],+ [true,true],+ {"insertunorderedlist":[false,false,"false",false,true,"true"]}],+["<div>{}<br></div>",+ [["insertunorderedlist",""],["inserttext","abc"]],+ ["<div><ul><li>abc</li></ul></div>",+ "<div><ul><li>abc<br></li></ul></div>"],+ [true,true],+ {"insertunorderedlist":[false,false,"false",false,true,"true"]}],+["<p>{}</p>",+ [["insertunorderedlist",""],["inserttext","abc"]],+ ["<ul><li>abc</li></ul>",+ "<ul><li>abc<br></li></ul>"],+ [true,true],+ {"insertunorderedlist":[false,false,"false",false,true,"true"]}],+["<p>{}<br></p>",+ [["insertunorderedlist",""],["inserttext","abc"]],+ ["<ul><li>abc</li></ul>",+ "<ul><li>abc<br></li></ul>"],+ [true,true],+ {"insertunorderedlist":[false,false,"false",false,true,"true"]}], ]
After analyzing the provided code diff, I don't identify any clear security vulnerabilities. The changes appear to be test case additions for the `insertunorderedlist` functionality, focusing on different HTML element scenarios and their behavior when inserting unordered lists and text. Here's the analysis: 1. Vulnerability Existed: no No specific vulnerability [File: testing/web-platform/tests/editing/data/insertunorderedlist.js] [Lines: 739-773] [Old Code: Single test case] [Fixed Code: Multiple additional test cases for different HTML scenarios] The diff primarily adds new test cases for various HTML contexts (empty content, div, p elements, with and without line breaks) to verify the behavior of the insertunorderedlist command. There are no security-related fixes or vulnerabilities apparent in these changes. The modifications are focused on expanding test coverage rather than addressing security issues.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/compositing/2d.composite.uncovered.fill.source-out.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/compositing/2d.composite.uncovered.fill.source-out.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = 'rgba(0, 255, 0, 0.5)';@@ -23,7 +23,7 @@ ctx.fillStyle = 'rgba(0, 0, 255, 0.75)'; ctx.translate(0, 25); ctx.fillRect(0, 50, 100, 50);-_assertPixelApprox(offscreenCanvas, 50,25, 0,0,0,0, "50,25", "0,0,0,0", 5);+_assertPixelApprox(canvas, 50,25, 0,0,0,0, "50,25", "0,0,0,0", 5); t.done(); });
After analyzing the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely variable renaming and don't affect security. Here's the analysis:
1. Vulnerability Existed: no
No security vulnerability found
File: testing/web-platform/tests/html/canvas/offscreen/compositing/2d.composite.uncovered.fill.source-out.worker.js
Lines: 13-23
Old Code:
```
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
```
Fixed Code:
```
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
```
2. Vulnerability Existed: no
No security vulnerability found
File: testing/web-platform/tests/html/canvas/offscreen/compositing/2d.composite.uncovered.fill.source-out.worker.js
Lines: 23
Old Code:
```
_assertPixelApprox(offscreenCanvas, 50,25, 0,0,0,0, "50,25", "0,0,0,0", 5);
```
Fixed Code:
```
_assertPixelApprox(canvas, 50,25, 0,0,0,0, "50,25", "0,0,0,0", 5);
```
The changes simply rename the variable `offscreenCanvas` to `canvas` for consistency or readability, without any security implications. No actual functionality or security-related behavior was modified.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/xpcom/rust/nserror/src/lib.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/xpcom/rust/nserror/src/lib.rs@@ -73,7 +73,7 @@ } mod error_list {- include!(concat!(env!("MOZ_TOPOBJDIR"), "/xpcom/base/error_list.rs"));+ include!(mozbuild::objdir_path!("xpcom/base/error_list.rs")); } pub use error_list::*;
Let me analyze the code diff for potential security vulnerabilities.
Vulnerability Existed: not sure
[Potential Path Traversal or Build System Dependency Vulnerability] [xpcom/rust/nserror/src/lib.rs] [Lines 73]
[Old Code]
include!(concat!(env!("MOZ_TOPOBJDIR"), "/xpcom/base/error_list.rs"));
[Fixed Code]
include!(mozbuild::objdir_path!("xpcom/base/error_list.rs"));
Additional Details:
- The change replaces a direct environment variable concatenation with a more controlled build system macro
- The old method could potentially be vulnerable if MOZ_TOPOBJDIR was controlled by an attacker
- The new method uses a build system-provided path resolution which is likely more secure
- However, without more context about the build system implementation, I can't be certain if this was actually fixing a security issue or just improving code quality
The change appears to be hardening against potential path manipulation attacks, but I can't confirm if this was an actual vulnerability that was being exploited.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/2d.canvas.reference.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/2d.canvas.reference.html@@ -17,10 +17,10 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d');-_assertSame(ctx.canvas, offscreenCanvas, "ctx.canvas", "offscreenCanvas");+_assertSame(ctx.canvas, canvas, "ctx.canvas", "canvas"); t.done(); });
After analyzing the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely cosmetic/refactoring changes where variable names were updated for consistency. Here's the analysis:
Vulnerability Existed: no
No security vulnerability found [File: testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/2d.canvas.reference.html] [Lines: 17-23]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertSame(ctx.canvas, offscreenCanvas, "ctx.canvas", "offscreenCanvas");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertSame(ctx.canvas, canvas, "ctx.canvas", "canvas");
The changes only involve:
1. Renaming the variable `offscreenCanvas` to `canvas`
2. Updating the assertion message accordingly
No security implications or vulnerabilities are addressed in this diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/gfx/gl/AndroidSurfaceTexture.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/gfx/gl/AndroidSurfaceTexture.cpp@@ -9,6 +9,8 @@ #include "GLContextEGL.h" #include "GLBlitHelper.h" #include "GLImages.h"+#include "mozilla/gfx/Logging.h"+#include "mozilla/layers/LayersSurfaces.h" #ifdef MOZ_WIDGET_ANDROID # include "mozilla/java/GeckoSurfaceTextureNatives.h"@@ -51,23 +53,24 @@ } }- void Blit(layers::SurfaceTextureImage* img, const gfx::IntSize& imageSize) {+#ifdef MOZ_WIDGET_ANDROID+ void Blit(const java::GeckoSurfaceTexture::Ref& surfaceTexture,+ const gfx::IntSize& imageSize) { StaticMutexAutoLock lock(sMutex); MOZ_ASSERT(sContext); // Setting overide also makes conext and surface current. sContext->SetEGLSurfaceOverride(mTargetSurface);-#ifdef MOZ_WIDGET_ANDROID- sContext->BlitHelper()->BlitImage(img, imageSize, OriginPos::BottomLeft);-#else- MOZ_CRASH("bad platform");-#endif+ DebugOnly<bool> rv = sContext->BlitHelper()->Blit(surfaceTexture, imageSize,+ OriginPos::TopLeft);+ MOZ_ASSERT(rv); sContext->SwapBuffers(); // This method is called through binder IPC and could run on any thread in // the pool. Release the context and surface from this thread after use so // they can be bound to another thread later. UnmakeCurrent(sContext); }+#endif private: static already_AddRefed<GLContextEGL> CreateContextImpl(bool aUseGles) {@@ -173,9 +176,9 @@ mSize(width, height) {} void Blit() {- RefPtr<layers::SurfaceTextureImage> img = new layers::SurfaceTextureImage(- mSourceTextureHandle, mSize, false, OriginPos::TopLeft);- mGl->Blit(img, mSize);+ auto surfaceTexture =+ java::GeckoSurfaceTexture::Lookup(mSourceTextureHandle);+ mGl->Blit(surfaceTexture, mSize); } private:
Here's the analysis of the provided code diff following the specified format:
1. Vulnerability Existed: not sure
[Potential Thread Safety Issue] [gfx/gl/AndroidSurfaceTexture.cpp] [Lines 51-73]
[Old Code]
void Blit(layers::SurfaceTextureImage* img, const gfx::IntSize& imageSize) {
StaticMutexAutoLock lock(sMutex);
MOZ_ASSERT(sContext);
sContext->SetEGLSurfaceOverride(mTargetSurface);
#ifdef MOZ_WIDGET_ANDROID
sContext->BlitHelper()->BlitImage(img, imageSize, OriginPos::BottomLeft);
#else
MOZ_CRASH("bad platform");
#endif
sContext->SwapBuffers();
UnmakeCurrent(sContext);
}
[Fixed Code]
#ifdef MOZ_WIDGET_ANDROID
void Blit(const java::GeckoSurfaceTexture::Ref& surfaceTexture,
const gfx::IntSize& imageSize) {
StaticMutexAutoLock lock(sMutex);
MOZ_ASSERT(sContext);
sContext->SetEGLSurfaceOverride(mTargetSurface);
DebugOnly<bool> rv = sContext->BlitHelper()->Blit(surfaceTexture, imageSize,
OriginPos::TopLeft);
MOZ_ASSERT(rv);
sContext->SwapBuffers();
UnmakeCurrent(sContext);
}
#endif
Additional Details: The change adds thread safety improvements by using a mutex lock and better handles the Android-specific code with proper preprocessor directives. The origin position was also changed from BottomLeft to TopLeft, which might affect rendering but isn't clearly a security fix.
2. Vulnerability Existed: not sure
[Potential Resource Handling Improvement] [gfx/gl/AndroidSurfaceTexture.cpp] [Lines 173-179]
[Old Code]
void Blit() {
RefPtr<layers::SurfaceTextureImage> img = new layers::SurfaceTextureImage(
mSourceTextureHandle, mSize, false, OriginPos::TopLeft);
mGl->Blit(img, mSize);
}
[Fixed Code]
void Blit() {
auto surfaceTexture =
java::GeckoSurfaceTexture::Lookup(mSourceTextureHandle);
mGl->Blit(surfaceTexture, mSize);
}
Additional Details: The change replaces the direct creation of SurfaceTextureImage with a lookup of GeckoSurfaceTexture, which might be more secure but isn't clearly fixing a specific vulnerability.
Note: While there are clear improvements in the code, I couldn't identify any specific, named vulnerabilities being fixed. The changes appear to be more about code quality, thread safety, and proper resource handling rather than patching known security vulnerabilities.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/crossbeam-channel/.cargo-checksum.json+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/crossbeam-channel/.cargo-checksum.json@@ -1 +1 @@-{"files":{"CHANGELOG.md":"74ac49b84461217698d4430f81b1cdcba0595bc4e57216ffc52b8296ac44cd41","Cargo.lock":"7956079bcac40cc40c894f0260266365ecdb1c01c48636ae4c4080977603e7b8","Cargo.toml":"6a7acaffaa30dab2b5ea1f5ab86b20bc97370314ed03472288745b3b969786dc","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"5734ed989dfca1f625b40281ee9f4530f91b2411ec01cb748223e7eb87e201ab","LICENSE-THIRD-PARTY":"b16db96b93b1d7cf7bea533f572091ec6bca3234fbe0a83038be772ff391a44c","README.md":"415a71d4978cfd338a6ae1f1b41284652eccd277a815542c304647dc437a8274","benches/crossbeam.rs":"f5720508d3458f2451271b9887f7557823304bd38288c928b0d6aa1f459865e5","examples/fibonacci.rs":"6a26ecd74c7493d2c93f4280c0804afc19adc612b77b3d9fea433119ff472a44","examples/matching.rs":"63c250e164607a7a9f643d46f107bb5da846d49e89cf9069909562d20e530f71","examples/stopwatch.rs":"f9a00477b41823199e4af06bddeb0c6cfd22e272340eec1b98b333fc59ee6a1f","src/channel.rs":"a9baaad2f414c38cd324a60ac9375ca58462ce6662217683648e9b66cec43a8c","src/context.rs":"ad24cabfc50dd5e6ae84aa46a0246da12da1f1a6fa19043244ad25136075c6ca","src/counter.rs":"c49a9f44587888850edeb62f7c8ecd1acecb39c836834254ff3ac934c478440a","src/err.rs":"fdbde7279a1e74973e5c7d3e835a97836229a357fe465c0ba1a37f2a012d1bef","src/flavors/array.rs":"c125146771265058ac320226456b1e21667e93649531a3d20157f71cd715881d","src/flavors/at.rs":"65bf870b3ddb14738256706b0276f2656ad1fe9cd8eb91737489868edd088e92","src/flavors/list.rs":"50dbe59616c39b5aa184470023ce0cfb1cb0dbd92e1577375d299446981527c0","src/flavors/mod.rs":"3d9d43bc38b0adb18c96c995c2bd3421d8e33ab6c30b20c3c467d21d48e485dc","src/flavors/never.rs":"0e7921922d00c711552fb063c63c78192fa6ddc0762fb81c1713b847495ec39a","src/flavors/tick.rs":"38a479b9f4a72a5ccb9c407a1e7b44d36b6ad0f4e214e39266b12b9564c803dc","src/flavors/zero.rs":"1bda0c5483b04d53f36f9f4a6fe6f87b69f698068771e637e224c09400c6ce83","src/lib.rs":"3a65706d4124844ffc4c8cb1f8cc779631ec94f449f85cbb68364ad3619404f1","src/select.rs":"4eb4b1988c5dffff3e3d2138d14a1b86613bf62b78c45a5c70f65aaee92c11bb","src/select_macro.rs":"96bc9acb9a22588a4e733b0ab0761ad2be9a6b3e03744e8fc9c6de9ae433b696","src/utils.rs":"746fe315d6cfc832e3dda35e5055c0fd5c99907f1303b2ea7eacc4e37c8527e1","src/waker.rs":"9058cc441d467539c439ef88f0be1a187bf122d26fc116ce3e3a0265a693761f","tests/after.rs":"324c7d773f72bef62d150171f74ba7b7ac1b06f6030b3d4d2b1a35d211956b21","tests/array.rs":"574bff53aff0b0a8c365bf3f9ad77bb64675df9e6e0714be9c16eeeeac22e4d5","tests/golang.rs":"ec03806945fecd381cfce0634e2d776741423589c92e1bd4d8a431ac20f5d2d0","tests/iter.rs":"7563dc7fdf4c63e31dd74ee3fedecdd3aed490f7ef599b98f6f75f929cf79edb","tests/list.rs":"cc2971e69fd7f6a94b5463c9d4e9079df7955b37552e16dd66f4c6e65db60d96","tests/mpsc.rs":"0c4c6b056f5cec77ca19eca45f99b083632700a4b67133e88071a1d22a61d6fe","tests/never.rs":"665441a9fb004f7cd44047619637ebe6766cf2faf58e68e6481397bbfc682e11","tests/ready.rs":"eae3d7f16e817e63f3a6ceda062fece3de5e11c7a9631b32b02f23396a9d59c1","tests/same_channel.rs":"2bab761443671e841e1b2476bd8082d75533a2f6be7946f5dbcee67cdc82dccb","tests/select.rs":"3603f450b23f5e0d1e4014a167a9b23ab149b5f418c8b89636f1c02c90501569","tests/select_macro.rs":"00dd7963f79b96abf30851fdab29e86c8424b502a8a7d34abf4bc1714f493ecf","tests/thread_locals.rs":"3611db5502e6af0a8d15187d09fd195381819795544208b946e9f99b04579a81","tests/tick.rs":"dc4a7d3c8dd888ce135fe8a8c67f5dc8b5ab0c3fa57a48459f96d51fa0f1e6d5","tests/zero.rs":"0ff0587cc74569bfe389e0c619217799a960a0dfc5e6354603c88e6eea1b79a1"},"package":"06ed27e177f16d65f0f0c22a213e17c696ace5dd64b14258b52f9417ccb52db4"}+{"files":{"CHANGELOG.md":"e70d1a5fa6697a8b24e193e3934975317df12279c167b90fcb9616291792197c","Cargo.lock":"0f4e59f28bdd52c4781d102fc7d1f16d1ea417aaec0a4846432444a4019b2537","Cargo.toml":"c8334f658b699a1a0e25d997d752a9493a627f9ddcb7aab739c7319ea583882f","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"5734ed989dfca1f625b40281ee9f4530f91b2411ec01cb748223e7eb87e201ab","LICENSE-THIRD-PARTY":"b16db96b93b1d7cf7bea533f572091ec6bca3234fbe0a83038be772ff391a44c","README.md":"415a71d4978cfd338a6ae1f1b41284652eccd277a815542c304647dc437a8274","benches/crossbeam.rs":"96cb1abd23cac3ef8a7174a802e94609926b555bb02c9658c78723d433f1dd92","examples/fibonacci.rs":"4e88fa40048cdc31e9c7bb60347d46f92543d7ddf39cab3b52bfe44affdb6a02","examples/matching.rs":"63c250e164607a7a9f643d46f107bb5da846d49e89cf9069909562d20e530f71","examples/stopwatch.rs":"d02121258f08d56f1eb7997e19bcb9bacb6836cfa0abbba90a9e59d8a50ae5cf","src/channel.rs":"a9baaad2f414c38cd324a60ac9375ca58462ce6662217683648e9b66cec43a8c","src/context.rs":"ff4d39639ddf16aaab582d4a5f3d10ef2c71afe1abbf4e60f3d9d2ddbd72c230","src/counter.rs":"c49a9f44587888850edeb62f7c8ecd1acecb39c836834254ff3ac934c478440a","src/err.rs":"fdbde7279a1e74973e5c7d3e835a97836229a357fe465c0ba1a37f2a012d1bef","src/flavors/array.rs":"853c2ad068f912cfb49877bcd41e241f34b25026b709bf0629523f19952e3adc","src/flavors/at.rs":"65bf870b3ddb14738256706b0276f2656ad1fe9cd8eb91737489868edd088e92","src/flavors/list.rs":"50dbe59616c39b5aa184470023ce0cfb1cb0dbd92e1577375d299446981527c0","src/flavors/mod.rs":"3d9d43bc38b0adb18c96c995c2bd3421d8e33ab6c30b20c3c467d21d48e485dc","src/flavors/never.rs":"0e7921922d00c711552fb063c63c78192fa6ddc0762fb81c1713b847495ec39a","src/flavors/tick.rs":"38a479b9f4a72a5ccb9c407a1e7b44d36b6ad0f4e214e39266b12b9564c803dc","src/flavors/zero.rs":"012a53f56b86df22ce49866da95e5f457fb99a18a098f0f64779c6d1cdd7092f","src/lib.rs":"3a65706d4124844ffc4c8cb1f8cc779631ec94f449f85cbb68364ad3619404f1","src/select.rs":"66eb10a6cbdf8dd0869f2a7cac9992fdaee36c9e2a01d708d39d7c794572935b","src/select_macro.rs":"96bc9acb9a22588a4e733b0ab0761ad2be9a6b3e03744e8fc9c6de9ae433b696","src/utils.rs":"746fe315d6cfc832e3dda35e5055c0fd5c99907f1303b2ea7eacc4e37c8527e1","src/waker.rs":"591ee70bf62ccad5aa2fac7b92d444183b02790a79c024f016c78de2396d08a3","tests/after.rs":"0154a8e152880db17a20514ecdd49dabc361d3629858d119b9746b5e932c780c","tests/array.rs":"e5f25e8991863a9a86d61a66be646d04feae527f35b1697fd215b97af4383736","tests/golang.rs":"dc85669c9c4e902b1bb263d00f5cb6f9ecb6d42b19fe53425b55ce97c887da49","tests/iter.rs":"25dc02135bbae9d47a30f9047661648e66bdc134e40ba78bc2fbacbb8b3819bc","tests/list.rs":"de865ef097f3bcb35c1c814554e6108fed43b3dbb1533c8bbcf8688cceb6b6ab","tests/mpsc.rs":"401aa3c6923815058881ddce98070df68ebab283913c89c007436bb8af7ca0ea","tests/never.rs":"ee40c4fc4dd5af4983fae8de6927f52b81174d222c162f745b26c4a6c7108e4f","tests/ready.rs":"d349702f123925a0781b48d677e6dcf64fc5d1fc788a7bf1e151a3d57e81871c","tests/same_channel.rs":"2bab761443671e841e1b2476bd8082d75533a2f6be7946f5dbcee67cdc82dccb","tests/select.rs":"d20259a45f387cbce80c2c876ae81ea3883f36ea01c5151c159d58c362f6ba07","tests/select_macro.rs":"d3af2dc98e0dd03dc4ffab464b8ccb2f8b7504e8bb830948a04c015b92f0b296","tests/thread_locals.rs":"a1ce59e2aff69161621c0cb215eb6ea238088c06a31a8507a74cf179fd5a4299","tests/tick.rs":"5f697bd14c48505d932e82065b5302ef668e1cc19cac18e8ac22e0c83c221c1d","tests/zero.rs":"afbd838001d4196daddf17133e60ccea31529cc48ee01e245ac0d6366d1e30b9"},"package":"e54ea8bc3fb1ee042f5aace6e3c6e025d3874866da222930f70ce62aceba0bfa"}=========testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.bezierCurveTo.basic.html========--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.bezierCurveTo.basic.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.bezierCurveTo.basic.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -28,7 +28,7 @@ ctx.moveTo(0, 25); ctx.bezierCurveTo(100, 25, 100, 25, 100, 25); ctx.stroke();-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
Based on the provided code diff, I'll analyze it for security vulnerabilities:
1. First diff (crossbeam-channel/.cargo-checksum.json):
Vulnerability Existed: no
This is just a checksum file update showing different hash values for files in the package. There are no code changes that would indicate security fixes.
2. Second diff (2d.path.bezierCurveTo.basic.html):
Vulnerability Existed: no
The changes are purely variable renaming (offscreenCanvas → canvas) and don't affect functionality or security. This appears to be a code style/readability change rather than a security fix.
No security vulnerabilities were identified in these changes. The modifications are either:
1. Package metadata updates (checksums)
2. Variable naming improvements in test code
Both changes are benign from a security perspective.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/js/src/jit/mips-shared/AtomicOperations-mips-shared.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/js/src/jit/mips-shared/AtomicOperations-mips-shared.h@@ -60,15 +60,6 @@ } // namespace jit } // namespace js--inline bool js::jit::AtomicOperations::Initialize() {- // Nothing- return true;-}--inline void js::jit::AtomicOperations::ShutDown() {- // Nothing-} inline bool js::jit::AtomicOperations::hasAtomic8() { return true; }
Analyzing the provided code diff, here's the security assessment:
1. Vulnerability Existed: not sure
[Potential Dead Code/Unused Initialization] [js/src/jit/mips-shared/AtomicOperations-mips-shared.h] [Lines 60-68]
[Old Code]
inline bool js::jit::AtomicOperations::Initialize() {
// Nothing
return true;
}
inline void js::jit::AtomicOperations::ShutDown() {
// Nothing
}
[Fixed Code]
[Removed entirely]
Additional Details:
- The diff shows removal of two empty initialization/shutdown functions for atomic operations.
- While this doesn't appear to be a direct security vulnerability, removing unused initialization code could potentially eliminate:
1. Future misuse possibilities if these functions were to be called improperly
2. Maintenance burden of keeping unused code
3. Potential confusion about whether initialization is actually needed
- Without more context about how these functions were used (or not used) in the codebase, we can't definitively say this was a security fix, but it's a good code hygiene improvement.
No other obvious security vulnerabilities are apparent in this small diff. The change appears to be primarily about code cleanup rather than addressing a specific security issue.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/serde_yaml/tests/test_error.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/serde_yaml/tests/test_error.rs@@ -24,6 +24,7 @@ fn test_incorrect_nested_type() { #[derive(Deserialize, Debug)] struct A {+ #[allow(dead_code)] b: Vec<B>, } #[derive(Deserialize, Debug)]@@ -32,6 +33,7 @@ } #[derive(Deserialize, Debug)] struct C {+ #[allow(dead_code)] d: bool, } let yaml = indoc! {"@@ -55,7 +57,9 @@ fn test_missing_field() { #[derive(Deserialize, Debug)] struct Basic {+ #[allow(dead_code)] v: bool,+ #[allow(dead_code)] w: bool, } let yaml = indoc! {"@@ -80,6 +84,7 @@ fn test_ignored_unknown_anchor() { #[derive(Deserialize, Debug)] struct Wrapper {+ #[allow(dead_code)] c: (), } let yaml = indoc! {"@@ -220,6 +225,7 @@ fn test_invalid_scalar_type() { #[derive(Deserialize, Debug)] struct S {+ #[allow(dead_code)] x: [(); 1], }@@ -232,6 +238,7 @@ fn test_infinite_recursion_objects() { #[derive(Deserialize, Debug)] struct S {+ #[allow(dead_code)] x: Option<Box<S>>, }@@ -244,6 +251,7 @@ fn test_infinite_recursion_arrays() { #[derive(Deserialize, Debug)] struct S {+ #[allow(dead_code)] x: Option<Box<S>>, }@@ -256,6 +264,7 @@ fn test_finite_recursion_objects() { #[derive(Deserialize, Debug)] struct S {+ #[allow(dead_code)] x: Option<Box<S>>, }@@ -268,6 +277,7 @@ fn test_finite_recursion_arrays() { #[derive(Deserialize, Debug)] struct S {+ #[allow(dead_code)] x: Option<Box<S>>, }
After analyzing the provided code diff, I can identify that these changes are primarily related to adding `#[allow(dead_code)]` attributes to struct fields in test cases. These changes don't appear to address any security vulnerabilities but rather suppress compiler warnings about unused fields in test code. Here's the analysis following your requested format: 1. Vulnerability Existed: no No Security Vulnerability Found [third_party/rust/serde_yaml/tests/test_error.rs] [Various lines] [Old Code without #[allow(dead_code)] attributes] [Fixed Code with #[allow(dead_code)] attributes] Additional notes: - The changes are purely related to test code quality/maintenance - The attributes are added to prevent compiler warnings about unused struct fields in test cases - No actual security-related fixes or vulnerability mitigations are present in this diff - The changes span multiple test cases but follow the same pattern throughout the file The diff shows no evidence of any security vulnerabilities being fixed - it's purely a code quality/maintenance change to silence compiler warnings in test code.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/base/DocGroup.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/base/DocGroup.cpp@@ -203,7 +203,7 @@ const nsACString& aKey) : mKey(aKey), mBrowsingContextGroup(aBrowsingContextGroup),- mAgentClusterId(nsContentUtils::GenerateUUID()) {+ mAgentClusterId(nsID::GenerateUUID()) { // This method does not add itself to // mBrowsingContextGroup->mDocGroups as the caller does it for us. MOZ_ASSERT(NS_IsMainThread());
Here's the analysis of the provided code diff: Vulnerability Existed: not sure Potential UUID Generation Vulnerability [File] dom/base/DocGroup.cpp [Lines] 203 [Old Code] `mAgentClusterId(nsContentUtils::GenerateUUID())` [Fixed Code] `mAgentClusterId(nsID::GenerateUUID())` Additional Details: The change switches from using `nsContentUtils::GenerateUUID()` to `nsID::GenerateUUID()` for generating the agent cluster ID. While this isn't clearly a security fix (it might be a refactoring or consistency improvement), there could be security implications if: 1. The old method had weaknesses in its UUID generation that could lead to predictable or colliding IDs 2. The new method provides better cryptographic guarantees Without more context about both implementations, I can't be certain this is a security fix, but UUID generation methods can sometimes have security implications.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/ash/src/vk/extensions.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/ash/src/vk/extensions.rs@@ -6,7 +6,7 @@ use std::os::raw::*; impl KhrSurfaceFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_KHR_surface\0").expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_KHR_surface\0") } } pub const SPEC_VERSION: u32 = 25u32; }@@ -59,7 +59,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- KhrSurfaceFn {+ Self { destroy_surface_khr: unsafe { unsafe extern "system" fn destroy_surface_khr( _instance: Instance,@@ -235,21 +235,17 @@ } } #[doc = "Generated from 'VK_KHR_surface'"]-impl Result {- pub const ERROR_SURFACE_LOST_KHR: Self = Self(-1000000000);+impl ObjectType {+ pub const SURFACE_KHR: Self = Self(1_000_000_000); } #[doc = "Generated from 'VK_KHR_surface'"] impl Result {- pub const ERROR_NATIVE_WINDOW_IN_USE_KHR: Self = Self(-1000000001);-}-#[doc = "Generated from 'VK_KHR_surface'"]-impl ObjectType {- pub const SURFACE_KHR: Self = Self(1_000_000_000);+ pub const ERROR_SURFACE_LOST_KHR: Self = Self(-1_000_000_000);+ pub const ERROR_NATIVE_WINDOW_IN_USE_KHR: Self = Self(-1_000_000_001); } impl KhrSwapchainFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_KHR_swapchain\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_KHR_swapchain\0") } } pub const SPEC_VERSION: u32 = 70u32; }@@ -328,7 +324,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- KhrSwapchainFn {+ Self { create_swapchain_khr: unsafe { unsafe extern "system" fn create_swapchain_khr( _device: Device,@@ -611,64 +607,39 @@ } } #[doc = "Generated from 'VK_KHR_swapchain'"]-impl StructureType {- pub const SWAPCHAIN_CREATE_INFO_KHR: Self = Self(1_000_001_000);-}-#[doc = "Generated from 'VK_KHR_swapchain'"]-impl StructureType {- pub const PRESENT_INFO_KHR: Self = Self(1_000_001_001);-}-#[doc = "Generated from 'VK_KHR_swapchain'"] impl ImageLayout { pub const PRESENT_SRC_KHR: Self = Self(1_000_001_002);+}+#[doc = "Generated from 'VK_KHR_swapchain'"]+impl ObjectType {+ pub const SWAPCHAIN_KHR: Self = Self(1_000_001_000); } #[doc = "Generated from 'VK_KHR_swapchain'"] impl Result { pub const SUBOPTIMAL_KHR: Self = Self(1_000_001_003);-}-#[doc = "Generated from 'VK_KHR_swapchain'"]-impl Result {- pub const ERROR_OUT_OF_DATE_KHR: Self = Self(-1000001004);-}-#[doc = "Generated from 'VK_KHR_swapchain'"]-impl ObjectType {- pub const SWAPCHAIN_KHR: Self = Self(1_000_001_000);+ pub const ERROR_OUT_OF_DATE_KHR: Self = Self(-1_000_001_004); } #[doc = "Generated from 'VK_KHR_swapchain'"] impl StructureType {+ pub const SWAPCHAIN_CREATE_INFO_KHR: Self = Self(1_000_001_000);+ pub const PRESENT_INFO_KHR: Self = Self(1_000_001_001); pub const DEVICE_GROUP_PRESENT_CAPABILITIES_KHR: Self = Self(1_000_060_007);-}-#[doc = "Generated from 'VK_KHR_swapchain'"]-impl StructureType { pub const IMAGE_SWAPCHAIN_CREATE_INFO_KHR: Self = Self(1_000_060_008);-}-#[doc = "Generated from 'VK_KHR_swapchain'"]-impl StructureType { pub const BIND_IMAGE_MEMORY_SWAPCHAIN_INFO_KHR: Self = Self(1_000_060_009);-}-#[doc = "Generated from 'VK_KHR_swapchain'"]-impl StructureType { pub const ACQUIRE_NEXT_IMAGE_INFO_KHR: Self = Self(1_000_060_010);-}-#[doc = "Generated from 'VK_KHR_swapchain'"]-impl StructureType { pub const DEVICE_GROUP_PRESENT_INFO_KHR: Self = Self(1_000_060_011);-}-#[doc = "Generated from 'VK_KHR_swapchain'"]-impl StructureType { pub const DEVICE_GROUP_SWAPCHAIN_CREATE_INFO_KHR: Self = Self(1_000_060_012); } #[doc = "Generated from 'VK_KHR_swapchain'"] impl SwapchainCreateFlagsKHR {+ #[doc = "Allow images with VK_IMAGE_CREATE_SPLIT_INSTANCE_BIND_REGIONS_BIT"] pub const SPLIT_INSTANCE_BIND_REGIONS: Self = Self(0b1);-}-#[doc = "Generated from 'VK_KHR_swapchain'"]-impl SwapchainCreateFlagsKHR {+ #[doc = "Swapchain is protected"] pub const PROTECTED: Self = Self(0b10); } impl KhrDisplayFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_KHR_display\0").expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_KHR_display\0") } } pub const SPEC_VERSION: u32 = 23u32; }@@ -738,7 +709,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- KhrDisplayFn {+ Self { get_physical_device_display_properties_khr: unsafe { unsafe extern "system" fn get_physical_device_display_properties_khr( _physical_device: PhysicalDevice,@@ -987,25 +958,18 @@ } } #[doc = "Generated from 'VK_KHR_display'"]+impl ObjectType {+ pub const DISPLAY_KHR: Self = Self(1_000_002_000);+ pub const DISPLAY_MODE_KHR: Self = Self(1_000_002_001);+}+#[doc = "Generated from 'VK_KHR_display'"] impl StructureType { pub const DISPLAY_MODE_CREATE_INFO_KHR: Self = Self(1_000_002_000);-}-#[doc = "Generated from 'VK_KHR_display'"]-impl StructureType { pub const DISPLAY_SURFACE_CREATE_INFO_KHR: Self = Self(1_000_002_001); }-#[doc = "Generated from 'VK_KHR_display'"]-impl ObjectType {- pub const DISPLAY_KHR: Self = Self(1_000_002_000);-}-#[doc = "Generated from 'VK_KHR_display'"]-impl ObjectType {- pub const DISPLAY_MODE_KHR: Self = Self(1_000_002_001);-} impl KhrDisplaySwapchainFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_KHR_display_swapchain\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_KHR_display_swapchain\0") } } pub const SPEC_VERSION: u32 = 10u32; }@@ -1028,7 +992,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- KhrDisplaySwapchainFn {+ Self { create_shared_swapchains_khr: unsafe { unsafe extern "system" fn create_shared_swapchains_khr( _device: Device,@@ -1073,17 +1037,16 @@ } } #[doc = "Generated from 'VK_KHR_display_swapchain'"]+impl Result {+ pub const ERROR_INCOMPATIBLE_DISPLAY_KHR: Self = Self(-1_000_003_001);+}+#[doc = "Generated from 'VK_KHR_display_swapchain'"] impl StructureType { pub const DISPLAY_PRESENT_INFO_KHR: Self = Self(1_000_003_000); }-#[doc = "Generated from 'VK_KHR_display_swapchain'"]-impl Result {- pub const ERROR_INCOMPATIBLE_DISPLAY_KHR: Self = Self(-1000003001);-} impl KhrXlibSurfaceFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_KHR_xlib_surface\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_KHR_xlib_surface\0") } } pub const SPEC_VERSION: u32 = 6u32; }@@ -1114,7 +1077,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- KhrXlibSurfaceFn {+ Self { create_xlib_surface_khr: unsafe { unsafe extern "system" fn create_xlib_surface_khr( _instance: Instance,@@ -1192,8 +1155,7 @@ } impl KhrXcbSurfaceFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_KHR_xcb_surface\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_KHR_xcb_surface\0") } } pub const SPEC_VERSION: u32 = 6u32; }@@ -1224,7 +1186,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- KhrXcbSurfaceFn {+ Self { create_xcb_surface_khr: unsafe { unsafe extern "system" fn create_xcb_surface_khr( _instance: Instance,@@ -1302,8 +1264,7 @@ } impl KhrWaylandSurfaceFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_KHR_wayland_surface\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_KHR_wayland_surface\0") } } pub const SPEC_VERSION: u32 = 6u32; }@@ -1334,7 +1295,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- KhrWaylandSurfaceFn {+ Self { create_wayland_surface_khr: unsafe { unsafe extern "system" fn create_wayland_surface_khr( _instance: Instance,@@ -1409,8 +1370,7 @@ } impl KhrMirSurfaceFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_KHR_mir_surface\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_KHR_mir_surface\0") } } pub const SPEC_VERSION: u32 = 4u32; }@@ -1423,13 +1383,12 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- KhrMirSurfaceFn {}+ Self {} } } impl KhrAndroidSurfaceFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_KHR_android_surface\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_KHR_android_surface\0") } } pub const SPEC_VERSION: u32 = 6u32; }@@ -1451,7 +1410,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- KhrAndroidSurfaceFn {+ Self { create_android_surface_khr: unsafe { unsafe extern "system" fn create_android_surface_khr( _instance: Instance,@@ -1492,8 +1451,7 @@ } impl KhrWin32SurfaceFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_KHR_win32_surface\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_KHR_win32_surface\0") } } pub const SPEC_VERSION: u32 = 6u32; }@@ -1520,7 +1478,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- KhrWin32SurfaceFn {+ Self { create_win32_surface_khr: unsafe { unsafe extern "system" fn create_win32_surface_khr( _instance: Instance,@@ -1592,8 +1550,7 @@ } impl AndroidNativeBufferFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_ANDROID_native_buffer\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_ANDROID_native_buffer\0") } } pub const SPEC_VERSION: u32 = 8u32; }@@ -1643,7 +1600,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- AndroidNativeBufferFn {+ Self { get_swapchain_gralloc_usage_android: unsafe { unsafe extern "system" fn get_swapchain_gralloc_usage_android( _device: Device,@@ -1798,19 +1755,12 @@ #[doc = "Generated from 'VK_ANDROID_native_buffer'"] impl StructureType { pub const NATIVE_BUFFER_ANDROID: Self = Self(1_000_010_000);-}-#[doc = "Generated from 'VK_ANDROID_native_buffer'"]-impl StructureType { pub const SWAPCHAIN_IMAGE_CREATE_INFO_ANDROID: Self = Self(1_000_010_001);-}-#[doc = "Generated from 'VK_ANDROID_native_buffer'"]-impl StructureType { pub const PHYSICAL_DEVICE_PRESENTATION_PROPERTIES_ANDROID: Self = Self(1_000_010_002); } impl ExtDebugReportFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_EXT_debug_report\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_EXT_debug_report\0") } } pub const SPEC_VERSION: u32 = 10u32; }@@ -1851,7 +1801,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- ExtDebugReportFn {+ Self { create_debug_report_callback_ext: unsafe { unsafe extern "system" fn create_debug_report_callback_ext( _instance: Instance,@@ -1966,33 +1916,25 @@ } } #[doc = "Generated from 'VK_EXT_debug_report'"]-impl StructureType {- pub const DEBUG_REPORT_CALLBACK_CREATE_INFO_EXT: Self = Self(1_000_011_000);-}-#[doc = "Generated from 'VK_EXT_debug_report'"]-impl StructureType {- pub const DEBUG_REPORT_CREATE_INFO_EXT: Self = Self::DEBUG_REPORT_CALLBACK_CREATE_INFO_EXT;-}-#[doc = "Generated from 'VK_EXT_debug_report'"]-impl Result {- pub const ERROR_VALIDATION_FAILED_EXT: Self = Self(-1000011001);+impl DebugReportObjectTypeEXT {+ pub const SAMPLER_YCBCR_CONVERSION: Self = Self(1_000_156_000);+ pub const DESCRIPTOR_UPDATE_TEMPLATE: Self = Self(1_000_085_000); } #[doc = "Generated from 'VK_EXT_debug_report'"] impl ObjectType { pub const DEBUG_REPORT_CALLBACK_EXT: Self = Self(1_000_011_000); } #[doc = "Generated from 'VK_EXT_debug_report'"]-impl DebugReportObjectTypeEXT {- pub const SAMPLER_YCBCR_CONVERSION: Self = Self(1_000_156_000);+impl Result {+ pub const ERROR_VALIDATION_FAILED_EXT: Self = Self(-1_000_011_001); } #[doc = "Generated from 'VK_EXT_debug_report'"]-impl DebugReportObjectTypeEXT {- pub const DESCRIPTOR_UPDATE_TEMPLATE: Self = Self(1_000_085_000);+impl StructureType {+ pub const DEBUG_REPORT_CALLBACK_CREATE_INFO_EXT: Self = Self(1_000_011_000); } impl NvGlslShaderFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_NV_glsl_shader\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_NV_glsl_shader\0") } } pub const SPEC_VERSION: u32 = 1u32; }@@ -2005,17 +1947,18 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- NvGlslShaderFn {}+ Self {} } } #[doc = "Generated from 'VK_NV_glsl_shader'"] impl Result {- pub const ERROR_INVALID_SHADER_NV: Self = Self(-1000012000);+ pub const ERROR_INVALID_SHADER_NV: Self = Self(-1_000_012_000); } impl ExtDepthRangeUnrestrictedFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_EXT_depth_range_unrestricted\0")- .expect("Wrong extension string")+ unsafe {+ ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_EXT_depth_range_unrestricted\0")+ } } pub const SPEC_VERSION: u32 = 1u32; }@@ -2028,13 +1971,16 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- ExtDepthRangeUnrestrictedFn {}+ Self {} } } impl KhrSamplerMirrorClampToEdgeFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_KHR_sampler_mirror_clamp_to_edge\0")- .expect("Wrong extension string")+ unsafe {+ ::std::ffi::CStr::from_bytes_with_nul_unchecked(+ b"VK_KHR_sampler_mirror_clamp_to_edge\0",+ )+ } } pub const SPEC_VERSION: u32 = 3u32; }@@ -2047,21 +1993,19 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- KhrSamplerMirrorClampToEdgeFn {}+ Self {} } } #[doc = "Generated from 'VK_KHR_sampler_mirror_clamp_to_edge'"] impl SamplerAddressMode {+ #[doc = "Note that this defines what was previously a core enum, and so uses the 'value' attribute rather than 'offset', and does not have a suffix. This is a special case, and should not be repeated"] pub const MIRROR_CLAMP_TO_EDGE: Self = Self(4);-}-#[doc = "Generated from 'VK_KHR_sampler_mirror_clamp_to_edge'"]-impl SamplerAddressMode {+ #[deprecated = "Alias introduced for consistency with extension suffixing rules"] pub const MIRROR_CLAMP_TO_EDGE_KHR: Self = Self::MIRROR_CLAMP_TO_EDGE; } impl ImgFilterCubicFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_IMG_filter_cubic\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_IMG_filter_cubic\0") } } pub const SPEC_VERSION: u32 = 1u32; }@@ -2074,7 +2018,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- ImgFilterCubicFn {}+ Self {} } } #[doc = "Generated from 'VK_IMG_filter_cubic'"]@@ -2083,12 +2027,12 @@ } #[doc = "Generated from 'VK_IMG_filter_cubic'"] impl FormatFeatureFlags {+ #[doc = "Format can be filtered with VK_FILTER_CUBIC_IMG when being sampled"] pub const SAMPLED_IMAGE_FILTER_CUBIC_IMG: Self = Self(0b10_0000_0000_0000); } impl AmdExtension17Fn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_AMD_extension_17\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_AMD_extension_17\0") } } pub const SPEC_VERSION: u32 = 0u32; }@@ -2101,13 +2045,12 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- AmdExtension17Fn {}+ Self {} } } impl AmdExtension18Fn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_AMD_extension_18\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_AMD_extension_18\0") } } pub const SPEC_VERSION: u32 = 0u32; }@@ -2120,13 +2063,12 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- AmdExtension18Fn {}+ Self {} } } impl AmdRasterizationOrderFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_AMD_rasterization_order\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_AMD_rasterization_order\0") } } pub const SPEC_VERSION: u32 = 1u32; }@@ -2139,7 +2081,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- AmdRasterizationOrderFn {}+ Self {} } } #[doc = "Generated from 'VK_AMD_rasterization_order'"]@@ -2148,8 +2090,7 @@ } impl AmdExtension20Fn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_AMD_extension_20\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_AMD_extension_20\0") } } pub const SPEC_VERSION: u32 = 0u32; }@@ -2162,13 +2103,14 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- AmdExtension20Fn {}+ Self {} } } impl AmdShaderTrinaryMinmaxFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_AMD_shader_trinary_minmax\0")- .expect("Wrong extension string")+ unsafe {+ ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_AMD_shader_trinary_minmax\0")+ } } pub const SPEC_VERSION: u32 = 1u32; }@@ -2181,13 +2123,16 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- AmdShaderTrinaryMinmaxFn {}+ Self {} } } impl AmdShaderExplicitVertexParameterFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_AMD_shader_explicit_vertex_parameter\0")- .expect("Wrong extension string")+ unsafe {+ ::std::ffi::CStr::from_bytes_with_nul_unchecked(+ b"VK_AMD_shader_explicit_vertex_parameter\0",+ )+ } } pub const SPEC_VERSION: u32 = 1u32; }@@ -2200,13 +2145,12 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- AmdShaderExplicitVertexParameterFn {}+ Self {} } } impl ExtDebugMarkerFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_EXT_debug_marker\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_EXT_debug_marker\0") } } pub const SPEC_VERSION: u32 = 4u32; }@@ -2247,7 +2191,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- ExtDebugMarkerFn {+ Self { debug_marker_set_object_tag_ext: unsafe { unsafe extern "system" fn debug_marker_set_object_tag_ext( _device: Device,@@ -2384,19 +2328,12 @@ #[doc = "Generated from 'VK_EXT_debug_marker'"] impl StructureType { pub const DEBUG_MARKER_OBJECT_NAME_INFO_EXT: Self = Self(1_000_022_000);-}-#[doc = "Generated from 'VK_EXT_debug_marker'"]-impl StructureType { pub const DEBUG_MARKER_OBJECT_TAG_INFO_EXT: Self = Self(1_000_022_001);-}-#[doc = "Generated from 'VK_EXT_debug_marker'"]-impl StructureType { pub const DEBUG_MARKER_MARKER_INFO_EXT: Self = Self(1_000_022_002); } impl KhrVideoQueueFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_KHR_video_queue\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_KHR_video_queue\0") } } pub const SPEC_VERSION: u32 = 2u32; }@@ -2497,7 +2434,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- KhrVideoQueueFn {+ Self { get_physical_device_video_capabilities_khr: unsafe { unsafe extern "system" fn get_physical_device_video_capabilities_khr( _physical_device: PhysicalDevice,@@ -2886,91 +2823,45 @@ } } #[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_PROFILE_KHR: Self = Self(1_000_023_000);+impl ObjectType {+ #[doc = "VkVideoSessionKHR"]+ pub const VIDEO_SESSION_KHR: Self = Self(1_000_023_000);+ #[doc = "VkVideoSessionParametersKHR"]+ pub const VIDEO_SESSION_PARAMETERS_KHR: Self = Self(1_000_023_001); } #[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_CAPABILITIES_KHR: Self = Self(1_000_023_001);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_PICTURE_RESOURCE_KHR: Self = Self(1_000_023_002);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_GET_MEMORY_PROPERTIES_KHR: Self = Self(1_000_023_003);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_BIND_MEMORY_KHR: Self = Self(1_000_023_004);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_SESSION_CREATE_INFO_KHR: Self = Self(1_000_023_005);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_SESSION_PARAMETERS_CREATE_INFO_KHR: Self = Self(1_000_023_006);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_SESSION_PARAMETERS_UPDATE_INFO_KHR: Self = Self(1_000_023_007);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_BEGIN_CODING_INFO_KHR: Self = Self(1_000_023_008);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_END_CODING_INFO_KHR: Self = Self(1_000_023_009);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_CODING_CONTROL_INFO_KHR: Self = Self(1_000_023_010);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_REFERENCE_SLOT_KHR: Self = Self(1_000_023_011);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_QUEUE_FAMILY_PROPERTIES_2_KHR: Self = Self(1_000_023_012);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_PROFILES_KHR: Self = Self(1_000_023_013);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const PHYSICAL_DEVICE_VIDEO_FORMAT_INFO_KHR: Self = Self(1_000_023_014);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl StructureType {- pub const VIDEO_FORMAT_PROPERTIES_KHR: Self = Self(1_000_023_015);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl ObjectType {- pub const VIDEO_SESSION_KHR: Self = Self(1_000_023_000);-}-#[doc = "Generated from 'VK_KHR_video_queue'"]-impl ObjectType {- pub const VIDEO_SESSION_PARAMETERS_KHR: Self = Self(1_000_023_001);+impl QueryResultFlags {+ pub const WITH_STATUS_KHR: Self = Self(0b1_0000); } #[doc = "Generated from 'VK_KHR_video_queue'"] impl QueryType { pub const RESULT_STATUS_ONLY_KHR: Self = Self(1_000_023_000); } #[doc = "Generated from 'VK_KHR_video_queue'"]-impl QueryResultFlags {- pub const WITH_STATUS_KHR: Self = Self(0b1_0000);+impl StructureType {+ pub const VIDEO_PROFILE_KHR: Self = Self(1_000_023_000);+ pub const VIDEO_CAPABILITIES_KHR: Self = Self(1_000_023_001);+ pub const VIDEO_PICTURE_RESOURCE_KHR: Self = Self(1_000_023_002);+ pub const VIDEO_GET_MEMORY_PROPERTIES_KHR: Self = Self(1_000_023_003);+ pub const VIDEO_BIND_MEMORY_KHR: Self = Self(1_000_023_004);+ pub const VIDEO_SESSION_CREATE_INFO_KHR: Self = Self(1_000_023_005);+ pub const VIDEO_SESSION_PARAMETERS_CREATE_INFO_KHR: Self = Self(1_000_023_006);+ pub const VIDEO_SESSION_PARAMETERS_UPDATE_INFO_KHR: Self = Self(1_000_023_007);+ pub const VIDEO_BEGIN_CODING_INFO_KHR: Self = Self(1_000_023_008);+ pub const VIDEO_END_CODING_INFO_KHR: Self = Self(1_000_023_009);+ pub const VIDEO_CODING_CONTROL_INFO_KHR: Self = Self(1_000_023_010);+ pub const VIDEO_REFERENCE_SLOT_KHR: Self = Self(1_000_023_011);+ pub const VIDEO_QUEUE_FAMILY_PROPERTIES_2_KHR: Self = Self(1_000_023_012);+ pub const VIDEO_PROFILES_KHR: Self = Self(1_000_023_013);+ pub const PHYSICAL_DEVICE_VIDEO_FORMAT_INFO_KHR: Self = Self(1_000_023_014);+ pub const VIDEO_FORMAT_PROPERTIES_KHR: Self = Self(1_000_023_015);+ pub const QUEUE_FAMILY_QUERY_RESULT_STATUS_PROPERTIES_2_KHR: Self = Self(1_000_023_016); } impl KhrVideoDecodeQueueFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_KHR_video_decode_queue\0")- .expect("Wrong extension string")- }- pub const SPEC_VERSION: u32 = 1u32;+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_KHR_video_decode_queue\0") }+ }+ pub const SPEC_VERSION: u32 = 2u32; } #[allow(non_camel_case_types)] pub type PFN_vkCmdDecodeVideoKHR = unsafe extern "system" fn(@@ -2988,7 +2879,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- KhrVideoDecodeQueueFn {+ Self { cmd_decode_video_khr: unsafe { unsafe extern "system" fn cmd_decode_video_khr( _command_buffer: CommandBuffer,@@ -3017,69 +2908,52 @@ } } #[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl StructureType {- pub const VIDEO_DECODE_INFO_KHR: Self = Self(1_000_024_000);+impl AccessFlags2KHR {+ pub const VIDEO_DECODE_READ: Self = Self(0b1000_0000_0000_0000_0000_0000_0000_0000_0000);+ pub const VIDEO_DECODE_WRITE: Self = Self(0b1_0000_0000_0000_0000_0000_0000_0000_0000_0000);+}+#[doc = "Generated from 'VK_KHR_video_decode_queue'"]+impl BufferUsageFlags {+ pub const VIDEO_DECODE_SRC_KHR: Self = Self(0b10_0000_0000_0000);+ pub const VIDEO_DECODE_DST_KHR: Self = Self(0b100_0000_0000_0000);+}+#[doc = "Generated from 'VK_KHR_video_decode_queue'"]+impl FormatFeatureFlags {+ pub const VIDEO_DECODE_OUTPUT_KHR: Self = Self(0b10_0000_0000_0000_0000_0000_0000);+ pub const VIDEO_DECODE_DPB_KHR: Self = Self(0b100_0000_0000_0000_0000_0000_0000);+}+#[doc = "Generated from 'VK_KHR_video_decode_queue'"]+impl FormatFeatureFlags2KHR {+ pub const VIDEO_DECODE_OUTPUT: Self = Self(0b10_0000_0000_0000_0000_0000_0000);+ pub const VIDEO_DECODE_DPB: Self = Self(0b100_0000_0000_0000_0000_0000_0000);+}+#[doc = "Generated from 'VK_KHR_video_decode_queue'"]+impl ImageLayout {+ pub const VIDEO_DECODE_DST_KHR: Self = Self(1_000_024_000);+ pub const VIDEO_DECODE_SRC_KHR: Self = Self(1_000_024_001);+ pub const VIDEO_DECODE_DPB_KHR: Self = Self(1_000_024_002);+}+#[doc = "Generated from 'VK_KHR_video_decode_queue'"]+impl ImageUsageFlags {+ pub const VIDEO_DECODE_DST_KHR: Self = Self(0b100_0000_0000);+ pub const VIDEO_DECODE_SRC_KHR: Self = Self(0b1000_0000_0000);+ pub const VIDEO_DECODE_DPB_KHR: Self = Self(0b1_0000_0000_0000);+}+#[doc = "Generated from 'VK_KHR_video_decode_queue'"]+impl PipelineStageFlags2KHR {+ pub const VIDEO_DECODE: Self = Self(0b100_0000_0000_0000_0000_0000_0000); } #[doc = "Generated from 'VK_KHR_video_decode_queue'"] impl QueueFlags { pub const VIDEO_DECODE_KHR: Self = Self(0b10_0000); } #[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl PipelineStageFlags2KHR {- pub const VIDEO_DECODE: Self = Self(0b100_0000_0000_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl AccessFlags2KHR {- pub const VIDEO_DECODE_READ: Self = Self(0b1000_0000_0000_0000_0000_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl AccessFlags2KHR {- pub const VIDEO_DECODE_WRITE: Self = Self(0b1_0000_0000_0000_0000_0000_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl BufferUsageFlags {- pub const VIDEO_DECODE_SRC_KHR: Self = Self(0b10_0000_0000_0000);-}-#[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl BufferUsageFlags {- pub const VIDEO_DECODE_DST_KHR: Self = Self(0b100_0000_0000_0000);-}-#[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl ImageUsageFlags {- pub const VIDEO_DECODE_DST_KHR: Self = Self(0b100_0000_0000);-}-#[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl ImageUsageFlags {- pub const VIDEO_DECODE_SRC_KHR: Self = Self(0b1000_0000_0000);-}-#[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl ImageUsageFlags {- pub const VIDEO_DECODE_DPB_KHR: Self = Self(0b1_0000_0000_0000);-}-#[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl FormatFeatureFlags {- pub const VIDEO_DECODE_OUTPUT_KHR: Self = Self(0b10_0000_0000_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl FormatFeatureFlags {- pub const VIDEO_DECODE_DPB_KHR: Self = Self(0b100_0000_0000_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl ImageLayout {- pub const VIDEO_DECODE_DST_KHR: Self = Self(1_000_024_000);-}-#[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl ImageLayout {- pub const VIDEO_DECODE_SRC_KHR: Self = Self(1_000_024_001);-}-#[doc = "Generated from 'VK_KHR_video_decode_queue'"]-impl ImageLayout {- pub const VIDEO_DECODE_DPB_KHR: Self = Self(1_000_024_002);+impl StructureType {+ pub const VIDEO_DECODE_INFO_KHR: Self = Self(1_000_024_000); } impl AmdGcnShaderFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_AMD_gcn_shader\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_AMD_gcn_shader\0") } } pub const SPEC_VERSION: u32 = 1u32; }@@ -3092,13 +2966,12 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- AmdGcnShaderFn {}+ Self {} } } impl NvDedicatedAllocationFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_NV_dedicated_allocation\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_NV_dedicated_allocation\0") } } pub const SPEC_VERSION: u32 = 1u32; }@@ -3111,25 +2984,18 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- NvDedicatedAllocationFn {}+ Self {} } } #[doc = "Generated from 'VK_NV_dedicated_allocation'"] impl StructureType { pub const DEDICATED_ALLOCATION_IMAGE_CREATE_INFO_NV: Self = Self(1_000_026_000);-}-#[doc = "Generated from 'VK_NV_dedicated_allocation'"]-impl StructureType { pub const DEDICATED_ALLOCATION_BUFFER_CREATE_INFO_NV: Self = Self(1_000_026_001);-}-#[doc = "Generated from 'VK_NV_dedicated_allocation'"]-impl StructureType { pub const DEDICATED_ALLOCATION_MEMORY_ALLOCATE_INFO_NV: Self = Self(1_000_026_002); } impl ExtExtension28Fn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_EXT_extension_28\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_EXT_extension_28\0") } } pub const SPEC_VERSION: u32 = 0u32; }@@ -3142,13 +3008,12 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- ExtExtension28Fn {}+ Self {} } } impl ExtTransformFeedbackFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_EXT_transform_feedback\0")- .expect("Wrong extension string")+ unsafe { ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"VK_EXT_transform_feedback\0") } } pub const SPEC_VERSION: u32 = 1u32; }@@ -3218,7 +3083,7 @@ where F: FnMut(&::std::ffi::CStr) -> *const c_void, {- ExtTransformFeedbackFn {+ Self { cmd_bind_transform_feedback_buffers_ext: unsafe { unsafe extern "system" fn cmd_bind_transform_feedback_buffers_ext( _command_buffer: CommandBuffer,@@ -3456,50 +3321,34 @@ } } #[doc = "Generated from 'VK_EXT_transform_feedback'"]-impl StructureType {- pub const PHYSICAL_DEVICE_TRANSFORM_FEEDBACK_FEATURES_EXT: Self = Self(1_000_028_000);+impl AccessFlags {+ pub const TRANSFORM_FEEDBACK_WRITE_EXT: Self = Self(0b10_0000_0000_0000_0000_0000_0000);+ pub const TRANSFORM_FEEDBACK_COUNTER_READ_EXT: Self = Self(0b100_0000_0000_0000_0000_0000_0000);+ pub const TRANSFORM_FEEDBACK_COUNTER_WRITE_EXT: Self =+ Self(0b1000_0000_0000_0000_0000_0000_0000); } #[doc = "Generated from 'VK_EXT_transform_feedback'"]-impl StructureType {- pub const PHYSICAL_DEVICE_TRANSFORM_FEEDBACK_PROPERTIES_EXT: Self = Self(1_000_028_001);+impl BufferUsageFlags {+ pub const TRANSFORM_FEEDBACK_BUFFER_EXT: Self = Self(0b1000_0000_0000);+ pub const TRANSFORM_FEEDBACK_COUNTER_BUFFER_EXT: Self = Self(0b1_0000_0000_0000); } #[doc = "Generated from 'VK_EXT_transform_feedback'"]-impl StructureType {- pub const PIPELINE_RASTERIZATION_STATE_STREAM_CREATE_INFO_EXT: Self = Self(1_000_028_002);+impl PipelineStageFlags {+ pub const TRANSFORM_FEEDBACK_EXT: Self = Self(0b1_0000_0000_0000_0000_0000_0000); } #[doc = "Generated from 'VK_EXT_transform_feedback'"] impl QueryType { pub const TRANSFORM_FEEDBACK_STREAM_EXT: Self = Self(1_000_028_004); } #[doc = "Generated from 'VK_EXT_transform_feedback'"]-impl BufferUsageFlags {- pub const TRANSFORM_FEEDBACK_BUFFER_EXT: Self = Self(0b1000_0000_0000);-}-#[doc = "Generated from 'VK_EXT_transform_feedback'"]-impl BufferUsageFlags {- pub const TRANSFORM_FEEDBACK_COUNTER_BUFFER_EXT: Self = Self(0b1_0000_0000_0000);-}-#[doc = "Generated from 'VK_EXT_transform_feedback'"]-impl AccessFlags {- pub const TRANSFORM_FEEDBACK_WRITE_EXT: Self = Self(0b10_0000_0000_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_EXT_transform_feedback'"]-impl AccessFlags {- pub const TRANSFORM_FEEDBACK_COUNTER_READ_EXT: Self = Self(0b100_0000_0000_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_EXT_transform_feedback'"]-impl AccessFlags {- pub const TRANSFORM_FEEDBACK_COUNTER_WRITE_EXT: Self =- Self(0b1000_0000_0000_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_EXT_transform_feedback'"]-impl PipelineStageFlags {- pub const TRANSFORM_FEEDBACK_EXT: Self = Self(0b1_0000_0000_0000_0000_0000_0000);+impl StructureType {+ pub const PHYSICAL_DEVICE_TRANSFORM_FEEDBACK_FEATURES_EXT: Self = Self(1_000_028_000);+ pub const PHYSICAL_DEVICE_TRANSFORM_FEEDBACK_PROPERTIES_EXT: Self = Self(1_000_028_001);+ pub const PIPELINE_RASTERIZATION_STATE_STREAM_CREATE_INFO_EXT: Self = Self(1_000_028_002); } impl NvxBinaryImportFn { pub fn name() -> &'static ::std::ffi::CStr {- ::std::ffi::CStr::from_bytes_with_nul(b"VK_NVX_binary_import\0")- .expect("Wrong extension string")
Error: {"error":{"message":"This model's maximum context length is 65536 tokens. However, you requested 134646 tokens (126454 in the messages, 8192 in the completion). Please reduce the length of the messages or completion.","type":"invalid_request_error","param":null,"code":"invalid_request_error"}}
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/tools/profiler/gecko/nsProfiler.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/tools/profiler/gecko/nsProfiler.cpp@@ -27,7 +27,6 @@ #include "nsIInterfaceRequestor.h" #include "nsIInterfaceRequestorUtils.h" #include "nsILoadContext.h"-#include "nsIObserverService.h" #include "nsIWebNavigation.h" #include "nsLocalFile.h" #include "nsMemory.h"@@ -45,65 +44,18 @@ using dom::Promise; using std::string;-NS_IMPL_ISUPPORTS(nsProfiler, nsIProfiler, nsIObserver)--nsProfiler::nsProfiler()- : mLockedForPrivateBrowsing(false),- mPendingProfiles(0),- mGathering(false) {}+NS_IMPL_ISUPPORTS(nsProfiler, nsIProfiler)++nsProfiler::nsProfiler() : mGathering(false) {} nsProfiler::~nsProfiler() {- nsCOMPtr<nsIObserverService> observerService =- mozilla::services::GetObserverService();- if (observerService) {- observerService->RemoveObserver(this, "chrome-document-global-created");- observerService->RemoveObserver(this, "last-pb-context-exited");- } if (mSymbolTableThread) { mSymbolTableThread->Shutdown(); } ResetGathering(); }-nsresult nsProfiler::Init() {- nsCOMPtr<nsIObserverService> observerService =- mozilla::services::GetObserverService();- if (observerService) {- observerService->AddObserver(this, "chrome-document-global-created", false);- observerService->AddObserver(this, "last-pb-context-exited", false);- }- return NS_OK;-}--NS_IMETHODIMP-nsProfiler::Observe(nsISupports* aSubject, const char* aTopic,- const char16_t* aData) {- // The profiler's handling of private browsing is as simple as possible: it- // is stopped when the first PB window opens, and left stopped when the last- // PB window closes.- if (strcmp(aTopic, "chrome-document-global-created") == 0) {- nsCOMPtr<nsIInterfaceRequestor> requestor = do_QueryInterface(aSubject);- nsCOMPtr<nsIWebNavigation> parentWebNav = do_GetInterface(requestor);- nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(parentWebNav);- if (loadContext && loadContext->UsePrivateBrowsing() &&- !mLockedForPrivateBrowsing) {- mLockedForPrivateBrowsing = true;- // Allow profiling tests that trigger private browsing.- if (!xpc::IsInAutomation()) {- profiler_stop();- }- }- } else if (strcmp(aTopic, "last-pb-context-exited") == 0) {- mLockedForPrivateBrowsing = false;- }- return NS_OK;-}--NS_IMETHODIMP-nsProfiler::CanProfile(bool* aCanProfile) {- *aCanProfile = !mLockedForPrivateBrowsing;- return NS_OK;-}+nsresult nsProfiler::Init() { return NS_OK; } static nsresult FillVectorFromStringArray(Vector<const char*>& aVector, const nsTArray<nsCString>& aArray) {@@ -121,10 +73,6 @@ const nsTArray<nsCString>& aFeatures, const nsTArray<nsCString>& aFilters, uint64_t aActiveTabID, double aDuration) {- if (mLockedForPrivateBrowsing) {- return NS_ERROR_NOT_AVAILABLE;- }- ResetGathering(); Vector<const char*> featureStringVector;@@ -762,6 +710,80 @@ return NS_OK; }+bool nsProfiler::SendProgressRequest(PendingProfile& aPendingProfile) {+ RefPtr<ProfilerParent::SingleProcessProgressPromise> progressPromise =+ ProfilerParent::RequestGatherProfileProgress(aPendingProfile.childPid);+ if (!progressPromise) {+ LOG("RequestGatherProfileProgress(%u) -> null!",+ unsigned(aPendingProfile.childPid));+ // Failed to send request.+ return false;+ }++ DEBUG_LOG("RequestGatherProfileProgress(%u) sent...",+ unsigned(aPendingProfile.childPid));+ aPendingProfile.lastProgressRequest = TimeStamp::Now();+ progressPromise->Then(+ GetMainThreadSerialEventTarget(), __func__,+ [self = RefPtr<nsProfiler>(this),+ childPid = aPendingProfile.childPid](GatherProfileProgress&& aResult) {+ if (!self->mGathering) {+ return;+ }+ PendingProfile* pendingProfile = self->GetPendingProfile(childPid);+ DEBUG_LOG(+ "RequestGatherProfileProgress(%u) response: %.2f '%s' "+ "(%u were pending, %s %u)",+ unsigned(childPid),+ ProportionValue::FromUnderlyingType(+ aResult.progressProportionValueUnderlyingType())+ .ToDouble() *+ 100.0,+ aResult.progressLocation().Data(),+ unsigned(self->mPendingProfiles.length()),+ pendingProfile ? "including" : "excluding", unsigned(childPid));+ if (pendingProfile) {+ // We have a progress report for a still-pending profile.+ pendingProfile->lastProgressResponse = TimeStamp::Now();+ // Has it actually made progress?+ if (aResult.progressProportionValueUnderlyingType() !=+ pendingProfile->progressProportion.ToUnderlyingType()) {+ pendingProfile->lastProgressChange =+ pendingProfile->lastProgressResponse;+ pendingProfile->progressProportion =+ ProportionValue::FromUnderlyingType(+ aResult.progressProportionValueUnderlyingType());+ pendingProfile->progressLocation = aResult.progressLocation();+ self->RestartGatheringTimer();+ }+ }+ },+ [self = RefPtr<nsProfiler>(this), childPid = aPendingProfile.childPid](+ ipc::ResponseRejectReason&& aReason) {+ if (!self->mGathering) {+ return;+ }+ PendingProfile* pendingProfile = self->GetPendingProfile(childPid);+ LOG("RequestGatherProfileProgress(%u) rejection: %d "+ "(%u were pending, %s %u)",+ unsigned(childPid), (int)aReason,+ unsigned(self->mPendingProfiles.length()),+ pendingProfile ? "including" : "excluding", unsigned(childPid));+ if (pendingProfile) {+ // Failure response, assume the child process is gone.+ MOZ_ASSERT(self->mPendingProfiles.begin() <= pendingProfile &&+ pendingProfile < self->mPendingProfiles.end());+ self->mPendingProfiles.erase(pendingProfile);+ if (self->mPendingProfiles.empty()) {+ // We've got all of the async profiles now. Let's finish off the+ // profile and resolve the Promise.+ self->FinishGathering();+ }+ }+ });+ return true;+}+ /* static */ void nsProfiler::GatheringTimerCallback(nsITimer* aTimer, void* aClosure) { MOZ_RELEASE_ASSERT(NS_IsMainThread());@@ -780,6 +802,82 @@ // This timer was cancelled after this callback was queued. return; }++ bool progressWasMade = false;++ // Going backwards, it's easier and cheaper to erase elements if needed.+ for (auto iPlus1 = self->mPendingProfiles.length(); iPlus1 != 0; --iPlus1) {+ PendingProfile& pendingProfile = self->mPendingProfiles[iPlus1 - 1];++ bool needToSendProgressRequest = false;+ if (pendingProfile.lastProgressRequest.IsNull()) {+ DEBUG_LOG("GatheringTimerCallback() - child %u: No data yet",+ unsigned(pendingProfile.childPid));+ // First time going through the list, send an initial progress request.+ needToSendProgressRequest = true;+ // We pretend that progress was made, so we don't give up yet.+ progressWasMade = true;+ } else if (pendingProfile.lastProgressResponse.IsNull()) {+ LOG("GatheringTimerCallback() - child %u: Waiting for first response",+ unsigned(pendingProfile.childPid));+ // Still waiting for the first response, no progress made here, don't send+ // another request.+ } else if (pendingProfile.lastProgressResponse <=+ pendingProfile.lastProgressRequest) {+ LOG("GatheringTimerCallback() - child %u: Waiting for response",+ unsigned(pendingProfile.childPid));+ // Still waiting for a response to the last request, no progress made+ // here, don't send another request.+ } else if (pendingProfile.lastProgressChange.IsNull()) {+ LOG("GatheringTimerCallback() - child %u: Still waiting for first change",+ unsigned(pendingProfile.childPid));+ // Still waiting for the first change, no progress made here, but send a+ // new request.+ needToSendProgressRequest = true;+ } else if (pendingProfile.lastProgressRequest <+ pendingProfile.lastProgressChange) {+ DEBUG_LOG("GatheringTimerCallback() - child %u: Recent change",+ unsigned(pendingProfile.childPid));+ // We have a recent change, progress was made.+ needToSendProgressRequest = true;+ progressWasMade = true;+ } else {+ LOG("GatheringTimerCallback() - child %u: No recent change",+ unsigned(pendingProfile.childPid));+ needToSendProgressRequest = true;+ }++ // And send a new progress request.+ if (needToSendProgressRequest) {+ if (!self->SendProgressRequest(pendingProfile)) {+ // Failed to even send the request, consider this process gone.+ self->mPendingProfiles.erase(&pendingProfile);+ LOG("... Failed to send progress request");+ } else {+ DEBUG_LOG("... Sent progress request");+ }+ } else {+ DEBUG_LOG("... No progress request");+ }+ }++ if (self->mPendingProfiles.empty()) {+ // We've got all of the async profiles now. Let's finish off the profile+ // and resolve the Promise.+ self->FinishGathering();+ return;+ }++ // Not finished yet.++ if (progressWasMade) {+ // We made some progress, just restart the timer.+ DEBUG_LOG("GatheringTimerCallback() - Progress made, restart timer");+ self->RestartGatheringTimer();+ return;+ }++ DEBUG_LOG("GatheringTimerCallback() - Timeout!"); self->mGatheringTimer = nullptr; if (!profiler_is_active() || !self->mGathering) { // Not gathering anymore.@@ -791,7 +889,34 @@ self->FinishGathering(); }-void nsProfiler::GatheredOOPProfile(const nsACString& aProfile) {+void nsProfiler::RestartGatheringTimer() {+ if (mGatheringTimer) {+ uint32_t delayMs = 0;+ const nsresult r = mGatheringTimer->GetDelay(&delayMs);+ mGatheringTimer->Cancel();+ if (NS_FAILED(r) || delayMs == 0 ||+ NS_FAILED(mGatheringTimer->InitWithNamedFuncCallback(+ GatheringTimerCallback, this, delayMs,+ nsITimer::TYPE_ONE_SHOT_LOW_PRIORITY,+ "nsProfilerGatheringTimer"))) {+ // Can't restart the timer, so we can't wait any longer.+ FinishGathering();+ }+ }+}++nsProfiler::PendingProfile* nsProfiler::GetPendingProfile(+ base::ProcessId aChildPid) {+ for (PendingProfile& pendingProfile : mPendingProfiles) {+ if (pendingProfile.childPid == aChildPid) {+ return &pendingProfile;+ }+ }+ return nullptr;+}++void nsProfiler::GatheredOOPProfile(base::ProcessId aChildPid,+ const nsACString& aProfile) { MOZ_RELEASE_ASSERT(NS_IsMainThread()); if (!profiler_is_active()) {@@ -813,28 +938,20 @@ mWriter->Splice(PromiseFlatCString(aProfile)); }- mPendingProfiles--;-- if (mPendingProfiles == 0) {- // We've got all of the async profiles now. Let's- // finish off the profile and resolve the Promise.- FinishGathering();+ if (PendingProfile* pendingProfile = GetPendingProfile(aChildPid);+ pendingProfile) {+ mPendingProfiles.erase(pendingProfile);++ if (mPendingProfiles.empty()) {+ // We've got all of the async profiles now. Let's finish off the profile+ // and resolve the Promise.+ FinishGathering();+ } } // Not finished yet, restart the timer to let any remaining child enough time // to do their profile-streaming.- if (mGatheringTimer) {- uint32_t delayMs = 0;- const nsresult r = mGatheringTimer->GetDelay(&delayMs);- mGatheringTimer->Cancel();- mGatheringTimer = nullptr;- if (NS_SUCCEEDED(r) && delayMs != 0) {- Unused << NS_NewTimerWithFuncCallback(- getter_AddRefs(mGatheringTimer), GatheringTimerCallback, this,- delayMs, nsITimer::TYPE_ONE_SHOT_LOW_PRIORITY, "",- GetMainThreadSerialEventTarget());- }- }+ RestartGatheringTimer(); } RefPtr<nsProfiler::GatheringPromise> nsProfiler::StartGathering(@@ -860,12 +977,15 @@ // Do this before the call to profiler_stream_json_for_this_process() because // that call is slow and we want to let the other processes grab their // profiles as soon as possible.- nsTArray<RefPtr<ProfilerParent::SingleProcessProfilePromise>> profiles =+ nsTArray<ProfilerParent::SingleProcessProfilePromiseAndChildPid> profiles = ProfilerParent::GatherProfiles();+ MOZ_ASSERT(mPendingProfiles.empty());+ if (!mPendingProfiles.reserve(profiles.Length())) {+ return GatheringPromise::CreateAndReject(NS_ERROR_NOT_AVAILABLE, __func__);+ }+ mWriter.emplace();-- TimeStamp streamingStart = TimeStamp::Now(); UniquePtr<ProfilerCodeAddressService> service = profiler_code_address_service_for_presymbolication();@@ -900,53 +1020,51 @@ // come in, they will be inserted and end up in the right spot. // FinishGathering() will close the array and the root object.- mPendingProfiles = profiles.Length();- if (mPendingProfiles != 0) {+ if (!profiles.IsEmpty()) { // There *are* pending profiles, let's add handlers for their promises.- // We want a reasonable timeout value while waiting for child profiles.- // We know how long the parent process took to serialize its profile:- const uint32_t parentTimeMs = static_cast<uint32_t>(- (TimeStamp::Now() - streamingStart).ToMilliseconds());- // We will multiply this by the number of children, to cover the worst case- // where all processes take the same time, but because they are working in- // parallel on a potential single CPU, they all finish around the same later- // time.- // And multiply again by 2, for the extra processing and comms, and other- // work that may happen.- const uint32_t parentToChildrenFactor = mPendingProfiles * 2;- // And we add a number seconds by default. In some lopsided cases, the- // parent-to-child serializing ratio could be much greater than expected,- // so the user could force it to be a bigger number if needed.+ // This timeout value is used to monitor progress while gathering child+ // profiles. The timer will be restarted after we receive a response with+ // any progress.+ constexpr uint32_t cMinChildTimeoutS = 1u; // 1 second minimum and default.+ constexpr uint32_t cMaxChildTimeoutS = 60u; // 1 minute max. uint32_t childTimeoutS = Preferences::GetUint(- "devtools.performance.recording.child.timeout_s", 0u);- if (childTimeoutS == 0) {- // If absent or 0, use hard-coded default.- childTimeoutS = 1;+ "devtools.performance.recording.child.timeout_s", cMinChildTimeoutS);+ if (childTimeoutS < cMinChildTimeoutS) {+ childTimeoutS = cMinChildTimeoutS;+ } else if (childTimeoutS > cMaxChildTimeoutS) {+ childTimeoutS = cMaxChildTimeoutS; }- // And this gives us a timeout value. The timer will be restarted after we- // receive each response.- // TODO: Instead of a timeout to cover the whole request-to-response time,- // there should be more of a continuous dialog between processes, to only- // give up if some processes are really unresponsive. See bug 1673513.- const uint32_t streamingTimeoutMs =- parentTimeMs * parentToChildrenFactor + childTimeoutS * 1000;+ const uint32_t childTimeoutMs = childTimeoutS * PR_MSEC_PER_SEC; Unused << NS_NewTimerWithFuncCallback( getter_AddRefs(mGatheringTimer), GatheringTimerCallback, this,- streamingTimeoutMs, nsITimer::TYPE_ONE_SHOT_LOW_PRIORITY, "",- GetMainThreadSerialEventTarget());-- for (auto profile : profiles) {- profile->Then(+ childTimeoutMs, nsITimer::TYPE_ONE_SHOT_LOW_PRIORITY,+ "nsProfilerGatheringTimer", GetMainThreadSerialEventTarget());++ MOZ_ASSERT(mPendingProfiles.capacity() >= profiles.Length());+ for (const auto& profile : profiles) {+ mPendingProfiles.infallibleAppend(PendingProfile{profile.childPid});+ profile.profilePromise->Then( GetMainThreadSerialEventTarget(), __func__,- [self = RefPtr<nsProfiler>(this)](mozilla::ipc::Shmem&& aResult) {+ [self = RefPtr<nsProfiler>(this),+ childPid = profile.childPid](mozilla::ipc::Shmem&& aResult) {+ PendingProfile* pendingProfile = self->GetPendingProfile(childPid);+ LOG("GatherProfile(%u) response: %u bytes (%u were pending, %s %u)",+ unsigned(childPid), unsigned(aResult.Size<char>()),+ unsigned(self->mPendingProfiles.length()),+ pendingProfile ? "including" : "excluding", unsigned(childPid)); const nsDependentCSubstring profileString(aResult.get<char>(), aResult.Size<char>() - 1);- self->GatheredOOPProfile(profileString);+ self->GatheredOOPProfile(childPid, profileString); },- [self =- RefPtr<nsProfiler>(this)](ipc::ResponseRejectReason&& aReason) {- self->GatheredOOPProfile(""_ns);+ [self = RefPtr<nsProfiler>(this),+ childPid = profile.childPid](ipc::ResponseRejectReason&& aReason) {+ PendingProfile* pendingProfile = self->GetPendingProfile(childPid);+ LOG("GatherProfile(%u) rejection: %d (%u were pending, %s %u)",+ unsigned(childPid), (int)aReason,+ unsigned(self->mPendingProfiles.length()),+ pendingProfile ? "including" : "excluding", unsigned(childPid));+ self->GatheredOOPProfile(childPid, ""_ns); }); } } else {@@ -1024,7 +1142,7 @@ mPromiseHolder->RejectIfExists(NS_ERROR_DOM_ABORT_ERR, __func__); mPromiseHolder.reset(); }- mPendingProfiles = 0;+ mPendingProfiles.clearAndFree(); mGathering = false; if (mGatheringTimer) { mGatheringTimer->Cancel();
Based on the provided code diff, I'll analyze it for security vulnerabilities. Here's the analysis:
1. Vulnerability Existed: yes
[Removal of Private Browsing Check] [tools/profiler/gecko/nsProfiler.cpp] [Lines 121-123]
[Old Code]
if (mLockedForPrivateBrowsing) {
return NS_ERROR_NOT_AVAILABLE;
}
[Fixed Code]
(removed)
2. Vulnerability Existed: yes
[Removal of Private Browsing Observer] [tools/profiler/gecko/nsProfiler.cpp] [Lines 45-65]
[Old Code]
nsCOMPtr<nsIObserverService> observerService =
mozilla::services::GetObserverService();
if (observerService) {
observerService->RemoveObserver(this, "chrome-document-global-created");
observerService->RemoveObserver(this, "last-pb-context-exited");
}
[Fixed Code]
(removed)
3. Vulnerability Existed: not sure
[Process ID Handling] [tools/profiler/gecko/nsProfiler.cpp] [Lines 710-889]
[Old Code]
(Simpler profile gathering mechanism)
[Fixed Code]
(More complex process tracking with childPid)
The main security-related changes appear to be:
1. Removal of private browsing checks and observer functionality, which could potentially expose sensitive profiling data from private browsing sessions
2. The change in profile gathering mechanism introduces more detailed process tracking, but it's unclear if this introduces any new vulnerabilities
The most significant security change is the removal of private browsing protections, which could be considered a vulnerability if profiling data from private sessions could be accessed when it shouldn't be. The new process tracking system appears to be more robust but would need further analysis to determine if it introduces any new security concerns.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/layout/generic/nsGfxScrollFrame.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/layout/generic/nsGfxScrollFrame.cpp@@ -9,7 +9,6 @@ #include "nsGfxScrollFrame.h" #include "nsIXULRuntime.h"-#include "ActiveLayerTracker.h" #include "base/compiler_specific.h" #include "DisplayItemClip.h" #include "Layers.h"@@ -1464,8 +1463,7 @@ // visual viewport is updated to account for that before we read the // visual viewport size. manager->UpdateVisualViewportSizeForPotentialScrollbarChange();- } else if ((oldScrollPort.Size() != newScrollPort.Size()) &&- !HasAnyStateBits(NS_FRAME_FIRST_REFLOW)) {+ } else if (oldScrollPort.Size() != newScrollPort.Size()) { // We want to make sure to send a visual viewport resize event if the // scrollport changed sizes for root scroll frames. The // MobileViewportManager will do that, but if we don't have one (ie we@@ -1485,7 +1483,8 @@ (didHaveHScrollbar != state.mShowHScrollbar || didHaveVScrollbar != state.mShowVScrollbar || didOnlyHScrollbar != mHelper.mOnlyNeedHScrollbarToScrollVVInsideLV ||- didOnlyVScrollbar != mHelper.mOnlyNeedVScrollbarToScrollVVInsideLV)) {+ didOnlyVScrollbar != mHelper.mOnlyNeedVScrollbarToScrollVVInsideLV) &&+ PresShell()->IsVisualViewportOffsetSet()) { // Removing layout/classic scrollbars can make a previously valid vvoffset // invalid. For example, if we are zoomed in on an overflow hidden document // and then zoom back out, when apz reaches the initial resolution (ie 1.0)@@ -1616,26 +1615,15 @@ return result; }-nscoord ScrollFrameHelper::GetNondisappearingScrollbarWidth(- nsBoxLayoutState* aState, WritingMode aWM) {- NS_ASSERTION(aState && aState->GetRenderingContext(),- "Must have rendering context in layout state for size "- "computations");-- bool verticalWM = aWM.IsVertical();- // We need to have the proper un-themed scrollbar size, regardless of whether- // we're using e.g. scrollbar-width: thin, or overlay scrollbars.- nsIFrame* box = verticalWM ? mHScrollbarBox : mVScrollbarBox;- if (box) {- auto sizes = aState->PresContext()->Theme()->GetScrollbarSizes(- aState->PresContext(), StyleScrollbarWidth::Auto,- nsITheme::Overlay::No);- return aState->PresContext()->DevPixelsToAppUnits(- verticalWM ? sizes.mHorizontal : sizes.mVertical);- }-- nsMargin sizes(GetDesiredScrollbarSizes(aState));- return verticalWM ? sizes.TopBottom() : sizes.LeftRight();+nscoord nsIScrollableFrame::GetNondisappearingScrollbarWidth(nsPresContext* aPc,+ WritingMode aWM) {+ // We use this to size the combobox dropdown button. For that, we need to have+ // the proper big, non-overlay scrollbar size, regardless of whether we're+ // using e.g. scrollbar-width: thin, or overlay scrollbars.+ auto sizes = aPc->Theme()->GetScrollbarSizes(aPc, StyleScrollbarWidth::Auto,+ nsITheme::Overlay::No);+ return aPc->DevPixelsToAppUnits(aWM.IsVertical() ? sizes.mHorizontal+ : sizes.mVertical); } void ScrollFrameHelper::HandleScrollbarStyleSwitching() {@@ -3246,8 +3234,13 @@ AutoScrollbarRepaintSuppression repaintSuppression(this, weakFrame, !schedulePaint);- nsPoint relativeOffset =- presContext->PresShell()->GetVisualViewportOffset() - curPos;+ nsPoint visualViewportOffset = curPos;+ if (presContext->PresShell()->IsVisualViewportOffsetSet()) {+ visualViewportOffset =+ presContext->PresShell()->GetVisualViewportOffset();+ }+ nsPoint relativeOffset = visualViewportOffset - curPos;+ presContext->PresShell()->SetVisualViewportOffset(pt + relativeOffset, curPos); if (!weakFrame.IsAlive()) {@@ -4500,23 +4493,25 @@ content, &displayPort, DisplayPortOptions().With(DisplayportRelativeTo::ScrollFrame));+ auto OverrideDirtyRect = [&](const nsRect& aRect) {+ *aDirtyRect = aRect;+ if (aDirtyRectHasBeenOverriden) {+ *aDirtyRectHasBeenOverriden = true;+ }+ };+ if (usingDisplayPort) { // Override the dirty rectangle if the displayport has been set. *aVisibleRect = displayPort;- if (!aBuilder->IsPartialUpdate() || aBuilder->InInvalidSubtree() ||+ if (aBuilder->IsReusingStackingContextItems() ||+ !aBuilder->IsPartialUpdate() || aBuilder->InInvalidSubtree() || mOuter->IsFrameModified()) {- *aDirtyRect = displayPort;- if (aDirtyRectHasBeenOverriden) {- *aDirtyRectHasBeenOverriden = true;- }+ OverrideDirtyRect(displayPort); } else if (mOuter->HasOverrideDirtyRegion()) { nsRect* rect = mOuter->GetProperty( nsDisplayListBuilder::DisplayListBuildingDisplayPortRect()); if (rect) {- *aDirtyRect = *rect;- if (aDirtyRectHasBeenOverriden) {- *aDirtyRectHasBeenOverriden = true;- }+ OverrideDirtyRect(*rect); } } } else if (mIsRoot) {@@ -5858,7 +5853,6 @@ mProcessingScrollEvent = true;- ActiveLayerTracker::SetCurrentScrollHandlerFrame(mOuter); WidgetGUIEvent event(true, eScroll, nullptr); nsEventStatus status = nsEventStatus_eIgnore; // Fire viewport scroll events at the document (where they@@ -5877,7 +5871,6 @@ event.mFlags.mBubbles = false; EventDispatcher::Dispatch(content, presContext, &event, nullptr, &status); }- ActiveLayerTracker::SetCurrentScrollHandlerFrame(nullptr); } void ScrollFrameHelper::PostScrollEvent(bool aDelayed) {@@ -6120,18 +6113,6 @@ nsIContent* content = mOuter->GetContent(); return mHasBeenScrolledRecently || IsAlwaysActive() || DisplayPortUtils::HasDisplayPort(content) ||- nsContentUtils::HasScrollgrab(content);-}--bool ScrollFrameHelper::IsScrollingActiveNotMinimalDisplayPort() const {- const nsStyleDisplay* disp = mOuter->StyleDisplay();- if (disp->mWillChange.bits & StyleWillChangeBits::SCROLL) {- return true;- }-- nsIContent* content = mOuter->GetContent();- return mHasBeenScrolledRecently || IsAlwaysActive() ||- DisplayPortUtils::HasNonMinimalDisplayPort(content) || nsContentUtils::HasScrollgrab(content); }@@ -6578,7 +6559,7 @@ nsAutoScriptBlocker scriptBlocker; if (mReclampVVOffsetInReflowFinished) {- MOZ_ASSERT(mIsRoot);+ MOZ_ASSERT(mIsRoot && mOuter->PresShell()->IsVisualViewportOffsetSet()); mReclampVVOffsetInReflowFinished = false; AutoWeakFrame weakFrame(mOuter); mOuter->PresShell()->SetVisualViewportOffset(GetVisualViewportOffset(),@@ -7349,12 +7330,15 @@ } void ScrollFrameHelper::ResetScrollInfoIfNeeded(- const ScrollGeneration& aGeneration,+ const MainThreadScrollGeneration& aGeneration,+ const APZScrollGeneration& aGenerationOnApz, APZScrollAnimationType aAPZScrollAnimationType) { if (aGeneration == mScrollGeneration) { mLastScrollOrigin = ScrollOrigin::None; mApzAnimationRequested = false; }++ mScrollGenerationOnApz = aGenerationOnApz; // We can reset this regardless of scroll generation, as this is only set // here, as a response to APZ requesting a repaint. mCurrentAPZScrollAnimationType = aAPZScrollAnimationType;
Here's the analysis of the provided code diff for security fixes:
1. Vulnerability Existed: not sure
[Potential Null Pointer Dereference] [File: layout/generic/nsGfxScrollFrame.cpp] [Lines: 3246-3249]
[Old Code]
nsPoint relativeOffset =
presContext->PresShell()->GetVisualViewportOffset() - curPos;
[Fixed Code]
nsPoint visualViewportOffset = curPos;
if (presContext->PresShell()->IsVisualViewportOffsetSet()) {
visualViewportOffset =
presContext->PresShell()->GetVisualViewportOffset();
}
nsPoint relativeOffset = visualViewportOffset - curPos;
2. Vulnerability Existed: not sure
[Potential Race Condition] [File: layout/generic/nsGfxScrollFrame.cpp] [Lines: 7349-7355]
[Old Code]
void ScrollFrameHelper::ResetScrollInfoIfNeeded(
const ScrollGeneration& aGeneration,
APZScrollAnimationType aAPZScrollAnimationType) {
[Fixed Code]
void ScrollFrameHelper::ResetScrollInfoIfNeeded(
const MainThreadScrollGeneration& aGeneration,
const APZScrollGeneration& aGenerationOnApz,
APZScrollAnimationType aAPZScrollAnimationType) {
3. Vulnerability Existed: not sure
[Potential Information Leak] [File: layout/generic/nsGfxScrollFrame.cpp] [Lines: 4500-4519]
[Old Code]
if (usingDisplayPort) {
// Override the dirty rectangle if the displayport has been set.
*aVisibleRect = displayPort;
if (!aBuilder->IsPartialUpdate() || aBuilder->InInvalidSubtree() ||
mOuter->IsFrameModified()) {
*aDirtyRect = displayPort;
if (aDirtyRectHasBeenOverriden) {
*aDirtyRectHasBeenOverriden = true;
}
[Fixed Code]
auto OverrideDirtyRect = [&](const nsRect& aRect) {
*aDirtyRect = aRect;
if (aDirtyRectHasBeenOverriden) {
*aDirtyRectHasBeenOverriden = true;
}
};
if (usingDisplayPort) {
// Override the dirty rectangle if the displayport has been set.
*aVisibleRect = displayPort;
if (aBuilder->IsReusingStackingContextItems() ||
!aBuilder->IsPartialUpdate() || aBuilder->InInvalidSubtree() ||
mOuter->IsFrameModified()) {
OverrideDirtyRect(displayPort);
Note: While these changes appear to be security-related improvements (adding null checks, improving thread safety, and better handling of sensitive data), I couldn't identify specific named vulnerabilities being fixed. The changes seem to be proactive improvements rather than fixes for known vulnerabilities.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/layout/painting/nsImageRenderer.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/layout/painting/nsImageRenderer.h@@ -239,7 +239,6 @@ gfxContext& aRenderingContext); bool IsRasterImage();- bool IsAnimatedImage(); /// Retrieves the image associated with this nsImageRenderer, if there is one. already_AddRefed<imgIContainer> GetImage();
Let me analyze the diff according to the provided format. Vulnerability Existed: not sure [Potential Information Leak] [layout/painting/nsImageRenderer.h] [Lines 239-241] [Old Code] bool IsRasterImage(); bool IsAnimatedImage(); [Fixed Code] bool IsRasterImage(); Additional Details: The diff shows removal of the `IsAnimatedImage()` method declaration. While this could potentially relate to security (such as preventing information leaks about image types), there isn't enough context to confirm if this was an actual security fix or just a code cleanup. The removal might be related to hardening the code against potential side-channel attacks that could exploit knowledge about animated images, but this is speculative without more context.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/html/nsGenericHTMLElement.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/html/nsGenericHTMLElement.cpp@@ -2916,27 +2916,12 @@ } }-void nsGenericHTMLElement::SetInnerText(const nsAString& aValue) {- // Batch possible DOMSubtreeModified events.- mozAutoSubtreeModified subtree(OwnerDoc(), nullptr);- FireNodeRemovedForChildren();-- // Might as well stick a batch around this since we're performing several- // mutations.- mozAutoDocUpdate updateBatch(GetComposedDoc(), true);- nsAutoMutationBatch mb;-- mb.Init(this, true, false);-- while (HasChildren()) {- RemoveChildNode(nsINode::GetFirstChild(), true);- }-- mb.RemovalDone();-+static already_AddRefed<nsINode> TextToNode(const nsAString& aString,+ nsNodeInfoManager* aNim) { nsString str;- const char16_t* s = aValue.BeginReading();- const char16_t* end = aValue.EndReading();+ const char16_t* s = aString.BeginReading();+ const char16_t* end = aString.EndReading();+ RefPtr<DocumentFragment> fragment; while (true) { if (s != end && *s == '\r' && s + 1 != end && s[1] == '\n') { // a \r\n pair should only generate one <br>, so just skip the \r@@ -2944,28 +2929,93 @@ } if (s == end || *s == '\r' || *s == '\n') { if (!str.IsEmpty()) {- RefPtr<nsTextNode> textContent = new (NodeInfo()->NodeInfoManager())- nsTextNode(NodeInfo()->NodeInfoManager());+ RefPtr<nsTextNode> textContent = new (aNim) nsTextNode(aNim); textContent->SetText(str, true);- AppendChildTo(textContent, true, IgnoreErrors());+ if (!fragment) {+ if (s == end) {+ return textContent.forget();+ }+ fragment = new (aNim) DocumentFragment(aNim);+ }+ fragment->AppendChildTo(textContent, true, IgnoreErrors()); } if (s == end) { break; } str.Truncate();- RefPtr<mozilla::dom::NodeInfo> ni =- NodeInfo()->NodeInfoManager()->GetNodeInfo(- nsGkAtoms::br, nullptr, kNameSpaceID_XHTML, ELEMENT_NODE);+ RefPtr<NodeInfo> ni = aNim->GetNodeInfo(+ nsGkAtoms::br, nullptr, kNameSpaceID_XHTML, nsINode::ELEMENT_NODE); auto* nim = ni->NodeInfoManager(); RefPtr<HTMLBRElement> br = new (nim) HTMLBRElement(ni.forget());- AppendChildTo(br, true, IgnoreErrors());+ if (!fragment) {+ if (s + 1 == end) {+ return br.forget();+ }+ fragment = new (aNim) DocumentFragment(aNim);+ }+ fragment->AppendChildTo(br, true, IgnoreErrors()); } else { str.Append(*s); } ++s; }-- mb.NodesAdded();+ return fragment.forget();+}++void nsGenericHTMLElement::SetInnerText(const nsAString& aValue) {+ RefPtr<nsINode> node = TextToNode(aValue, NodeInfo()->NodeInfoManager());+ ReplaceChildren(node, IgnoreErrors());+}++// https://html.spec.whatwg.org/#merge-with-the-next-text-node+static void MergeWithNextTextNode(Text& aText, ErrorResult& aRv) {+ RefPtr<Text> nextSibling = Text::FromNodeOrNull(aText.GetNextSibling());+ if (!nextSibling) {+ return;+ }+ nsAutoString data;+ nextSibling->GetData(data);+ aText.AppendData(data, aRv);+ nextSibling->Remove();+}++// https://html.spec.whatwg.org/#dom-outertext+void nsGenericHTMLElement::SetOuterText(const nsAString& aValue,+ ErrorResult& aRv) {+ nsCOMPtr<nsINode> parent = GetParentNode();+ if (!parent) {+ return aRv.ThrowNoModificationAllowedError("Element has no parent");+ }++ RefPtr<nsINode> next = GetNextSibling();+ RefPtr<nsINode> previous = GetPreviousSibling();++ // Batch possible DOMSubtreeModified events.+ mozAutoSubtreeModified subtree(OwnerDoc(), nullptr);++ nsNodeInfoManager* nim = NodeInfo()->NodeInfoManager();+ RefPtr<nsINode> node = TextToNode(aValue, nim);+ if (!node) {+ // This doesn't match the spec, see+ // https://github.com/whatwg/html/issues/7508+ node = new (nim) nsTextNode(nim);+ }+ parent->ReplaceChild(*node, *this, aRv);+ if (aRv.Failed()) {+ return;+ }++ if (next) {+ if (RefPtr<Text> text = Text::FromNodeOrNull(next->GetPreviousSibling())) {+ MergeWithNextTextNode(*text, aRv);+ if (aRv.Failed()) {+ return;+ }+ }+ }+ if (auto* text = Text::FromNodeOrNull(previous)) {+ MergeWithNextTextNode(*text, aRv);+ } } already_AddRefed<ElementInternals> nsGenericHTMLElement::AttachInternals(
Analyzing the provided code diff for security fixes:
1. Vulnerability Existed: not sure
[Potential XSS or DOM Manipulation] [dom/html/nsGenericHTMLElement.cpp] [Lines 2916-2930]
[Old Code]
void nsGenericHTMLElement::SetInnerText(const nsAString& aValue) {
// Batch possible DOMSubtreeModified events.
mozAutoSubtreeModified subtree(OwnerDoc(), nullptr);
FireNodeRemovedForChildren();
// Might as well stick a batch around this since we're performing several
// mutations.
mozAutoDocUpdate updateBatch(GetComposedDoc(), true);
nsAutoMutationBatch mb;
mb.Init(this, true, false);
while (HasChildren()) {
RemoveChildNode(nsINode::GetFirstChild(), true);
}
mb.RemovalDone();
// ... rest of the old implementation ...
[Fixed Code]
void nsGenericHTMLElement::SetInnerText(const nsAString& aValue) {
RefPtr<nsINode> node = TextToNode(aValue, NodeInfo()->NodeInfoManager());
ReplaceChildren(node, IgnoreErrors());
}
Additional Details: The change refactors the text setting logic into a separate function (TextToNode) and simplifies the SetInnerText implementation. While this doesn't directly indicate a security vulnerability, the refactoring could potentially address hidden security issues related to DOM manipulation or XSS by centralizing and standardizing text node creation.
2. Vulnerability Existed: not sure
[Potential DOM Clobbering] [dom/html/nsGenericHTMLElement.cpp] [Lines 2960-2990]
[Old Code]
[Not present in old version - new functionality added]
[Fixed Code]
void nsGenericHTMLElement::SetOuterText(const nsAString& aValue,
ErrorResult& aRv) {
nsCOMPtr<nsINode> parent = GetParentNode();
if (!parent) {
return aRv.ThrowNoModificationAllowedError("Element has no parent");
}
// ... rest of new implementation ...
Additional Details: The addition of SetOuterText method includes proper parent node checks and error handling, which could prevent potential DOM clobbering attacks. However, without more context about the threat model, this is uncertain.
3. Vulnerability Existed: not sure
[Potential Text Node Merging Issue] [dom/html/nsGenericHTMLElement.cpp] [Lines 2960-2990]
[Old Code]
[Not present in old version - new functionality added]
[Fixed Code]
static void MergeWithNextTextNode(Text& aText, ErrorResult& aRv) {
RefPtr<Text> nextSibling = Text::FromNodeOrNull(aText.GetNextSibling());
if (!nextSibling) {
return;
}
nsAutoString data;
nextSibling->GetData(data);
aText.AppendData(data, aRv);
nextSibling->Remove();
}
Additional Details: The new MergeWithNextTextNode function includes proper error handling when merging text nodes, which could prevent potential DOM corruption issues. However, this might not be directly security-related.
Note: The diff shows significant refactoring and addition of new functionality rather than clear security fixes. The changes appear to improve code organization and add new features while potentially making the code more robust against certain types of attacks, but without specific vulnerability reports or CVE references, we can't be certain about security implications.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/security/nss/lib/ssl/tls13con.c+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/security/nss/lib/ssl/tls13con.c@@ -1829,8 +1829,8 @@ TLS13KeyShareEntry *clientShare = NULL; ssl3CipherSuite previousCipherSuite = 0; const sslNamedGroupDef *previousGroup = NULL;- PRBool previousEchOffered = PR_FALSE; PRBool hrr = PR_FALSE;+ PRBool previousOfferedEch; /* If the legacy_version field is set to 0x300 or smaller, * reject the connection with protocol_version alert. */@@ -1882,8 +1882,8 @@ ss->xtnData.cookie.len, &previousCipherSuite, &previousGroup,- &previousEchOffered,- NULL, NULL, NULL, NULL, PR_TRUE);+ &previousOfferedEch, NULL, PR_TRUE);+ if (rv != SECSuccess) { FATAL_ERROR(ss, SSL_ERROR_BAD_2ND_CLIENT_HELLO, illegal_parameter); goto loser;@@ -1944,9 +1944,9 @@ } /* CH1/CH2 must either both include ECH, or both exclude it. */- if (previousEchOffered != (ss->xtnData.ech != NULL)) {+ if (previousOfferedEch != (ss->xtnData.ech != NULL)) { FATAL_ERROR(ss, SSL_ERROR_BAD_2ND_CLIENT_HELLO,- previousEchOffered ? missing_extension : illegal_parameter);+ previousOfferedEch ? missing_extension : illegal_parameter); goto loser; }@@ -2220,6 +2220,24 @@ SSL_GETPID(), ss->fd)); PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));++ if (ss->xtnData.ech) {+ PRUint8 echGreaseRaw[TLS13_ECH_SIGNAL_LEN] = { 0 };+ if (!ss->ssl3.hs.echAccepted) {+ rv = PK11_GenerateRandom(echGreaseRaw, TLS13_ECH_SIGNAL_LEN);+ if (rv != SECSuccess) {+ return SECFailure;+ }+ }+ sslBuffer echGreaseBuffer = SSL_BUFFER_EMPTY;+ rv = sslBuffer_Append(&echGreaseBuffer, echGreaseRaw, sizeof(echGreaseRaw));+ if (rv != SECSuccess) {+ return SECFailure;+ }+ /* Store the GREASE signal so we can later include it in the cookie and HRR extension */+ SSL_TRC(100, ("Generating and storing a random value for ECH HRR Grease value."));+ ss->ssl3.hs.greaseEchBuf = echGreaseBuffer;+ } /* Compute the cookie we are going to need. */ rv = tls13_MakeHrrCookie(ss, requestedGroup,@@ -2514,6 +2532,18 @@ return c; }+/*+ * savedMsg contains the HelloRetryRequest message. When its extensions are parsed+ * in ssl3_HandleParsedExtensions, the handler for ECH HRR extensions (tls13_ClientHandleHrrEchXtn)+ * will take a reference into the message buffer.+ *+ * This reference is then used in tls13_MaybeHandleEchSignal in order to compute+ * the transcript for the ECH signal calculation. This was felt to be preferable+ * to re-parsing the HelloRetryRequest message in order to create the transcript.+ *+ * Consequently, savedMsg should not be moved or mutated between these+ * function calls. + */ SECStatus tls13_HandleHelloRetryRequest(sslSocket *ss, const PRUint8 *savedMsg, PRUint32 savedLength)@@ -2552,9 +2582,13 @@ * ensure that a HelloRetryRequest isn't a no-op: we must have at least two * extensions, supported_versions plus one other. That other must be one * that we understand and recognize as being valid for HelloRetryRequest,- * and all the extensions we permit cause us to modify our second- * ClientHello in some meaningful way. */- if (ssl_ListCount(&ss->ssl3.hs.remoteExtensions) <= 1) {+ * and should alter our next Client Hello. */+ unsigned int requiredExtensions = 1;+ /* The ECH HRR extension is a no-op from the client's perspective. */+ if (ss->xtnData.ech) {+ requiredExtensions++;+ }+ if (ssl_ListCount(&ss->ssl3.hs.remoteExtensions) <= requiredExtensions) { FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST, decode_error); return SECFailure;@@ -2565,7 +2599,10 @@ if (rv != SECSuccess) { return SECFailure; /* Error code set below */ }-+ rv = tls13_MaybeHandleEchSignal(ss, savedMsg, savedLength, PR_TRUE);+ if (rv != SECSuccess) {+ return SECFailure;+ } ss->ssl3.hs.helloRetry = PR_TRUE; rv = tls13_ReinjectHandshakeTranscript(ss); if (rv != SECSuccess) {@@ -3016,7 +3053,7 @@ return SECFailure; /* error code is set. */ }- rv = tls13_MaybeHandleEchSignal(ss, savedMsg, savedLength);+ rv = tls13_MaybeHandleEchSignal(ss, savedMsg, savedLength, PR_FALSE); if (rv != SECSuccess) { return SECFailure; /* error code is set. */ }@@ -5550,8 +5587,7 @@ { ssl_tls13_supported_versions_xtn, _M3(client_hello, server_hello, hello_retry_request) }, { ssl_record_size_limit_xtn, _M2(client_hello, encrypted_extensions) },- { ssl_tls13_encrypted_client_hello_xtn, _M2(client_hello, encrypted_extensions) },- { ssl_tls13_ech_is_inner_xtn, _M1(client_hello) },+ { ssl_tls13_encrypted_client_hello_xtn, _M3(client_hello, encrypted_extensions, hello_retry_request) }, { ssl_tls13_outer_extensions_xtn, _M_NONE /* Encoding/decoding only */ }, { ssl_tls13_post_handshake_auth_xtn, _M1(client_hello) } };@@ -6251,9 +6287,12 @@ for (version = ss->vrange.max; version >= ss->vrange.min; --version) { if (version < SSL_LIBRARY_VERSION_TLS_1_3 && (ss->ssl3.hs.helloRetry || ss->ssl3.hs.echAccepted)) {- /* Prevent negotiating to a lower version after 1.3 HRR or ECH */+ /* Prevent negotiating to a lower version after 1.3 HRR or ECH+ * When accepting ECH, a different alert is generated.+ */+ SSL3AlertDescription alert = ss->ssl3.hs.echAccepted ? illegal_parameter : protocol_version; PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);- FATAL_ERROR(ss, SSL_ERROR_UNSUPPORTED_VERSION, protocol_version);+ FATAL_ERROR(ss, SSL_ERROR_UNSUPPORTED_VERSION, alert); return SECFailure; }
I'll analyze the provided code diff for security fixes following the specified format.
1. Vulnerability Existed: yes
ECH (Encrypted Client Hello) Signal Handling [security/nss/lib/ssl/tls13con.c] [Lines 2220-2240, 2552-2565, 3016-3020]
[Old Code]
No explicit handling of ECH signals in HRR (Hello Retry Request) messages. The ECH extension was only allowed in client_hello and encrypted_extensions messages.
[Fixed Code]
Added proper ECH signal handling during HRR:
- Generates random ECH grease values when ECH is offered but not accepted
- Stores ECH grease buffer for later use in cookie and HRR extension
- Explicitly checks ECH state consistency between first and second ClientHello
- Adds ECH extension to allowed HRR extensions
- Properly handles ECH signals during HRR processing
2. Vulnerability Existed: yes
Insufficient HRR Extension Validation [security/nss/lib/ssl/tls13con.c] [Lines 2552-2565]
[Old Code]
Required at least 2 extensions in HRR but didn't account for ECH HRR extension being a no-op:
`if (ssl_ListCount(&ss->ssl3.hs.remoteExtensions) <= 1)`
[Fixed Code]
Added special case for ECH HRR extension:
```
unsigned int requiredExtensions = 1;
if (ss->xtnData.ech) {
requiredExtensions++;
}
if (ssl_ListCount(&ss->ssl3.hs.remoteExtensions) <= requiredExtensions)
```
3. Vulnerability Existed: yes
Inconsistent Alert for Version Downgrade After ECH [security/nss/lib/ssl/tls13con.c] [Lines 6251-6260]
[Old Code]
Always used protocol_version alert when preventing version downgrade after HRR or ECH:
`FATAL_ERROR(ss, SSL_ERROR_UNSUPPORTED_VERSION, protocol_version);`
[Fixed Code]
Differentiates between HRR and ECH cases:
```
SSL3AlertDescription alert = ss->ssl3.hs.echAccepted ? illegal_parameter : protocol_version;
FATAL_ERROR(ss, SSL_ERROR_UNSUPPORTED_VERSION, alert);
```
4. Vulnerability Existed: not sure
ECH State Tracking [security/nss/lib/ssl/tls13con.c] [Lines 1829-1882, 1944-1949]
[Old Code]
Used `previousEchOffered` variable name and simple boolean check:
`if (previousEchOffered != (ss->xtnData.ech != NULL))`
[Fixed Code]
Renamed to `previousOfferedEch` and modified error message handling:
`if (previousOfferedEch != (ss->xtnData.ech != NULL))`
`previousOfferedEch ? missing_extension : illegal_parameter`
This change appears to be related to ECH state consistency checking, but I'm not certain if it fixes a specific vulnerability or is just a code improvement.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/script/ModuleLoader.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/script/ModuleLoader.cpp@@ -359,7 +359,8 @@ } if (!JS::CreateError(aCx, JSEXN_TYPEERR, nullptr, filename, aLineNumber,- aColumnNumber, nullptr, string, errorOut)) {+ aColumnNumber, nullptr, string, JS::NothingHandleValue,+ errorOut)) { return NS_ERROR_OUT_OF_MEMORY; }
Here's the analysis of the provided code diff:
Vulnerability Existed: not sure
[Potential Error Handling Improvement] [dom/script/ModuleLoader.cpp] [Lines 359-361]
[Old Code]
```c
if (!JS::CreateError(aCx, JSEXN_TYPEERR, nullptr, filename, aLineNumber,
aColumnNumber, nullptr, string, errorOut)) {
```
[Fixed Code]
```c
if (!JS::CreateError(aCx, JSEXN_TYPEERR, nullptr, filename, aLineNumber,
aColumnNumber, nullptr, string, JS::NothingHandleValue,
errorOut)) {
```
Additional Details:
1. The change adds `JS::NothingHandleValue` as a new parameter to `JS::CreateError`
2. This appears to be an API change where error handling is being made more explicit
3. While this could potentially address some error handling edge cases, there's no clear indication of a specific vulnerability being fixed
4. The change might be related to memory safety or error propagation improvements, but without more context, we can't be certain
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.hex5.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.hex5.html@@ -17,14 +17,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; try { ctx.fillStyle = '#ff000'; } catch (e) { } // this shouldn't throw, but it shouldn't matter here if it does ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
Based on the provided diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely cosmetic/refactoring (variable name change from `offscreenCanvas` to `canvas`). Here's the analysis following your format: Vulnerability Existed: no [No security vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.hex5.html] [Lines 17-25] [Old Code: var offscreenCanvas = new OffscreenCanvas(100, 50); ... _assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");] [Fixed Code: var canvas = new OffscreenCanvas(100, 50); ... _assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");] The changes are: 1. Variable name change from `offscreenCanvas` to `canvas` 2. Corresponding update in the `_assertPixel` call to use the new variable name No security implications were found in this change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/client-hints/accept-ch-stickiness/resources/accept-ch-test.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/client-hints/accept-ch-stickiness/resources/accept-ch-test.js@@ -3,6 +3,7 @@ const accept_blank = "/client-hints/accept-ch-stickiness/resources/accept-ch-blank.html"; const no_accept = "/client-hints/accept-ch-stickiness/resources/no-accept-ch.html"; const httpequiv_accept = "/client-hints/accept-ch-stickiness/resources/http-equiv-accept-ch.html";+const metaname_accept = "/client-hints/accept-ch-stickiness/resources/meta-name-accept-ch.html"; const expect = "/client-hints/accept-ch-stickiness/resources/expect-client-hints-headers.html" const do_not_expect = "/client-hints/accept-ch-stickiness/resources/do-not-expect-client-hints-headers.html"
Based on the provided diff, I don't see any security vulnerabilities being fixed. The change appears to be adding a new test case path for client hints functionality. Here's the analysis following your requested format: Vulnerability Existed: no [No security vulnerability found] [testing/web-platform/tests/client-hints/accept-ch-stickiness/resources/accept-ch-test.js] [Lines 3-6] [Old Code] const accept_blank = "/client-hints/accept-ch-stickiness/resources/accept-ch-blank.html"; const no_accept = "/client-hints/accept-ch-stickiness/resources/no-accept-ch.html"; const httpequiv_accept = "/client-hints/accept-ch-stickiness/resources/http-equiv-accept-ch.html"; [Fixed Code] const accept_blank = "/client-hints/accept-ch-stickiness/resources/accept-ch-blank.html"; const no_accept = "/client-hints/accept-ch-stickiness/resources/no-accept-ch.html"; const httpequiv_accept = "/client-hints/accept-ch-stickiness/resources/http-equiv-accept-ch.html"; const metaname_accept = "/client-hints/accept-ch-stickiness/resources/meta-name-accept-ch.html"; The change simply adds a new constant `metaname_accept` for testing purposes, which doesn't appear to address any security vulnerability. It's likely part of expanding test coverage for client hints functionality.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/rust_decimal/README.md+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/rust_decimal/README.md@@ -1,4 +1,4 @@-# Decimal   [![Build Status]][actions] [![Latest Version]][crates.io] [![Docs Badge]][docs] +# Decimal   [![Build Status]][actions] [![Latest Version]][crates.io] [![Docs Badge]][docs] [Build Status]: https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Fpaupino%2Frust-decimal%2Fbadge&label=build&logo=none [actions]: https://actions-badge.atrox.dev/paupino/rust-decimal/goto@@ -17,8 +17,8 @@ ```toml [dependencies]-rust_decimal = "1.18"-rust_decimal_macros = "1.18"+rust_decimal = "1.20"+rust_decimal_macros = "1.20" ``` ## Usage@@ -73,19 +73,30 @@ ## Features+**Behavior / Functionality**+ * [c-repr](#c-repr)+* [legacy-ops](#legacy-ops)+* [maths](#maths)+* [rocket-traits](#rocket-traits)+* [rust-fuzz](#rust-fuzz)+* [std](#std)++**Database**+ * [db-postgres](#db-postgres) * [db-tokio-postgres](#db-tokio-postgres) * [db-diesel-postgres](#db-diesel-postgres) * [db-diesel-mysql](#db-diesel-mysql)-* [legacy-ops](#legacy-ops)-* [maths](#maths)-* [rocket-traits](#rocket-traits)-* [rust-fuzz](#rust-fuzz)++**Serde**+ * [serde-float](#serde-float) * [serde-str](#serde-str) * [serde-arbitrary-precision](#serde-arbitrary-precision)-* [std](#std)+* [serde-with-float](#serde-with-float)+* [serde-with-str](#serde-with-str)+* [serde-with-arbitrary-precision](#serde-with-arbitrary-precision) ### `c-repr`@@ -102,7 +113,7 @@ ### `db-diesel-postgres`-Enable `diesel` PostgreSQL support. +Enable `diesel` PostgreSQL support. ### `db-diesel-mysql`@@ -110,18 +121,18 @@ ### `legacy-ops`-As of `1.10` the algorithms used to perform basic operations have changed which has benefits of significant speed improvements. +As of `1.10` the algorithms used to perform basic operations have changed which has benefits of significant speed improvements. To maintain backwards compatibility this can be opted out of by enabling the `legacy-ops` feature. ### `maths`-The `maths` feature enables additional complex mathematical functions such as `pow`, `ln`, `enf`, `exp` etc. -Documentation detailing the additional functions can be found on the +The `maths` feature enables additional complex mathematical functions such as `pow`, `ln`, `enf`, `exp` etc.+Documentation detailing the additional functions can be found on the [`MathematicalOps`](https://docs.rs/rust_decimal/latest/rust_decimal/trait.MathematicalOps.html) trait. Please note that `ln` and `log10` will panic on invalid input with `checked_ln` and `checked_log10` the preferred functions-to curb against this. When the `maths` feature was first developed the library would return `0` on invalid input. To re-enable this -non-panicking behavior, please use the feature: `maths-nopanic`. +to curb against this. When the `maths` feature was first developed the library would return `0` on invalid input. To re-enable this+non-panicking behavior, please use the feature: `maths-nopanic`. ### `rocket-traits`@@ -132,6 +143,9 @@ Enable `rust-fuzz` support by implementing the `Arbitrary` trait. ### `serde-float`++**Note:** it is recommended to use the `serde-with-*` features for greater control. This allows configurability at the data+level. Enable this so that JSON serialization of `Decimal` types are sent as a float instead of a string (default).@@ -144,22 +158,65 @@ ### `serde-str`+**Note:** it is recommended to use the `serde-with-*` features for greater control. This allows configurability at the data+level.+ This is typically useful for `bincode` or `csv` like implementations.-Since `bincode` does not specify type information, we need to ensure that a type hint is provided in order to -correctly be able to deserialize. Enabling this feature on its own will force deserialization to use `deserialize_str` -instead of `deserialize_any`. +Since `bincode` does not specify type information, we need to ensure that a type hint is provided in order to+correctly be able to deserialize. Enabling this feature on its own will force deserialization to use `deserialize_str`+instead of `deserialize_any`. If, for some reason, you also have `serde-float` enabled then this will use `deserialize_f64` as a type hint. Because-converting to `f64` _loses_ precision, it's highly recommended that you do NOT enable this feature when working with +converting to `f64` _loses_ precision, it's highly recommended that you do NOT enable this feature when working with `bincode`. That being said, this will only use 8 bytes so is slightly more efficient in terms of storage size. ### `serde-arbitrary-precision`-This is used primarily with `serde_json` and consequently adds it as a "weak dependency". This supports the -`arbitrary_precision` feature inside `serde_json` when parsing decimals. +**Note:** it is recommended to use the `serde-with-*` features for greater control. This allows configurability at the data+level.++This is used primarily with `serde_json` and consequently adds it as a "weak dependency". This supports the+`arbitrary_precision` feature inside `serde_json` when parsing decimals. This is recommended when parsing "float" looking data as it will prevent data loss.++### `serde-with-float`++Enable this to access the module for serialising `Decimal` types to a float. This can be use in `struct` definitions like so:++```rust+#[derive(Serialize, Deserialize)]+pub struct FloatExample {+ #[serde(with = "rust_decimal::serde::float")]+ value: Decimal,+}+```++### `serde-with-str`++Enable this to access the module for serialising `Decimal` types to a `String`. This can be use in `struct` definitions like so:++```rust+#[derive(Serialize, Deserialize)]+pub struct StrExample {+ #[serde(with = "rust_decimal::serde::str")]+ value: Decimal,+}+```++### `serde-with-arbitrary-precision`++Enable this to access the module for serialising `Decimal` types to a `String`. This can be use in `struct` definitions like so:++```rust+#[derive(Serialize, Deserialize)]+pub struct ArbitraryExample {+ #[serde(with = "rust_decimal::serde::arbitrary_precision")]+ value: Decimal,+}+```+ ### `std`@@ -172,6 +229,11 @@ ## Minimum Rust Compiler Version-This library maintains support for rust compiler versions at least one year old and only updates the minimum version if and-when required. The current minimum compiler version is [`1.46.0`](https://github.com/rust-lang/rust/blob/master/RELEASES.md#version-1460-2020-08-27) -which was released on `2020-08-27`.+The current _minimum_ compiler version is [`1.51.0`](https://github.com/rust-lang/rust/blob/master/RELEASES.md#version-1510-2021-03-25)+which was released on `2021-03-25` and included support for "const generics".++### Updating the minimum supported version++This library maintains support for rust compiler versions that are 5 minor versions away from the current stable rust compiler version.+For example, if the current stable compiler version is `1.50.0` then we will guarantee support up to and including `1.45.0`.+Of note, we will only update the minimum supported version if and when required.
After analyzing the provided code diff, I don't find any direct security vulnerabilities being fixed. The changes appear to be documentation updates and version bumps. Here's the analysis: 1. Vulnerability Existed: no Version Update [File] [Lines 17-18] [Old Code] rust_decimal = "1.18" rust_decimal_macros = "1.18" [Fixed Code] rust_decimal = "1.20" rust_decimal_macros = "1.20" 2. Vulnerability Existed: no Documentation Improvements [File] [Throughout] [Old Code] Various documentation sections with less organization [Fixed Code] Better organized documentation with new sections and more details 3. Vulnerability Existed: no Minimum Rust Version Update [File] [Lines 229-232] [Old Code] Minimum version 1.46.0 [Fixed Code] Minimum version 1.51.0 The changes primarily include: - Version bumps from 1.18 to 1.20 - Better organized feature documentation - Added new serde-with-* features - Updated minimum Rust version requirements - Improved documentation clarity None of these changes appear to be security-related fixes, but rather improvements in documentation, feature organization, and version requirements.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.