Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/pixel-manipulation/2d.imageData.put.unaffected.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/pixel-manipulation/2d.imageData.put.unaffected.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; ctx.fillRect(0, 0, 100, 50)@@ -32,7 +32,7 @@ ctx.translate(100, 50); ctx.scale(0.1, 0.1); ctx.putImageData(imgdata, 0, 0);-_assertPixelApprox(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255", 2);+_assertPixelApprox(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255", 2); t.done(); });
After analyzing the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely cosmetic/refactoring changes where a variable name was changed from `offscreenCanvas` to `canvas` for consistency. Here's the analysis following your requested format:
Vulnerability Existed: no
No security vulnerability found [testing/web-platform/tests/html/canvas/offscreen/pixel-manipulation/2d.imageData.put.unaffected.html] [Lines 17-18,32]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
[...]
_assertPixelApprox(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255", 2);
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
[...]
_assertPixelApprox(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255", 2);
The changes are purely variable renaming and don't affect security in any way. No known vulnerability patterns are present in either the old or new code.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-values/calc-height-table-1.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-values/calc-height-table-1.html@@ -5,7 +5,6 @@ <link rel="author" title="L. David Baron" href="https://dbaron.org/"> <link rel="help" href="http://www.w3.org/TR/css3-values/#calc-notation"> <link rel="match" href="calc-height-table-1-ref.html">- <meta name="flags" content=""> <style type="text/css"> tbody, tr, td { height: calc(500px);
Let me analyze the provided code diff for security fixes. Vulnerability Existed: no [No specific vulnerability found] [testing/web-platform/tests/css/css-values/calc-height-table-1.html] [Lines 5] [Old Code: <meta name="flags" content="">] [Fixed Code: [removed this line]] Additional Details: 1. The change simply removes a meta tag with empty flags attribute. This doesn't appear to be security-related. 2. The modification is likely part of test cleanup or standardization, not a security fix. 3. There's no indication of any security vulnerability being addressed in this change. 4. The rest of the file remains unchanged, focusing on CSS calc() function testing. No other vulnerabilities appear to be addressed in this diff. The change is minor and doesn't relate to any known security issues.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/ash/src/vk/feature_extensions.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/ash/src/vk/feature_extensions.rs@@ -1,807 +1,303 @@ use crate::vk::bitflags::*; use crate::vk::enums::*; #[doc = "Generated from 'VK_VERSION_1_1'"]+impl BufferCreateFlags {+ #[doc = "Buffer requires protected memory"]+ pub const PROTECTED: Self = Self(0b1000);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl CommandPoolCreateFlags {+ #[doc = "Command buffers allocated from pool are protected command buffers"]+ pub const PROTECTED: Self = Self(0b100);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl DependencyFlags {+ #[doc = "Dependency is across devices"]+ pub const DEVICE_GROUP: Self = Self(0b100);+ pub const VIEW_LOCAL: Self = Self(0b10);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl DeviceQueueCreateFlags {+ #[doc = "Queue is a protected-capable device queue"]+ pub const PROTECTED: Self = Self(0b1);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl Format {+ pub const G8B8G8R8_422_UNORM: Self = Self(1_000_156_000);+ pub const B8G8R8G8_422_UNORM: Self = Self(1_000_156_001);+ pub const G8_B8_R8_3PLANE_420_UNORM: Self = Self(1_000_156_002);+ pub const G8_B8R8_2PLANE_420_UNORM: Self = Self(1_000_156_003);+ pub const G8_B8_R8_3PLANE_422_UNORM: Self = Self(1_000_156_004);+ pub const G8_B8R8_2PLANE_422_UNORM: Self = Self(1_000_156_005);+ pub const G8_B8_R8_3PLANE_444_UNORM: Self = Self(1_000_156_006);+ pub const R10X6_UNORM_PACK16: Self = Self(1_000_156_007);+ pub const R10X6G10X6_UNORM_2PACK16: Self = Self(1_000_156_008);+ pub const R10X6G10X6B10X6A10X6_UNORM_4PACK16: Self = Self(1_000_156_009);+ pub const G10X6B10X6G10X6R10X6_422_UNORM_4PACK16: Self = Self(1_000_156_010);+ pub const B10X6G10X6R10X6G10X6_422_UNORM_4PACK16: Self = Self(1_000_156_011);+ pub const G10X6_B10X6_R10X6_3PLANE_420_UNORM_3PACK16: Self = Self(1_000_156_012);+ pub const G10X6_B10X6R10X6_2PLANE_420_UNORM_3PACK16: Self = Self(1_000_156_013);+ pub const G10X6_B10X6_R10X6_3PLANE_422_UNORM_3PACK16: Self = Self(1_000_156_014);+ pub const G10X6_B10X6R10X6_2PLANE_422_UNORM_3PACK16: Self = Self(1_000_156_015);+ pub const G10X6_B10X6_R10X6_3PLANE_444_UNORM_3PACK16: Self = Self(1_000_156_016);+ pub const R12X4_UNORM_PACK16: Self = Self(1_000_156_017);+ pub const R12X4G12X4_UNORM_2PACK16: Self = Self(1_000_156_018);+ pub const R12X4G12X4B12X4A12X4_UNORM_4PACK16: Self = Self(1_000_156_019);+ pub const G12X4B12X4G12X4R12X4_422_UNORM_4PACK16: Self = Self(1_000_156_020);+ pub const B12X4G12X4R12X4G12X4_422_UNORM_4PACK16: Self = Self(1_000_156_021);+ pub const G12X4_B12X4_R12X4_3PLANE_420_UNORM_3PACK16: Self = Self(1_000_156_022);+ pub const G12X4_B12X4R12X4_2PLANE_420_UNORM_3PACK16: Self = Self(1_000_156_023);+ pub const G12X4_B12X4_R12X4_3PLANE_422_UNORM_3PACK16: Self = Self(1_000_156_024);+ pub const G12X4_B12X4R12X4_2PLANE_422_UNORM_3PACK16: Self = Self(1_000_156_025);+ pub const G12X4_B12X4_R12X4_3PLANE_444_UNORM_3PACK16: Self = Self(1_000_156_026);+ pub const G16B16G16R16_422_UNORM: Self = Self(1_000_156_027);+ pub const B16G16R16G16_422_UNORM: Self = Self(1_000_156_028);+ pub const G16_B16_R16_3PLANE_420_UNORM: Self = Self(1_000_156_029);+ pub const G16_B16R16_2PLANE_420_UNORM: Self = Self(1_000_156_030);+ pub const G16_B16_R16_3PLANE_422_UNORM: Self = Self(1_000_156_031);+ pub const G16_B16R16_2PLANE_422_UNORM: Self = Self(1_000_156_032);+ pub const G16_B16_R16_3PLANE_444_UNORM: Self = Self(1_000_156_033);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl FormatFeatureFlags {+ #[doc = "Format can be used as the source image of image transfer commands"]+ pub const TRANSFER_SRC: Self = Self(0b100_0000_0000_0000);+ #[doc = "Format can be used as the destination image of image transfer commands"]+ pub const TRANSFER_DST: Self = Self(0b1000_0000_0000_0000);+ #[doc = "Format can have midpoint rather than cosited chroma samples"]+ pub const MIDPOINT_CHROMA_SAMPLES: Self = Self(0b10_0000_0000_0000_0000);+ #[doc = "Format can be used with linear filtering whilst color conversion is enabled"]+ pub const SAMPLED_IMAGE_YCBCR_CONVERSION_LINEAR_FILTER: Self = Self(0b100_0000_0000_0000_0000);+ #[doc = "Format can have different chroma, min and mag filters"]+ pub const SAMPLED_IMAGE_YCBCR_CONVERSION_SEPARATE_RECONSTRUCTION_FILTER: Self =+ Self(0b1000_0000_0000_0000_0000);+ pub const SAMPLED_IMAGE_YCBCR_CONVERSION_CHROMA_RECONSTRUCTION_EXPLICIT: Self =+ Self(0b1_0000_0000_0000_0000_0000);+ pub const SAMPLED_IMAGE_YCBCR_CONVERSION_CHROMA_RECONSTRUCTION_EXPLICIT_FORCEABLE: Self =+ Self(0b10_0000_0000_0000_0000_0000);+ #[doc = "Format supports disjoint planes"]+ pub const DISJOINT: Self = Self(0b100_0000_0000_0000_0000_0000);+ #[doc = "Format can have cosited rather than midpoint chroma samples"]+ pub const COSITED_CHROMA_SAMPLES: Self = Self(0b1000_0000_0000_0000_0000_0000);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl ImageAspectFlags {+ pub const PLANE_0: Self = Self(0b1_0000);+ pub const PLANE_1: Self = Self(0b10_0000);+ pub const PLANE_2: Self = Self(0b100_0000);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl ImageCreateFlags {+ pub const ALIAS: Self = Self(0b100_0000_0000);+ #[doc = "Allows using VkBindImageMemoryDeviceGroupInfo::pSplitInstanceBindRegions when binding memory to the image"]+ pub const SPLIT_INSTANCE_BIND_REGIONS: Self = Self(0b100_0000);+ #[doc = "The 3D image can be viewed as a 2D or 2D array image"]+ pub const TYPE_2D_ARRAY_COMPATIBLE: Self = Self(0b10_0000);+ pub const BLOCK_TEXEL_VIEW_COMPATIBLE: Self = Self(0b1000_0000);+ pub const EXTENDED_USAGE: Self = Self(0b1_0000_0000);+ #[doc = "Image requires protected memory"]+ pub const PROTECTED: Self = Self(0b1000_0000_0000);+ pub const DISJOINT: Self = Self(0b10_0000_0000);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl ImageLayout {+ pub const DEPTH_READ_ONLY_STENCIL_ATTACHMENT_OPTIMAL: Self = Self(1_000_117_000);+ pub const DEPTH_ATTACHMENT_STENCIL_READ_ONLY_OPTIMAL: Self = Self(1_000_117_001);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl MemoryHeapFlags {+ #[doc = "If set, heap allocations allocate multiple instances by default"]+ pub const MULTI_INSTANCE: Self = Self(0b10);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl MemoryPropertyFlags {+ #[doc = "Memory is protected"]+ pub const PROTECTED: Self = Self(0b10_0000);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl ObjectType {+ pub const SAMPLER_YCBCR_CONVERSION: Self = Self(1_000_156_000);+ pub const DESCRIPTOR_UPDATE_TEMPLATE: Self = Self(1_000_085_000);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl PipelineCreateFlags {+ pub const VIEW_INDEX_FROM_DEVICE_INDEX: Self = Self(0b1000);+ pub const DISPATCH_BASE: Self = Self(0b1_0000);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl QueueFlags {+ #[doc = "Queues may support protected operations"]+ pub const PROTECTED: Self = Self(0b1_0000);+}+#[doc = "Generated from 'VK_VERSION_1_1'"]+impl Result {+ pub const ERROR_OUT_OF_POOL_MEMORY: Self = Self(-1_000_069_000);+ pub const ERROR_INVALID_EXTERNAL_HANDLE: Self = Self(-1_000_072_003);+}+#[doc = "Generated from 'VK_VERSION_1_1'"] impl StructureType { pub const PHYSICAL_DEVICE_SUBGROUP_PROPERTIES: Self = Self(1_000_094_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const BIND_BUFFER_MEMORY_INFO: Self = Self(1_000_157_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const BIND_IMAGE_MEMORY_INFO: Self = Self(1_000_157_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ImageCreateFlags {- pub const ALIAS: Self = Self(0b100_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_16BIT_STORAGE_FEATURES: Self = Self(1_000_083_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const MEMORY_DEDICATED_REQUIREMENTS: Self = Self(1_000_127_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const MEMORY_DEDICATED_ALLOCATE_INFO: Self = Self(1_000_127_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const MEMORY_ALLOCATE_FLAGS_INFO: Self = Self(1_000_060_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const DEVICE_GROUP_RENDER_PASS_BEGIN_INFO: Self = Self(1_000_060_003);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const DEVICE_GROUP_COMMAND_BUFFER_BEGIN_INFO: Self = Self(1_000_060_004);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const DEVICE_GROUP_SUBMIT_INFO: Self = Self(1_000_060_005);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const DEVICE_GROUP_BIND_SPARSE_INFO: Self = Self(1_000_060_006);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl PipelineCreateFlags {- pub const VIEW_INDEX_FROM_DEVICE_INDEX: Self = Self(0b1000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl PipelineCreateFlags {- pub const DISPATCH_BASE: Self = Self(0b1_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl DependencyFlags {- pub const DEVICE_GROUP: Self = Self(0b100);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const BIND_BUFFER_MEMORY_DEVICE_GROUP_INFO: Self = Self(1_000_060_013);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const BIND_IMAGE_MEMORY_DEVICE_GROUP_INFO: Self = Self(1_000_060_014);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ImageCreateFlags {- pub const SPLIT_INSTANCE_BIND_REGIONS: Self = Self(0b100_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_GROUP_PROPERTIES: Self = Self(1_000_070_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const DEVICE_GROUP_DEVICE_CREATE_INFO: Self = Self(1_000_070_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl MemoryHeapFlags {- pub const MULTI_INSTANCE: Self = Self(0b10);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const BUFFER_MEMORY_REQUIREMENTS_INFO_2: Self = Self(1_000_146_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const IMAGE_MEMORY_REQUIREMENTS_INFO_2: Self = Self(1_000_146_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const IMAGE_SPARSE_MEMORY_REQUIREMENTS_INFO_2: Self = Self(1_000_146_002);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const MEMORY_REQUIREMENTS_2: Self = Self(1_000_146_003);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const SPARSE_IMAGE_MEMORY_REQUIREMENTS_2: Self = Self(1_000_146_004);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_FEATURES_2: Self = Self(1_000_059_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_PROPERTIES_2: Self = Self(1_000_059_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const FORMAT_PROPERTIES_2: Self = Self(1_000_059_002);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const IMAGE_FORMAT_PROPERTIES_2: Self = Self(1_000_059_003);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_IMAGE_FORMAT_INFO_2: Self = Self(1_000_059_004);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const QUEUE_FAMILY_PROPERTIES_2: Self = Self(1_000_059_005);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_MEMORY_PROPERTIES_2: Self = Self(1_000_059_006);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const SPARSE_IMAGE_FORMAT_PROPERTIES_2: Self = Self(1_000_059_007);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_SPARSE_IMAGE_FORMAT_INFO_2: Self = Self(1_000_059_008);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Result {- pub const ERROR_OUT_OF_POOL_MEMORY: Self = Self(-1000069000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl FormatFeatureFlags {- pub const TRANSFER_SRC: Self = Self(0b100_0000_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl FormatFeatureFlags {- pub const TRANSFER_DST: Self = Self(0b1000_0000_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ImageCreateFlags {- pub const TYPE_2D_ARRAY_COMPATIBLE: Self = Self(0b10_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ImageCreateFlags {- pub const BLOCK_TEXEL_VIEW_COMPATIBLE: Self = Self(0b1000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ImageCreateFlags {- pub const EXTENDED_USAGE: Self = Self(0b1_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_POINT_CLIPPING_PROPERTIES: Self = Self(1_000_117_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const RENDER_PASS_INPUT_ATTACHMENT_ASPECT_CREATE_INFO: Self = Self(1_000_117_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const IMAGE_VIEW_USAGE_CREATE_INFO: Self = Self(1_000_117_002);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PIPELINE_TESSELLATION_DOMAIN_ORIGIN_STATE_CREATE_INFO: Self = Self(1_000_117_003);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ImageLayout {- pub const DEPTH_READ_ONLY_STENCIL_ATTACHMENT_OPTIMAL: Self = Self(1_000_117_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ImageLayout {- pub const DEPTH_ATTACHMENT_STENCIL_READ_ONLY_OPTIMAL: Self = Self(1_000_117_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const RENDER_PASS_MULTIVIEW_CREATE_INFO: Self = Self(1_000_053_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_MULTIVIEW_FEATURES: Self = Self(1_000_053_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_MULTIVIEW_PROPERTIES: Self = Self(1_000_053_002);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl DependencyFlags {- pub const VIEW_LOCAL: Self = Self(0b10);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_VARIABLE_POINTERS_FEATURES: Self = Self(1_000_120_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_VARIABLE_POINTER_FEATURES: Self = Self::PHYSICAL_DEVICE_VARIABLE_POINTERS_FEATURES;-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PROTECTED_SUBMIT_INFO: Self = Self(1_000_145_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_PROTECTED_MEMORY_FEATURES: Self = Self(1_000_145_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_PROTECTED_MEMORY_PROPERTIES: Self = Self(1_000_145_002);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const DEVICE_QUEUE_INFO_2: Self = Self(1_000_145_003);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl QueueFlags {- pub const PROTECTED: Self = Self(0b1_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl DeviceQueueCreateFlags {- pub const PROTECTED: Self = Self(0b1);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl MemoryPropertyFlags {- pub const PROTECTED: Self = Self(0b10_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl BufferCreateFlags {- pub const PROTECTED: Self = Self(0b1000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ImageCreateFlags {- pub const PROTECTED: Self = Self(0b1000_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl CommandPoolCreateFlags {- pub const PROTECTED: Self = Self(0b100);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const SAMPLER_YCBCR_CONVERSION_CREATE_INFO: Self = Self(1_000_156_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const SAMPLER_YCBCR_CONVERSION_INFO: Self = Self(1_000_156_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const BIND_IMAGE_PLANE_MEMORY_INFO: Self = Self(1_000_156_002);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const IMAGE_PLANE_MEMORY_REQUIREMENTS_INFO: Self = Self(1_000_156_003);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_SAMPLER_YCBCR_CONVERSION_FEATURES: Self = Self(1_000_156_004);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const SAMPLER_YCBCR_CONVERSION_IMAGE_FORMAT_PROPERTIES: Self = Self(1_000_156_005);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ObjectType {- pub const SAMPLER_YCBCR_CONVERSION: Self = Self(1_000_156_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G8B8G8R8_422_UNORM: Self = Self(1_000_156_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const B8G8R8G8_422_UNORM: Self = Self(1_000_156_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G8_B8_R8_3PLANE_420_UNORM: Self = Self(1_000_156_002);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G8_B8R8_2PLANE_420_UNORM: Self = Self(1_000_156_003);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G8_B8_R8_3PLANE_422_UNORM: Self = Self(1_000_156_004);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G8_B8R8_2PLANE_422_UNORM: Self = Self(1_000_156_005);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G8_B8_R8_3PLANE_444_UNORM: Self = Self(1_000_156_006);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const R10X6_UNORM_PACK16: Self = Self(1_000_156_007);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const R10X6G10X6_UNORM_2PACK16: Self = Self(1_000_156_008);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const R10X6G10X6B10X6A10X6_UNORM_4PACK16: Self = Self(1_000_156_009);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G10X6B10X6G10X6R10X6_422_UNORM_4PACK16: Self = Self(1_000_156_010);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const B10X6G10X6R10X6G10X6_422_UNORM_4PACK16: Self = Self(1_000_156_011);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G10X6_B10X6_R10X6_3PLANE_420_UNORM_3PACK16: Self = Self(1_000_156_012);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G10X6_B10X6R10X6_2PLANE_420_UNORM_3PACK16: Self = Self(1_000_156_013);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G10X6_B10X6_R10X6_3PLANE_422_UNORM_3PACK16: Self = Self(1_000_156_014);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G10X6_B10X6R10X6_2PLANE_422_UNORM_3PACK16: Self = Self(1_000_156_015);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G10X6_B10X6_R10X6_3PLANE_444_UNORM_3PACK16: Self = Self(1_000_156_016);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const R12X4_UNORM_PACK16: Self = Self(1_000_156_017);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const R12X4G12X4_UNORM_2PACK16: Self = Self(1_000_156_018);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const R12X4G12X4B12X4A12X4_UNORM_4PACK16: Self = Self(1_000_156_019);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G12X4B12X4G12X4R12X4_422_UNORM_4PACK16: Self = Self(1_000_156_020);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const B12X4G12X4R12X4G12X4_422_UNORM_4PACK16: Self = Self(1_000_156_021);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G12X4_B12X4_R12X4_3PLANE_420_UNORM_3PACK16: Self = Self(1_000_156_022);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G12X4_B12X4R12X4_2PLANE_420_UNORM_3PACK16: Self = Self(1_000_156_023);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G12X4_B12X4_R12X4_3PLANE_422_UNORM_3PACK16: Self = Self(1_000_156_024);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G12X4_B12X4R12X4_2PLANE_422_UNORM_3PACK16: Self = Self(1_000_156_025);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G12X4_B12X4_R12X4_3PLANE_444_UNORM_3PACK16: Self = Self(1_000_156_026);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G16B16G16R16_422_UNORM: Self = Self(1_000_156_027);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const B16G16R16G16_422_UNORM: Self = Self(1_000_156_028);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G16_B16_R16_3PLANE_420_UNORM: Self = Self(1_000_156_029);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G16_B16R16_2PLANE_420_UNORM: Self = Self(1_000_156_030);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G16_B16_R16_3PLANE_422_UNORM: Self = Self(1_000_156_031);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G16_B16R16_2PLANE_422_UNORM: Self = Self(1_000_156_032);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Format {- pub const G16_B16_R16_3PLANE_444_UNORM: Self = Self(1_000_156_033);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ImageAspectFlags {- pub const PLANE_0: Self = Self(0b1_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ImageAspectFlags {- pub const PLANE_1: Self = Self(0b10_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ImageAspectFlags {- pub const PLANE_2: Self = Self(0b100_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ImageCreateFlags {- pub const DISJOINT: Self = Self(0b10_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl FormatFeatureFlags {- pub const MIDPOINT_CHROMA_SAMPLES: Self = Self(0b10_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl FormatFeatureFlags {- pub const SAMPLED_IMAGE_YCBCR_CONVERSION_LINEAR_FILTER: Self = Self(0b100_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl FormatFeatureFlags {- pub const SAMPLED_IMAGE_YCBCR_CONVERSION_SEPARATE_RECONSTRUCTION_FILTER: Self =- Self(0b1000_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl FormatFeatureFlags {- pub const SAMPLED_IMAGE_YCBCR_CONVERSION_CHROMA_RECONSTRUCTION_EXPLICIT: Self =- Self(0b1_0000_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl FormatFeatureFlags {- pub const SAMPLED_IMAGE_YCBCR_CONVERSION_CHROMA_RECONSTRUCTION_EXPLICIT_FORCEABLE: Self =- Self(0b10_0000_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl FormatFeatureFlags {- pub const DISJOINT: Self = Self(0b100_0000_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl FormatFeatureFlags {- pub const COSITED_CHROMA_SAMPLES: Self = Self(0b1000_0000_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const DESCRIPTOR_UPDATE_TEMPLATE_CREATE_INFO: Self = Self(1_000_085_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl ObjectType {- pub const DESCRIPTOR_UPDATE_TEMPLATE: Self = Self(1_000_085_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_EXTERNAL_IMAGE_FORMAT_INFO: Self = Self(1_000_071_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const EXTERNAL_IMAGE_FORMAT_PROPERTIES: Self = Self(1_000_071_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_EXTERNAL_BUFFER_INFO: Self = Self(1_000_071_002);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const EXTERNAL_BUFFER_PROPERTIES: Self = Self(1_000_071_003);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_ID_PROPERTIES: Self = Self(1_000_071_004);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const EXTERNAL_MEMORY_BUFFER_CREATE_INFO: Self = Self(1_000_072_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const EXTERNAL_MEMORY_IMAGE_CREATE_INFO: Self = Self(1_000_072_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const EXPORT_MEMORY_ALLOCATE_INFO: Self = Self(1_000_072_002);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl Result {- pub const ERROR_INVALID_EXTERNAL_HANDLE: Self = Self(-1000072003);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_EXTERNAL_FENCE_INFO: Self = Self(1_000_112_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const EXTERNAL_FENCE_PROPERTIES: Self = Self(1_000_112_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const EXPORT_FENCE_CREATE_INFO: Self = Self(1_000_113_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const EXPORT_SEMAPHORE_CREATE_INFO: Self = Self(1_000_077_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_EXTERNAL_SEMAPHORE_INFO: Self = Self(1_000_076_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const EXTERNAL_SEMAPHORE_PROPERTIES: Self = Self(1_000_076_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_MAINTENANCE_3_PROPERTIES: Self = Self(1_000_168_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const DESCRIPTOR_SET_LAYOUT_SUPPORT: Self = Self(1_000_168_001);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_SHADER_DRAW_PARAMETERS_FEATURES: Self = Self(1_000_063_000);-}-#[doc = "Generated from 'VK_VERSION_1_1'"]-impl StructureType { pub const PHYSICAL_DEVICE_SHADER_DRAW_PARAMETER_FEATURES: Self = Self::PHYSICAL_DEVICE_SHADER_DRAW_PARAMETERS_FEATURES; } #[doc = "Generated from 'VK_VERSION_1_2'"]+impl BufferCreateFlags {+ pub const DEVICE_ADDRESS_CAPTURE_REPLAY: Self = Self(0b1_0000);+}+#[doc = "Generated from 'VK_VERSION_1_2'"]+impl BufferUsageFlags {+ pub const SHADER_DEVICE_ADDRESS: Self = Self(0b10_0000_0000_0000_0000);+}+#[doc = "Generated from 'VK_VERSION_1_2'"]+impl DescriptorPoolCreateFlags {+ pub const UPDATE_AFTER_BIND: Self = Self(0b10);+}+#[doc = "Generated from 'VK_VERSION_1_2'"]+impl DescriptorSetLayoutCreateFlags {+ pub const UPDATE_AFTER_BIND_POOL: Self = Self(0b10);+}+#[doc = "Generated from 'VK_VERSION_1_2'"]+impl FormatFeatureFlags {+ #[doc = "Format can be used with min/max reduction filtering"]+ pub const SAMPLED_IMAGE_FILTER_MINMAX: Self = Self(0b1_0000_0000_0000_0000);+}+#[doc = "Generated from 'VK_VERSION_1_2'"]+impl FramebufferCreateFlags {+ pub const IMAGELESS: Self = Self(0b1);+}+#[doc = "Generated from 'VK_VERSION_1_2'"]+impl ImageLayout {+ pub const DEPTH_ATTACHMENT_OPTIMAL: Self = Self(1_000_241_000);+ pub const DEPTH_READ_ONLY_OPTIMAL: Self = Self(1_000_241_001);+ pub const STENCIL_ATTACHMENT_OPTIMAL: Self = Self(1_000_241_002);+ pub const STENCIL_READ_ONLY_OPTIMAL: Self = Self(1_000_241_003);+}+#[doc = "Generated from 'VK_VERSION_1_2'"]+impl MemoryAllocateFlags {+ pub const DEVICE_ADDRESS: Self = Self(0b10);+ pub const DEVICE_ADDRESS_CAPTURE_REPLAY: Self = Self(0b100);+}+#[doc = "Generated from 'VK_VERSION_1_2'"]+impl Result {+ pub const ERROR_FRAGMENTATION: Self = Self(-1_000_161_000);+ pub const ERROR_INVALID_OPAQUE_CAPTURE_ADDRESS: Self = Self(-1_000_257_000);+}+#[doc = "Generated from 'VK_VERSION_1_2'"] impl StructureType { pub const PHYSICAL_DEVICE_VULKAN_1_1_FEATURES: Self = Self(49);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_VULKAN_1_1_PROPERTIES: Self = Self(50);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_VULKAN_1_2_FEATURES: Self = Self(51);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_VULKAN_1_2_PROPERTIES: Self = Self(52);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const IMAGE_FORMAT_LIST_CREATE_INFO: Self = Self(1_000_147_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const ATTACHMENT_DESCRIPTION_2: Self = Self(1_000_109_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const ATTACHMENT_REFERENCE_2: Self = Self(1_000_109_001);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const SUBPASS_DESCRIPTION_2: Self = Self(1_000_109_002);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const SUBPASS_DEPENDENCY_2: Self = Self(1_000_109_003);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const RENDER_PASS_CREATE_INFO_2: Self = Self(1_000_109_004);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const SUBPASS_BEGIN_INFO: Self = Self(1_000_109_005);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const SUBPASS_END_INFO: Self = Self(1_000_109_006);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_8BIT_STORAGE_FEATURES: Self = Self(1_000_177_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_DRIVER_PROPERTIES: Self = Self(1_000_196_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_SHADER_ATOMIC_INT64_FEATURES: Self = Self(1_000_180_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_SHADER_FLOAT16_INT8_FEATURES: Self = Self(1_000_082_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_FLOAT_CONTROLS_PROPERTIES: Self = Self(1_000_197_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const DESCRIPTOR_SET_LAYOUT_BINDING_FLAGS_CREATE_INFO: Self = Self(1_000_161_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_DESCRIPTOR_INDEXING_FEATURES: Self = Self(1_000_161_001);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_DESCRIPTOR_INDEXING_PROPERTIES: Self = Self(1_000_161_002);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const DESCRIPTOR_SET_VARIABLE_DESCRIPTOR_COUNT_ALLOCATE_INFO: Self = Self(1_000_161_003);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const DESCRIPTOR_SET_VARIABLE_DESCRIPTOR_COUNT_LAYOUT_SUPPORT: Self = Self(1_000_161_004);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl DescriptorPoolCreateFlags {- pub const UPDATE_AFTER_BIND: Self = Self(0b10);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl DescriptorSetLayoutCreateFlags {- pub const UPDATE_AFTER_BIND_POOL: Self = Self(0b10);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl Result {- pub const ERROR_FRAGMENTATION: Self = Self(-1000161000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_DEPTH_STENCIL_RESOLVE_PROPERTIES: Self = Self(1_000_199_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const SUBPASS_DESCRIPTION_DEPTH_STENCIL_RESOLVE: Self = Self(1_000_199_001);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_SCALAR_BLOCK_LAYOUT_FEATURES: Self = Self(1_000_221_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const IMAGE_STENCIL_USAGE_CREATE_INFO: Self = Self(1_000_246_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_SAMPLER_FILTER_MINMAX_PROPERTIES: Self = Self(1_000_130_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const SAMPLER_REDUCTION_MODE_CREATE_INFO: Self = Self(1_000_130_001);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl FormatFeatureFlags {- pub const SAMPLED_IMAGE_FILTER_MINMAX: Self = Self(0b1_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_VULKAN_MEMORY_MODEL_FEATURES: Self = Self(1_000_211_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_IMAGELESS_FRAMEBUFFER_FEATURES: Self = Self(1_000_108_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const FRAMEBUFFER_ATTACHMENTS_CREATE_INFO: Self = Self(1_000_108_001);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const FRAMEBUFFER_ATTACHMENT_IMAGE_INFO: Self = Self(1_000_108_002);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const RENDER_PASS_ATTACHMENT_BEGIN_INFO: Self = Self(1_000_108_003);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl FramebufferCreateFlags {- pub const IMAGELESS: Self = Self(0b1);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_UNIFORM_BUFFER_STANDARD_LAYOUT_FEATURES: Self = Self(1_000_253_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_SHADER_SUBGROUP_EXTENDED_TYPES_FEATURES: Self = Self(1_000_175_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_SEPARATE_DEPTH_STENCIL_LAYOUTS_FEATURES: Self = Self(1_000_241_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const ATTACHMENT_REFERENCE_STENCIL_LAYOUT: Self = Self(1_000_241_001);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const ATTACHMENT_DESCRIPTION_STENCIL_LAYOUT: Self = Self(1_000_241_002);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl ImageLayout {- pub const DEPTH_ATTACHMENT_OPTIMAL: Self = Self(1_000_241_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl ImageLayout {- pub const DEPTH_READ_ONLY_OPTIMAL: Self = Self(1_000_241_001);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl ImageLayout {- pub const STENCIL_ATTACHMENT_OPTIMAL: Self = Self(1_000_241_002);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl ImageLayout {- pub const STENCIL_READ_ONLY_OPTIMAL: Self = Self(1_000_241_003);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_HOST_QUERY_RESET_FEATURES: Self = Self(1_000_261_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_TIMELINE_SEMAPHORE_FEATURES: Self = Self(1_000_207_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_TIMELINE_SEMAPHORE_PROPERTIES: Self = Self(1_000_207_001);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const SEMAPHORE_TYPE_CREATE_INFO: Self = Self(1_000_207_002);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const TIMELINE_SEMAPHORE_SUBMIT_INFO: Self = Self(1_000_207_003);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const SEMAPHORE_WAIT_INFO: Self = Self(1_000_207_004);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const SEMAPHORE_SIGNAL_INFO: Self = Self(1_000_207_005);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const PHYSICAL_DEVICE_BUFFER_DEVICE_ADDRESS_FEATURES: Self = Self(1_000_257_000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const BUFFER_DEVICE_ADDRESS_INFO: Self = Self(1_000_244_001);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const BUFFER_OPAQUE_CAPTURE_ADDRESS_CREATE_INFO: Self = Self(1_000_257_002);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const MEMORY_OPAQUE_CAPTURE_ADDRESS_ALLOCATE_INFO: Self = Self(1_000_257_003);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl StructureType { pub const DEVICE_MEMORY_OPAQUE_CAPTURE_ADDRESS_INFO: Self = Self(1_000_257_004); }-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl BufferUsageFlags {- pub const SHADER_DEVICE_ADDRESS: Self = Self(0b10_0000_0000_0000_0000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl BufferCreateFlags {- pub const DEVICE_ADDRESS_CAPTURE_REPLAY: Self = Self(0b1_0000);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl MemoryAllocateFlags {- pub const DEVICE_ADDRESS: Self = Self(0b10);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl MemoryAllocateFlags {- pub const DEVICE_ADDRESS_CAPTURE_REPLAY: Self = Self(0b100);-}-#[doc = "Generated from 'VK_VERSION_1_2'"]-impl Result {- pub const ERROR_INVALID_OPAQUE_CAPTURE_ADDRESS: Self = Self(-1000257000);-}
After analyzing the provided code diff, I don't find any clear security vulnerabilities being fixed. The changes appear to be primarily structural reorganizations and additions of Vulkan API constants and flags. Here's my analysis: 1. Vulnerability Existed: no [Code Reorganization] [third_party/rust/ash/src/vk/feature_extensions.rs] [Various] [Old Code: Multiple separate impl blocks for same types] [Fixed Code: Consolidated impl blocks for each type] 2. Vulnerability Existed: no [Constant Value Formatting] [third_party/rust/ash/src/vk/feature_extensions.rs] [Various] [Old Code: Some numeric constants without separators (e.g. -1000069000)] [Fixed Code: Numeric constants with separators (e.g. -1_000_069_000)] 3. Vulnerability Existed: no [New Feature Additions] [third_party/rust/ash/src/vk/feature_extensions.rs] [Various] [Old Code: Missing some Vulkan 1.1 and 1.2 feature flags] [Fixed Code: Added missing feature flags and constants] The changes appear to be: 1. Code organization improvements by consolidating implementation blocks 2. Formatting improvements for numeric constants 3. Addition of new Vulkan API constants and flags No security vulnerabilities were identified in these changes. The modifications seem focused on code maintainability and completeness of Vulkan API support rather than security fixes.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/drawing-images-to-the-canvas/2d.drawImage.9arg.sourcesize.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/drawing-images-to-the-canvas/2d.drawImage.9arg.sourcesize.html@@ -18,8 +18,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -38,14 +38,14 @@ ctx.fillStyle = '#0f0'; ctx.fillRect(0, 0, 51, 26); ctx.fillRect(49, 24, 51, 26);- _assertPixelApprox(offscreenCanvas, 0,0, 0,255,0,255, "0,0", "0,255,0,255", 2);- _assertPixelApprox(offscreenCanvas, 99,0, 0,255,0,255, "99,0", "0,255,0,255", 2);- _assertPixelApprox(offscreenCanvas, 0,49, 0,255,0,255, "0,49", "0,255,0,255", 2);- _assertPixelApprox(offscreenCanvas, 99,49, 0,255,0,255, "99,49", "0,255,0,255", 2);- _assertPixelApprox(offscreenCanvas, 20,20, 0,255,0,255, "20,20", "0,255,0,255", 2);- _assertPixelApprox(offscreenCanvas, 80,20, 0,255,0,255, "80,20", "0,255,0,255", 2);- _assertPixelApprox(offscreenCanvas, 20,30, 0,255,0,255, "20,30", "0,255,0,255", 2);- _assertPixelApprox(offscreenCanvas, 80,30, 0,255,0,255, "80,30", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 0,0, 0,255,0,255, "0,0", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 99,0, 0,255,0,255, "99,0", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 0,49, 0,255,0,255, "0,49", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 99,49, 0,255,0,255, "99,49", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 20,20, 0,255,0,255, "20,20", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 80,20, 0,255,0,255, "80,20", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 20,30, 0,255,0,255, "20,30", "0,255,0,255", 2);+ _assertPixelApprox(canvas, 80,30, 0,255,0,255, "80,30", "0,255,0,255", 2); }, t_fail); }).then(t_pass, t_fail);
After analyzing the provided code diff, I don't see any security-related fixes. The changes appear to be purely variable renaming (from `offscreenCanvas` to `canvas`) and updating all references to this variable accordingly. Here's the structured response:
Vulnerability Existed: no
[No security vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/drawing-images-to-the-canvas/2d.drawImage.9arg.sourcesize.html] [Lines 18-38]
[Old Code: var offscreenCanvas = new OffscreenCanvas(100, 50); var ctx = offscreenCanvas.getContext('2d'); ... _assertPixelApprox(offscreenCanvas, ...)]
[Fixed Code: var canvas = new OffscreenCanvas(100, 50); var ctx = canvas.getContext('2d'); ... _assertPixelApprox(canvas, ...)]
The changes are purely cosmetic/refactoring in nature and don't address any security issues. The functionality remains identical, only the variable name has been changed for consistency or clarity.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/js/src/vm/JSScript.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/js/src/vm/JSScript.cpp@@ -182,25 +182,18 @@ } void js::BaseScript::swapData(UniquePtr<PrivateScriptData>& other) {- PrivateScriptData* tmp = other.release();- if (data_) {- // When disconnecting script data from the BaseScript, we must pre-barrier- // all edges contained in it. Those edges are no longer reachable from- // current location in the graph.- PreWriteBarrier(zone(), data_);- RemoveCellMemory(this, data_->allocationSize(), MemoryUse::ScriptPrivateData); }- std::swap(tmp, data_);+ PrivateScriptData* old = data_;+ data_.set(zone(), other.release());+ other.reset(old); if (data_) { AddCellMemory(this, data_->allocationSize(), MemoryUse::ScriptPrivateData); }-- other.reset(tmp); } js::Scope* js::BaseScript::enclosingScope() const {@@ -763,7 +756,19 @@ return true; }- return gFilenameValidationCallback(cx, filename);+ if (gFilenameValidationCallback(cx, filename)) {+ return true;+ }++ const char* utf8Filename;+ if (mozilla::IsUtf8(mozilla::MakeStringSpan(filename))) {+ utf8Filename = filename;+ } else {+ utf8Filename = "(invalid UTF-8 filename)";+ }+ JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_UNSAFE_FILENAME,+ utf8Filename);+ return false; } /* static */@@ -1078,28 +1083,31 @@ } template <typename Unit>-void ScriptSource::performDelayedConvertToCompressedSource() {+void ScriptSource::performDelayedConvertToCompressedSource(+ ExclusiveData<ReaderInstances>::Guard& g) { // There might not be a conversion to compressed source happening at all.- if (pendingCompressed_.empty()) {+ if (g->pendingCompressed.empty()) { return; } CompressedData<Unit>& pending =- pendingCompressed_.ref<CompressedData<Unit>>();+ g->pendingCompressed.ref<CompressedData<Unit>>(); convertToCompressedSource<Unit>(std::move(pending.raw), pending.uncompressedLength);- pendingCompressed_.destroy();+ g->pendingCompressed.destroy(); } template <typename Unit> ScriptSource::PinnedUnits<Unit>::~PinnedUnits() { if (units_) {- MOZ_ASSERT(*stack_ == this);- *stack_ = prev_;- if (!prev_) {- source_->performDelayedConvertToCompressedSource<Unit>();+ // Note: We use a Mutex with Exclusive access, such that no PinnedUnits+ // instance is live while we are compressing the source.+ auto guard = source_->readers_.lock();+ MOZ_ASSERT(guard->count > 0);+ if (--guard->count) {+ source_->performDelayedConvertToCompressedSource<Unit>(guard); } } }@@ -1219,9 +1227,8 @@ units_ = source->units<Unit>(cx, holder, begin, len); if (units_) {- stack_ = &source->pinnedUnitsStack_;- prev_ = *stack_;- *stack_ = this;+ auto guard = source->readers_.lock();+ guard->count++; } }@@ -1431,17 +1438,21 @@ // If units aren't pinned -- and they probably won't be, we'd have to have a // GC in the small window of time where a |PinnedUnits| was live -- then we // can immediately convert.- if (MOZ_LIKELY(!pinnedUnitsStack_)) {- convertToCompressedSource<Unit>(std::move(compressed), uncompressedLength);- return;- }-- // Otherwise, set aside the compressed-data info. The conversion is performed- // when the last |PinnedUnits| dies.- MOZ_ASSERT(pendingCompressed_.empty(),- "shouldn't be multiple conversions happening");- pendingCompressed_.construct<CompressedData<Unit>>(std::move(compressed),- uncompressedLength);+ {+ auto guard = readers_.lock();+ if (MOZ_LIKELY(!guard->count)) {+ convertToCompressedSource<Unit>(std::move(compressed),+ uncompressedLength);+ return;+ }++ // Otherwise, set aside the compressed-data info. The conversion is+ // performed when the last |PinnedUnits| dies.+ MOZ_ASSERT(guard->pendingCompressed.empty(),+ "shouldn't be multiple conversions happening");+ guard->pendingCompressed.construct<CompressedData<Unit>>(+ std::move(compressed), uncompressedLength);+ } } template <typename Unit>@@ -1458,10 +1469,16 @@ return false; }- MOZ_ASSERT(pinnedUnitsStack_ == nullptr,- "shouldn't be initializing a ScriptSource while its characters "- "are pinned -- that only makes sense with a ScriptSource actively "- "being inspected");+#ifdef DEBUG+ {+ auto guard = readers_.lock();+ MOZ_ASSERT(+ guard->count == 0,+ "shouldn't be initializing a ScriptSource while its characters "+ "are pinned -- that only makes sense with a ScriptSource actively "+ "being inspected");+ }+#endif data = SourceType(Compressed<Unit, SourceRetrievable::No>(std::move(deduped), sourceLength));@@ -1681,8 +1698,13 @@ RunPendingSourceCompressions(cx->runtime()); ScriptSource* ss = script->scriptSource();- MOZ_ASSERT(!ss->pinnedUnitsStack_,- "can't synchronously compress while source units are in use");+#ifdef DEBUG+ {+ auto guard = ss->readers_.lock();+ MOZ_ASSERT(guard->count == 0,+ "can't synchronously compress while source units are in use");+ }+#endif // In principle a previously-triggered compression on a helper thread could // have already completed. If that happens, there's nothing more to do.@@ -2107,11 +2129,9 @@ js::Scope* scope = enclosingScope(); UniquePtr<PrivateScriptData> scriptData;-#ifndef JS_CODEGEN_NONE // Any JIT compiles should have been released, so we already point to the // interpreter trampoline which supports lazy scripts.- MOZ_ASSERT(isUsingInterpreterTrampoline(rt));-#endif+ MOZ_ASSERT_IF(jit::HasJitBackend(), isUsingInterpreterTrampoline(rt)); // Without bytecode, the script counts are invalid so destroy them if they // still exist.@@ -2358,11 +2378,10 @@ // here will be released by the UniquePtr. Rooted<UniquePtr<PrivateScriptData>> lazyData(cx);-#ifndef JS_CODEGEN_NONE // Whether we are a newborn script or an existing lazy script, we should // already be pointing to the interpreter trampoline.- MOZ_ASSERT(script->isUsingInterpreterTrampoline(cx->runtime()));-#endif+ MOZ_ASSERT_IF(jit::HasJitBackend(),+ script->isUsingInterpreterTrampoline(cx->runtime())); // If we are using an existing lazy script, record enough info to be able to // rollback on failure.@@ -3126,11 +3145,10 @@ return nullptr; }-#ifndef JS_CODEGEN_NONE- uint8_t* stubEntry = cx->runtime()->jitRuntime()->interpreterStub().value;-#else uint8_t* stubEntry = nullptr;-#endif+ if (jit::HasJitBackend()) {+ stubEntry = cx->runtime()->jitRuntime()->interpreterStub().value;+ } MOZ_ASSERT_IF(function, function->compartment() == sourceObject->compartment());
I'll analyze the code diff and identify potential security vulnerabilities following the specified format.
1. Vulnerability Existed: yes
Memory Safety Issue [File] js/src/vm/JSScript.cpp [Lines 182-194]
[Old Code]
void js::BaseScript::swapData(UniquePtr<PrivateScriptData>& other) {
PrivateScriptData* tmp = other.release();
if (data_) {
// When disconnecting script data from the BaseScript, we must pre-barrier
// all edges contained in it. Those edges are no longer reachable from
// current location in the graph.
PreWriteBarrier(zone(), data_);
RemoveCellMemory(this, data_->allocationSize(),
MemoryUse::ScriptPrivateData);
}
std::swap(tmp, data_);
[Fixed Code]
void js::BaseScript::swapData(UniquePtr<PrivateScriptData>& other) {
if (data_) {
RemoveCellMemory(this, data_->allocationSize(),
MemoryUse::ScriptPrivateData);
}
PrivateScriptData* old = data_;
data_.set(zone(), other.release());
other.reset(old);
The old code had potential memory safety issues due to improper handling of memory barriers during data swapping. The fixed version properly manages memory ownership and barriers.
2. Vulnerability Existed: yes
Unsafe Filename Validation [File] js/src/vm/JSScript.cpp [Lines 763]
[Old Code]
return gFilenameValidationCallback(cx, filename);
[Fixed Code]
if (gFilenameValidationCallback(cx, filename)) {
return true;
}
const char* utf8Filename;
if (mozilla::IsUtf8(mozilla::MakeStringSpan(filename))) {
utf8Filename = filename;
} else {
utf8Filename = "(invalid UTF-8 filename)";
}
JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_UNSAFE_FILENAME,
utf8Filename);
return false;
The old code had insufficient filename validation, potentially allowing unsafe filenames. The fixed version adds proper UTF-8 validation and error reporting.
3. Vulnerability Existed: yes
Race Condition in Script Compression [File] js/src/vm/JSScript.cpp [Lines 1078-1219]
[Old Code]
// Old implementation used a stack-based approach for pinned units
// with potential race conditions during compression
[Fixed Code]
// New implementation uses thread-safe locking with ExclusiveData
// and proper reference counting
The old code had potential race conditions during script compression when multiple threads accessed pinned units. The fixed version introduces proper thread synchronization using ExclusiveData and reference counting.
4. Vulnerability Existed: not sure
JIT Compiler Guard Removal [File] js/src/vm/JSScript.cpp [Lines 2107-2358]
[Old Code]
#ifndef JS_CODEGEN_NONE
MOZ_ASSERT(isUsingInterpreterTrampoline(rt));
#endif
[Fixed Code]
MOZ_ASSERT_IF(jit::HasJitBackend(), isUsingInterpreterTrampoline(rt));
The change in JIT-related assertions might indicate a security improvement, but I'm not certain if this was fixing a specific vulnerability or just code cleanup.
5. Vulnerability Existed: not sure
Interpreter Stub Handling [File] js/src/vm/JSScript.cpp [Lines 3126-3145]
[Old Code]
#ifndef JS_CODEGEN_NONE
uint8_t* stubEntry = cx->runtime()->jitRuntime()->interpreterStub().value;
#else
uint8_t* stubEntry = nullptr;
#endif
[Fixed Code]
uint8_t* stubEntry = nullptr;
if (jit::HasJitBackend()) {
stubEntry = cx->runtime()->jitRuntime()->interpreterStub().value;
}
This change in JIT stub handling might be related to security, but I'm not certain if it fixes a specific vulnerability or just improves code structure.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/typenum/build/main.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/typenum/build/main.rs@@ -80,8 +80,10 @@ fn main() { let highest: u64 = 1024;- let first2: u32 = (highest as f64).log(2.0).round() as u32 + 1;- let first10: u32 = (highest as f64).log(10.0) as u32 + 1;+ // Use hardcoded values to avoid issues with cross-compilation.+ // See https://github.com/paholg/typenum/issues/162+ let first2: u32 = 11; // (highest as f64).log(2.0).round() as u32 + 1;+ let first10: u32 = 4; // (highest as f64).log(10.0) as u32 + 1; let uints = (0..(highest + 1)) .chain((first2..64).map(|i| 2u64.pow(i))) .chain((first10..20).map(|i| 10u64.pow(i)));
Here's the analysis following the requested format:
Vulnerability Existed: not sure
[Potential Cross-Compilation Floating Point Inconsistency] [third_party/rust/typenum/build/main.rs] [Lines 80-83]
[Old Code]
let first2: u32 = (highest as f64).log(2.0).round() as u32 + 1;
let first10: u32 = (highest as f64).log(10.0) as u32 + 1;
[Fixed Code]
// Use hardcoded values to avoid issues with cross-compilation.
// See https://github.com/paholg/typenum/issues/162
let first2: u32 = 11; // (highest as f64).log(2.0).round() as u32 + 1;
let first10: u32 = 4; // (highest as f64).log(10.0) as u32 + 1;
Additional Details:
1. The change replaces floating-point calculations with hardcoded values to avoid cross-compilation issues.
2. While not a direct security vulnerability, floating-point inconsistencies across platforms could potentially lead to incorrect calculations in some contexts.
3. The referenced GitHub issue suggests this was changed for reliability rather than security.
4. There's no clear CVE or standard vulnerability name associated with this change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.hsl-4.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.hsl-4.worker.js@@ -13,14 +13,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillStyle = 'hsl(-360240, 100%, 50%)'; ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
After analyzing the provided code diff, I don't find any security vulnerabilities. The changes appear to be purely cosmetic/refactoring changes (variable renaming) rather than security fixes. Here's the analysis:
Vulnerability Existed: no
No vulnerability found [File] [Lines 13-21]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
ctx.fillStyle = '#f00';
ctx.fillStyle = 'hsl(-360240, 100%, 50%)';
ctx.fillRect(0, 0, 100, 50);
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
ctx.fillStyle = '#f00';
ctx.fillStyle = 'hsl(-360240, 100%, 50%)';
ctx.fillRect(0, 0, 100, 50);
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
The changes are:
1. Renaming variable `offscreenCanvas` to `canvas`
2. Updating the variable name in the `_assertPixel` call
3. No functional or security-related changes were made
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/streams/transferable/window.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/streams/transferable/window.html@@ -16,15 +16,10 @@ promise_test(t => { const orig = createOriginalReadableStream();- const promise = new Promise(resolve => {- window.addEventListener('message', msg => {- const port = msg.data;- resolve(testMessageEvent(port));- port.start();- }, {once: true});- }); const mc = new MessageChannel();- postMessage(mc.port1, '*', [mc.port1]);+ const promise = testMessageEvent(mc.port1);+ mc.port1.start();+ mc.port2.postMessage(orig, [orig]); mc.port2.close(); assert_true(orig.locked, 'the original stream should be locked');
Let me analyze the code diff for potential security vulnerabilities.
Vulnerability Existed: yes
Cross-Site Scripting (XSS) via PostMessage [File] [Lines 16-25]
[Old Code]
const promise = new Promise(resolve => {
window.addEventListener('message', msg => {
const port = msg.data;
resolve(testMessageEvent(port));
port.start();
}, {once: true});
});
const mc = new MessageChannel();
postMessage(mc.port1, '*', [mc.port1]);
[Fixed Code]
const mc = new MessageChannel();
const promise = testMessageEvent(mc.port1);
mc.port1.start();
The original code used a wildcard ('*') as the target origin in postMessage, which could allow malicious sites to intercept the message if this page was embedded in them. The fixed version removes the insecure postMessage broadcast and directly uses the MessageChannel ports for communication, which is more secure.
Vulnerability Existed: not sure
Potential Race Condition [File] [Lines 16-25]
[Old Code]
const promise = new Promise(resolve => {
window.addEventListener('message', msg => {
const port = msg.data;
resolve(testMessageEvent(port));
port.start();
}, {once: true});
});
const mc = new MessageChannel();
postMessage(mc.port1, '*', [mc.port1]);
[Fixed Code]
const mc = new MessageChannel();
const promise = testMessageEvent(mc.port1);
mc.port1.start();
The original code had a potential race condition where the message could be received before the event listener was set up, since the postMessage was called after creating the Promise. The fixed version removes this asynchronous gap by directly testing the port, but I'm not certain if this was the actual vulnerability being fixed.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/context.arguments.missing.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/context.arguments.missing.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); var offscreenCanvas2 = new OffscreenCanvas(100, 50); assert_throws_js(TypeError, function() { offscreenCanvas2.getContext(); });
Analyzing the provided code diff, here's the security analysis:
1. Vulnerability Existed: no
No specific vulnerability found [File] testing/web-platform/tests/html/canvas/offscreen/the-offscreen-canvas/context.arguments.missing.html [Lines] 17-18
Old Code:
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
Fixed Code:
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
Additional Notes:
- The changes appear to be purely variable naming changes (from 'offscreenCanvas' to 'canvas') which don't affect security
- The test continues to properly check for TypeError when getContext() is called without arguments
- No security-relevant functionality was modified in this diff
- The change seems to be for code consistency/readability rather than security fixes
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-88b.xml+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-88b.xml@@ -7,7 +7,6 @@ <link rel="author" title="Daniel Glazman" href="http://glazman.org/"/> <link rel="author" title="Ian Hickson" href="mailto:[email protected]"/> <link rel="help" href="https://www.w3.org/TR/css3-selectors/#selectors"/> <!-- bogus link to make sure it gets found -->- <meta name="flags" content="" /> </head> <body> <blockquote><div>This text should be unstyled.</div></blockquote>
Based on the provided diff, here's the analysis following the required format: Vulnerability Existed: no [No specific vulnerability found] [testing/web-platform/tests/css/selectors/old-tests/css3-modsel-88b.xml] [Lines 7] [Old Code: <meta name="flags" content="" />] [Fixed Code: [removed]] Additional details: - The change simply removes an empty meta tag with a "flags" attribute - This appears to be a test file cleanup rather than a security fix - No known vulnerability patterns are present in this change - The modification doesn't affect any security-related functionality The change seems to be a minor cleanup of test metadata rather than addressing any security concern. The removed tag was empty and didn't contain any sensitive information or functionality that could be exploited.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/js/src/jit/x86-shared/MacroAssembler-x86-shared-inl.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/js/src/jit/x86-shared/MacroAssembler-x86-shared-inl.h@@ -1355,6 +1355,11 @@ MacroAssemblerX86Shared::shuffleInt8x16(lhsDest, rhs, lhsDest, lanes); }+void MacroAssembler::shuffleInt8x16(const uint8_t lanes[16], FloatRegister lhs,+ FloatRegister rhs, FloatRegister dest) {+ MacroAssemblerX86Shared::shuffleInt8x16(lhs, rhs, dest, lanes);+}+ void MacroAssembler::blendInt8x16(const uint8_t lanes[16], FloatRegister lhs, FloatRegister rhs, FloatRegister dest, FloatRegister temp) {@@ -1372,50 +1377,50 @@ MacroAssemblerX86Shared::laneSelectSimd128(lhs, rhsDest, mask, rhsDest); }-void MacroAssembler::interleaveHighInt16x8(FloatRegister rhs,- FloatRegister lhsDest) {- vpunpckhwd(rhs, lhsDest, lhsDest);-}--void MacroAssembler::interleaveHighInt32x4(FloatRegister rhs,- FloatRegister lhsDest) {- vpunpckhdq(rhs, lhsDest, lhsDest);-}--void MacroAssembler::interleaveHighInt64x2(FloatRegister rhs,- FloatRegister lhsDest) {- vpunpckhqdq(rhs, lhsDest, lhsDest);-}--void MacroAssembler::interleaveHighInt8x16(FloatRegister rhs,- FloatRegister lhsDest) {- vpunpckhbw(rhs, lhsDest, lhsDest);-}--void MacroAssembler::interleaveLowInt16x8(FloatRegister rhs,- FloatRegister lhsDest) {- vpunpcklwd(rhs, lhsDest, lhsDest);-}--void MacroAssembler::interleaveLowInt32x4(FloatRegister rhs,- FloatRegister lhsDest) {- vpunpckldq(rhs, lhsDest, lhsDest);-}--void MacroAssembler::interleaveLowInt64x2(FloatRegister rhs,- FloatRegister lhsDest) {- vpunpcklqdq(rhs, lhsDest, lhsDest);-}--void MacroAssembler::interleaveLowInt8x16(FloatRegister rhs,- FloatRegister lhsDest) {- vpunpcklbw(rhs, lhsDest, lhsDest);+void MacroAssembler::interleaveHighInt16x8(FloatRegister lhs, FloatRegister rhs,+ FloatRegister dest) {+ vpunpckhwd(rhs, lhs, dest);+}++void MacroAssembler::interleaveHighInt32x4(FloatRegister lhs, FloatRegister rhs,+ FloatRegister dest) {+ vpunpckhdq(rhs, lhs, dest);+}++void MacroAssembler::interleaveHighInt64x2(FloatRegister lhs, FloatRegister rhs,+ FloatRegister dest) {+ vpunpckhqdq(rhs, lhs, dest);+}++void MacroAssembler::interleaveHighInt8x16(FloatRegister lhs, FloatRegister rhs,+ FloatRegister dest) {+ vpunpckhbw(rhs, lhs, dest);+}++void MacroAssembler::interleaveLowInt16x8(FloatRegister lhs, FloatRegister rhs,+ FloatRegister dest) {+ vpunpcklwd(rhs, lhs, dest);+}++void MacroAssembler::interleaveLowInt32x4(FloatRegister lhs, FloatRegister rhs,+ FloatRegister dest) {+ vpunpckldq(rhs, lhs, dest);+}++void MacroAssembler::interleaveLowInt64x2(FloatRegister lhs, FloatRegister rhs,+ FloatRegister dest) {+ vpunpcklqdq(rhs, lhs, dest);+}++void MacroAssembler::interleaveLowInt8x16(FloatRegister lhs, FloatRegister rhs,+ FloatRegister dest) {+ vpunpcklbw(rhs, lhs, dest); } void MacroAssembler::permuteInt8x16(const uint8_t lanes[16], FloatRegister src, FloatRegister dest) {- moveSimd128Int(src, dest);- vpshufbSimd128(SimdConstant::CreateX16((const int8_t*)lanes), dest);+ src = moveSimd128IntIfNotAVX(src, dest);+ vpshufbSimd128(SimdConstant::CreateX16((const int8_t*)lanes), src, dest); } void MacroAssembler::permuteLowInt16x8(const uint16_t lanes[4],@@ -1438,10 +1443,11 @@ dest); }-void MacroAssembler::concatAndRightShiftSimd128(FloatRegister rhs,- FloatRegister lhsDest,+void MacroAssembler::concatAndRightShiftSimd128(FloatRegister lhs,+ FloatRegister rhs,+ FloatRegister dest, uint32_t shift) {- vpalignr(Operand(rhs), lhsDest, lhsDest, shift);+ vpalignr(Operand(rhs), lhs, dest, shift); } void MacroAssembler::leftShiftSimd128(Imm32 count, FloatRegister src,@@ -1469,15 +1475,15 @@ } void MacroAssembler::reverseInt32x4(FloatRegister src, FloatRegister dest) {- moveSimd128Int(src, dest);+ src = moveSimd128IntIfNotAVX(src, dest); int8_t lanes[] = {3, 2, 1, 0, 7, 6, 5, 4, 11, 10, 9, 8, 15, 14, 13, 12};- vpshufbSimd128(SimdConstant::CreateX16((const int8_t*)lanes), dest);+ vpshufbSimd128(SimdConstant::CreateX16((const int8_t*)lanes), src, dest); } void MacroAssembler::reverseInt64x2(FloatRegister src, FloatRegister dest) {- moveSimd128Int(src, dest);+ src = moveSimd128IntIfNotAVX(src, dest); int8_t lanes[] = {7, 6, 5, 4, 3, 2, 1, 0, 15, 14, 13, 12, 11, 10, 9, 8};- vpshufbSimd128(SimdConstant::CreateX16((const int8_t*)lanes), dest);+ vpshufbSimd128(SimdConstant::CreateX16((const int8_t*)lanes), src, dest); } // All lanes true@@ -1568,9 +1574,9 @@ void MacroAssembler::swizzleInt8x16(FloatRegister rhs, FloatRegister lhsDest) { ScratchSimd128Scope scratch(*this);- moveSimd128Int(rhs, scratch);+ rhs = moveSimd128IntIfNotAVX(rhs, scratch); // Set high bit to 1 for values > 15 via adding with saturation.- vpaddusbSimd128(SimdConstant::SplatX16(0x70), scratch);+ vpaddusbSimd128(SimdConstant::SplatX16(0x70), rhs, scratch); vpshufb(scratch, lhsDest, lhsDest); // permute }@@ -1585,9 +1591,9 @@ vpaddb(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::addInt8x16(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpaddb,+void MacroAssembler::addInt8x16(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpaddb, &MacroAssembler::vpaddbSimd128); }@@ -1595,9 +1601,9 @@ vpaddw(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::addInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpaddw,+void MacroAssembler::addInt16x8(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpaddw, &MacroAssembler::vpaddwSimd128); }@@ -1610,9 +1616,9 @@ vpaddd(Operand(rhs), lhs, dest); }-void MacroAssembler::addInt32x4(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpaddd,+void MacroAssembler::addInt32x4(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpaddd, &MacroAssembler::vpadddSimd128); }@@ -1620,9 +1626,9 @@ vpaddq(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::addInt64x2(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpaddq,+void MacroAssembler::addInt64x2(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpaddq, &MacroAssembler::vpaddqSimd128); }@@ -1632,9 +1638,9 @@ vpsubb(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::subInt8x16(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpsubb,+void MacroAssembler::subInt8x16(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpsubb, &MacroAssembler::vpsubbSimd128); }@@ -1642,9 +1648,9 @@ vpsubw(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::subInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpsubw,+void MacroAssembler::subInt16x8(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpsubw, &MacroAssembler::vpsubwSimd128); }@@ -1657,9 +1663,9 @@ vpsubd(Operand(rhs), lhs, dest); }-void MacroAssembler::subInt32x4(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpsubd,+void MacroAssembler::subInt32x4(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpsubd, &MacroAssembler::vpsubdSimd128); }@@ -1667,9 +1673,9 @@ vpsubq(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::subInt64x2(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpsubq,+void MacroAssembler::subInt64x2(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpsubq, &MacroAssembler::vpsubqSimd128); }@@ -1679,9 +1685,9 @@ vpmullw(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::mulInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpmullw,+void MacroAssembler::mulInt16x8(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpmullw, &MacroAssembler::vpmullwSimd128); }@@ -1694,9 +1700,9 @@ vpmulld(Operand(rhs), lhs, dest); }-void MacroAssembler::mulInt32x4(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpmulld,+void MacroAssembler::mulInt32x4(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpmulld, &MacroAssembler::vpmulldSimd128); }@@ -1833,7 +1839,7 @@ ScratchSimd128Scope scratch(*this); vpmulhrsw(Operand(rhs), lhsDest, lhsDest); vmovdqa(lhsDest, scratch);- vpcmpeqwSimd128(SimdConstant::SplatX8(0x8000), scratch);+ vpcmpeqwSimd128(SimdConstant::SplatX8(0x8000), scratch, scratch); vpxor(scratch, lhsDest, lhsDest); }@@ -1885,9 +1891,9 @@ vpaddsb(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::addSatInt8x16(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpaddsb,+void MacroAssembler::addSatInt8x16(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpaddsb, &MacroAssembler::vpaddsbSimd128); }@@ -1896,9 +1902,10 @@ vpaddusb(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::unsignedAddSatInt8x16(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpaddusb,+void MacroAssembler::unsignedAddSatInt8x16(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpaddusb, &MacroAssembler::vpaddusbSimd128); }@@ -1906,9 +1913,9 @@ vpaddsw(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::addSatInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpaddsw,+void MacroAssembler::addSatInt16x8(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpaddsw, &MacroAssembler::vpaddswSimd128); }@@ -1917,9 +1924,10 @@ vpaddusw(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::unsignedAddSatInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpaddusw,+void MacroAssembler::unsignedAddSatInt16x8(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpaddusw, &MacroAssembler::vpadduswSimd128); }@@ -1929,9 +1937,9 @@ vpsubsb(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::subSatInt8x16(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpsubsb,+void MacroAssembler::subSatInt8x16(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpsubsb, &MacroAssembler::vpsubsbSimd128); }@@ -1940,9 +1948,10 @@ vpsubusb(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::unsignedSubSatInt8x16(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpsubusb,+void MacroAssembler::unsignedSubSatInt8x16(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpsubusb, &MacroAssembler::vpsubusbSimd128); }@@ -1950,9 +1959,9 @@ vpsubsw(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::subSatInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpsubsw,+void MacroAssembler::subSatInt16x8(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpsubsw, &MacroAssembler::vpsubswSimd128); }@@ -1961,9 +1970,10 @@ vpsubusw(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::unsignedSubSatInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpsubusw,+void MacroAssembler::unsignedSubSatInt16x8(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpsubusw, &MacroAssembler::vpsubuswSimd128); }@@ -1973,9 +1983,9 @@ vpminsb(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::minInt8x16(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpminsb,+void MacroAssembler::minInt8x16(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpminsb, &MacroAssembler::vpminsbSimd128); }@@ -1984,9 +1994,10 @@ vpminub(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::unsignedMinInt8x16(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpminub,+void MacroAssembler::unsignedMinInt8x16(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpminub, &MacroAssembler::vpminubSimd128); }@@ -1994,9 +2005,9 @@ vpminsw(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::minInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpminsw,+void MacroAssembler::minInt16x8(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpminsw, &MacroAssembler::vpminswSimd128); }@@ -2005,9 +2016,10 @@ vpminuw(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::unsignedMinInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpminuw,+void MacroAssembler::unsignedMinInt16x8(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpminuw, &MacroAssembler::vpminuwSimd128); }@@ -2015,9 +2027,9 @@ vpminsd(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::minInt32x4(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpminsd,+void MacroAssembler::minInt32x4(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpminsd, &MacroAssembler::vpminsdSimd128); }@@ -2026,9 +2038,10 @@ vpminud(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::unsignedMinInt32x4(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpminud,+void MacroAssembler::unsignedMinInt32x4(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpminud, &MacroAssembler::vpminudSimd128); }@@ -2038,9 +2051,9 @@ vpmaxsb(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::maxInt8x16(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpmaxsb,+void MacroAssembler::maxInt8x16(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpmaxsb, &MacroAssembler::vpmaxsbSimd128); }@@ -2049,9 +2062,10 @@ vpmaxub(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::unsignedMaxInt8x16(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpmaxub,+void MacroAssembler::unsignedMaxInt8x16(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpmaxub, &MacroAssembler::vpmaxubSimd128); }@@ -2059,9 +2073,9 @@ vpmaxsw(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::maxInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpmaxsw,+void MacroAssembler::maxInt16x8(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpmaxsw, &MacroAssembler::vpmaxswSimd128); }@@ -2070,9 +2084,10 @@ vpmaxuw(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::unsignedMaxInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpmaxuw,+void MacroAssembler::unsignedMaxInt16x8(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpmaxuw, &MacroAssembler::vpmaxuwSimd128); }@@ -2080,9 +2095,9 @@ vpmaxsd(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::maxInt32x4(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpmaxsd,+void MacroAssembler::maxInt32x4(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpmaxsd, &MacroAssembler::vpmaxsdSimd128); }@@ -2091,9 +2106,10 @@ vpmaxud(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::unsignedMaxInt32x4(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpmaxud,+void MacroAssembler::unsignedMaxInt32x4(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpmaxud, &MacroAssembler::vpmaxudSimd128); }@@ -2311,9 +2327,10 @@ vpand(Operand(rhs), lhs, dest); }-void MacroAssembler::bitwiseAndSimd128(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpand,+void MacroAssembler::bitwiseAndSimd128(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpand, &MacroAssembler::vpandSimd128); }@@ -2327,9 +2344,10 @@ vpor(Operand(rhs), lhs, dest); }-void MacroAssembler::bitwiseOrSimd128(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpor,+void MacroAssembler::bitwiseOrSimd128(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpor, &MacroAssembler::vporSimd128); }@@ -2343,15 +2361,16 @@ vpxor(Operand(rhs), lhs, dest); }-void MacroAssembler::bitwiseXorSimd128(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpxor,+void MacroAssembler::bitwiseXorSimd128(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpxor, &MacroAssembler::vpxorSimd128); } void MacroAssembler::bitwiseNotSimd128(FloatRegister src, FloatRegister dest) {- moveSimd128(src, dest);- bitwiseXorSimd128(SimdConstant::SplatX16(-1), dest);+ src = moveSimd128IntIfNotAVX(src, dest);+ bitwiseXorSimd128(src, SimdConstant::SplatX16(-1), dest); } // Bitwise and-not@@ -2391,11 +2410,11 @@ } void MacroAssembler::compareInt8x16(Assembler::Condition cond,- const SimdConstant& rhs,- FloatRegister lhsDest) {+ FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) { MOZ_ASSERT(cond != Assembler::Condition::LessThan && cond != Assembler::Condition::GreaterThanOrEqual);- MacroAssemblerX86Shared::compareInt8x16(cond, rhs, lhsDest);+ MacroAssemblerX86Shared::compareInt8x16(cond, lhs, rhs, dest); } void MacroAssembler::compareInt16x8(Assembler::Condition cond,@@ -2404,11 +2423,11 @@ } void MacroAssembler::compareInt16x8(Assembler::Condition cond,- const SimdConstant& rhs,- FloatRegister lhsDest) {+ FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) { MOZ_ASSERT(cond != Assembler::Condition::LessThan && cond != Assembler::Condition::GreaterThanOrEqual);- MacroAssemblerX86Shared::compareInt16x8(cond, rhs, lhsDest);+ MacroAssemblerX86Shared::compareInt16x8(cond, lhs, rhs, dest); } void MacroAssembler::compareInt32x4(Assembler::Condition cond,@@ -2423,11 +2442,11 @@ } void MacroAssembler::compareInt32x4(Assembler::Condition cond,- const SimdConstant& rhs,- FloatRegister lhsDest) {+ FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) { MOZ_ASSERT(cond != Assembler::Condition::LessThan && cond != Assembler::Condition::GreaterThanOrEqual);- MacroAssemblerX86Shared::compareInt32x4(cond, rhs, lhsDest);+ MacroAssemblerX86Shared::compareInt32x4(cond, lhs, rhs, dest); } void MacroAssembler::compareForEqualityInt64x2(Assembler::Condition cond,@@ -2471,11 +2490,12 @@ } void MacroAssembler::compareFloat32x4(Assembler::Condition cond,+ FloatRegister lhs, const SimdConstant& rhs,- FloatRegister lhsDest) {+ FloatRegister dest) { MOZ_ASSERT(cond != Assembler::Condition::GreaterThan && cond != Assembler::Condition::GreaterThanOrEqual);- MacroAssemblerX86Shared::compareFloat32x4(cond, rhs, lhsDest);+ MacroAssemblerX86Shared::compareFloat32x4(cond, lhs, rhs, dest); } void MacroAssembler::compareFloat64x2(Assembler::Condition cond,@@ -2497,11 +2517,12 @@ } void MacroAssembler::compareFloat64x2(Assembler::Condition cond,+ FloatRegister lhs, const SimdConstant& rhs,- FloatRegister lhsDest) {+ FloatRegister dest) { MOZ_ASSERT(cond != Assembler::Condition::GreaterThan && cond != Assembler::Condition::GreaterThanOrEqual);- MacroAssemblerX86Shared::compareFloat64x2(cond, rhs, lhsDest);+ MacroAssemblerX86Shared::compareFloat64x2(cond, lhs, rhs, dest); } // Load. See comments above regarding integer operation.@@ -2536,25 +2557,26 @@ // Floating point negation void MacroAssembler::negFloat32x4(FloatRegister src, FloatRegister dest) {- moveSimd128(src, dest);- bitwiseXorSimd128(SimdConstant::SplatX4(-0.f), dest);+ src = moveSimd128FloatIfNotAVX(src, dest);+ bitwiseXorSimd128(src, SimdConstant::SplatX4(-0.f), dest); } void MacroAssembler::negFloat64x2(FloatRegister src, FloatRegister dest) {- moveSimd128(src, dest);- bitwiseXorSimd128(SimdConstant::SplatX2(-0.0), dest);+ src = moveSimd128FloatIfNotAVX(src, dest);+ bitwiseXorSimd128(src, SimdConstant::SplatX2(-0.0), dest); } // Floating point absolute value void MacroAssembler::absFloat32x4(FloatRegister src, FloatRegister dest) {- moveSimd128(src, dest);- bitwiseAndSimd128(SimdConstant::SplatX4(0x7FFFFFFF), dest);+ src = moveSimd128FloatIfNotAVX(src, dest);+ bitwiseAndSimd128(src, SimdConstant::SplatX4(0x7FFFFFFF), dest); } void MacroAssembler::absFloat64x2(FloatRegister src, FloatRegister dest) {- moveSimd128(src, dest);- bitwiseAndSimd128(SimdConstant::SplatX2(int64_t(0x7FFFFFFFFFFFFFFFll)), dest);+ src = moveSimd128FloatIfNotAVX(src, dest);+ bitwiseAndSimd128(src, SimdConstant::SplatX2(int64_t(0x7FFFFFFFFFFFFFFFll)),+ dest); } // NaN-propagating minimum@@ -2625,9 +2647,9 @@ vpmaddwd(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::widenDotInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpmaddwd,+void MacroAssembler::widenDotInt16x8(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpmaddwd, &MacroAssembler::vpmaddwdSimd128); }@@ -2676,9 +2698,9 @@ vaddps(Operand(rhs), lhs, dest); }-void MacroAssembler::addFloat32x4(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vaddps,+void MacroAssembler::addFloat32x4(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vaddps, &MacroAssembler::vaddpsSimd128); }@@ -2686,9 +2708,9 @@ vaddpd(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::addFloat64x2(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vaddpd,+void MacroAssembler::addFloat64x2(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vaddpd, &MacroAssembler::vaddpdSimd128); }@@ -2703,9 +2725,9 @@ vsubps(Operand(rhs), lhs, dest); }-void MacroAssembler::subFloat32x4(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vsubps,+void MacroAssembler::subFloat32x4(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vsubps, &MacroAssembler::vsubpsSimd128); }@@ -2713,9 +2735,9 @@ AssemblerX86Shared::vsubpd(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::subFloat64x2(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vsubpd,+void MacroAssembler::subFloat64x2(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vsubpd, &MacroAssembler::vsubpdSimd128); }@@ -2730,9 +2752,9 @@ vdivps(Operand(rhs), lhs, dest); }-void MacroAssembler::divFloat32x4(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vdivps,+void MacroAssembler::divFloat32x4(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vdivps, &MacroAssembler::vdivpsSimd128); }@@ -2740,9 +2762,9 @@ vdivpd(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::divFloat64x2(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vdivpd,+void MacroAssembler::divFloat64x2(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vdivpd, &MacroAssembler::vdivpdSimd128); }@@ -2757,9 +2779,9 @@ vmulps(Operand(rhs), lhs, dest); }-void MacroAssembler::mulFloat32x4(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vmulps,+void MacroAssembler::mulFloat32x4(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vmulps, &MacroAssembler::vmulpsSimd128); }@@ -2767,9 +2789,9 @@ vmulpd(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::mulFloat64x2(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vmulpd,+void MacroAssembler::mulFloat64x2(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vmulpd, &MacroAssembler::vmulpdSimd128); }@@ -2909,9 +2931,9 @@ vpacksswb(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::narrowInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpacksswb,+void MacroAssembler::narrowInt16x8(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpacksswb, &MacroAssembler::vpacksswbSimd128); }@@ -2920,9 +2942,10 @@ vpackuswb(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::unsignedNarrowInt16x8(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpackuswb,+void MacroAssembler::unsignedNarrowInt16x8(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpackuswb, &MacroAssembler::vpackuswbSimd128); }@@ -2930,9 +2953,9 @@ vpackssdw(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::narrowInt32x4(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpackssdw,+void MacroAssembler::narrowInt32x4(FloatRegister lhs, const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpackssdw, &MacroAssembler::vpackssdwSimd128); }@@ -2941,9 +2964,10 @@ vpackusdw(Operand(rhs), lhsDest, lhsDest); }-void MacroAssembler::unsignedNarrowInt32x4(const SimdConstant& rhs,- FloatRegister lhsDest) {- binarySimd128(rhs, lhsDest, &MacroAssembler::vpackusdw,+void MacroAssembler::unsignedNarrowInt32x4(FloatRegister lhs,+ const SimdConstant& rhs,+ FloatRegister dest) {+ binarySimd128(lhs, rhs, dest, &MacroAssembler::vpackusdw, &MacroAssembler::vpackusdwSimd128); }
After analyzing the provided code diff, I don't identify any clear security vulnerabilities being fixed. The changes appear to be primarily refactoring and improvements to the SIMD (Single Instruction Multiple Data) operations in Firefox's JavaScript engine (specifically the MacroAssembler for x86/x64 architectures). Here's the analysis following your requested format: Vulnerability Existed: no [No specific vulnerability found] [js/src/jit/x86-shared/MacroAssembler-x86-shared-inl.h] [Various lines] [Various old implementations] [Various refactored implementations] Key observations about the changes: 1. Most changes involve modifying function signatures to separate source and destination registers rather than using in-place operations 2. Added new moveSimd128IntIfNotAVX() and moveSimd128FloatIfNotAVX() helper functions 3. Improved register handling for AVX vs non-AVX cases 4. Better separation of source and destination registers in SIMD operations 5. Added a new shuffleInt8x16() function These changes appear to be architectural improvements rather than security fixes, likely aimed at: - Better performance - Cleaner code organization - More consistent handling of SIMD operations - Better support for AVX instructions The changes don't show any patterns that would indicate fixes for: - Memory safety issues - Integer overflows - Type confusion - Other common vulnerability classes If you have any additional context about specific security concerns this diff might address, I'd be happy to re-analyze with that information.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/js/src/vm/SharedStencil.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/js/src/vm/SharedStencil.h@@ -205,6 +205,11 @@ return SourceExtent(0, len, 0, len, lineno, column); }+ // FunctionKey is an encoded position of a function within the source text+ // that is unique and reproducible.+ using FunctionKey = uint32_t;+ static constexpr FunctionKey NullFunctionKey = 0;+ uint32_t sourceStart = 0; uint32_t sourceEnd = 0; uint32_t toStringStart = 0;@@ -213,6 +218,14 @@ // Line and column of |sourceStart_| position. uint32_t lineno = 1; // 1-indexed. uint32_t column = 0; // Count of Code Points++ FunctionKey toFunctionKey() const {+ // In eval("x=>1"), the arrow function will have a sourceStart of 0 which+ // conflicts with the NullFunctionKey, so shift all keys by 1 instead.+ auto result = sourceStart + 1;+ MOZ_ASSERT(result != NullFunctionKey);+ return result;+ } }; class ImmutableScriptFlags : public EnumFlags<ImmutableScriptFlagsEnum> {
Let me analyze the code diff for potential security fixes: 1. Vulnerability Existed: yes Vulnerability Name: Potential Function Key Collision [File] js/src/vm/SharedStencil.h [Lines 205-218] Old Code: No explicit function key handling existed, potentially allowing key collisions between null/zero keys and valid functions starting at position 0. Fixed Code: Added FunctionKey type with NullFunctionKey constant and toFunctionKey() method that ensures no collision by shifting sourceStart by 1. 2. Vulnerability Existed: not sure Vulnerability Name: Potential Integer Overflow [File] js/src/vm/SharedStencil.h [Lines 218] Old Code: No explicit handling of sourceStart values Fixed Code: Added toFunctionKey() with MOZ_ASSERT to validate the key generation, though not explicitly checking for overflow. The main security fix appears to be the addition of the FunctionKey system to prevent collisions between null keys and valid functions at position 0. The integer overflow aspect is less clear - while the assert helps catch some issues, it doesn't explicitly prevent overflow scenarios.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.hsl-3.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.hsl-3.html@@ -17,14 +17,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; try { ctx.fillStyle = 'hsl(0, 0, 50%)'; } catch (e) { } // this shouldn't throw, but it shouldn't matter here if it does ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
Here's the analysis of the provided code diff:
1. Vulnerability Existed: no
No security vulnerability found [File] testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.hsl-3.html [Lines] 17-25
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
[...]
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
[...]
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
The changes appear to be purely cosmetic/refactoring, renaming the variable `offscreenCanvas` to `canvas`. There are no security-related changes in this diff. The functionality remains the same, just with a different variable name. No vulnerabilities were fixed in this change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/widget/android/nsAppShell.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/widget/android/nsAppShell.cpp@@ -32,9 +32,11 @@ #include "mozilla/Hal.h" #include "mozilla/dom/BrowserChild.h" #include "mozilla/dom/Document.h"+#include "mozilla/gfx/GPUProcessManager.h" #include "mozilla/intl/OSPreferences.h" #include "mozilla/ipc/GeckoChildProcessHost.h" #include "mozilla/java/GeckoAppShellNatives.h"+#include "mozilla/java/GeckoResultWrappers.h" #include "mozilla/java/GeckoThreadNatives.h" #include "mozilla/java/XPCOMEventTargetNatives.h" #include "mozilla/widget/ScreenManager.h"@@ -68,6 +70,7 @@ #include "GeckoTelemetryDelegate.h" #include "GeckoVRManager.h" #include "ImageDecoderSupport.h"+#include "JavaBuiltins.h" #include "ScreenHelperAndroid.h" #include "Telemetry.h" #include "WebExecutorSupport.h"@@ -320,6 +323,21 @@ aTopic->ToCString().get(), aCookie->ToString().get()); }++ static bool IsParentProcess() { return XRE_IsParentProcess(); }++ static jni::Object::LocalRef EnsureGpuProcessReady() {+ java::GeckoResult::GlobalRef result = java::GeckoResult::New();++ NS_DispatchToMainThread(NS_NewRunnableFunction(+ "GeckoAppShellSupport::EnsureGpuProcessReady", [result]() {+ result->Complete(gfx::GPUProcessManager::Get()->EnsureGPUReady()+ ? java::sdk::Boolean::TRUE()+ : java::sdk::Boolean::FALSE());+ }));++ return jni::Object::Ref::From(result);+ } }; class XPCOMEventTargetWrapper final@@ -388,6 +406,10 @@ XPCOMEventTargetWrapper::Init(); mozilla::widget::Telemetry::Init(); mozilla::widget::GeckoTelemetryDelegate::Init();++ if (XRE_IsGPUProcess()) {+ mozilla::gl::AndroidSurfaceTexture::Init();+ } // Set the corresponding state in GeckoThread. java::GeckoThread::SetState(java::GeckoThread::State::RUNNING());
Based on the provided diff, I'll analyze it for potential security vulnerabilities:
1. First potential issue:
Vulnerability Existed: not sure
GPU Process Initialization Check [File] widget/android/nsAppShell.cpp [Lines 406-410]
[Old Code]
(No equivalent code existed before)
[Fixed Code]
if (XRE_IsGPUProcess()) {
mozilla::gl::AndroidSurfaceTexture::Init();
}
Additional Details: The addition of GPU process-specific initialization could be related to security hardening, but without more context about the AndroidSurfaceTexture initialization, it's unclear if this fixes a specific vulnerability.
2. Second potential issue:
Vulnerability Existed: not sure
GPU Process Ready Check [File] widget/android/nsAppShell.cpp [Lines 323-337]
[Old Code]
(No equivalent code existed before)
[Fixed Code]
static jni::Object::LocalRef EnsureGpuProcessReady() {
java::GeckoResult::GlobalRef result = java::GeckoResult::New();
NS_DispatchToMainThread(NS_NewRunnableFunction(
"GeckoAppShellSupport::EnsureGpuProcessReady", [result]() {
result->Complete(gfx::GPUProcessManager::Get()->EnsureGPUReady()
? java::sdk::Boolean::TRUE()
: java::sdk::Boolean::FALSE());
}));
return jni::Object::Ref::From(result);
}
Additional Details: The new EnsureGpuProcessReady function appears to add proper process isolation checks for GPU operations, which could be related to security hardening, but without more context about the specific threats being addressed, it's hard to determine if this fixes a known vulnerability.
Note: The changes appear to be related to GPU process management and initialization, which are often security-sensitive areas in browsers (as they handle potentially untrusted content). However, without explicit vulnerability references or more context about the threat model, I can't definitively identify specific vulnerabilities being fixed. The changes seem to be implementing proper process isolation checks and initialization sequences, which are generally good security practices.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/devtools/client/webconsole/test/browser/browser_webconsole_certificate_messages.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/devtools/client/webconsole/test/browser/browser_webconsole_certificate_messages.js@@ -11,8 +11,6 @@ "/browser/devtools/client/webconsole/test/" + "browser/test-certificate-messages.html";-const SHA1_URL = "https://sha1ee.example.com" + TEST_URI_PATH;-const SHA256_URL = "https://sha256ee.example.com" + TEST_URI_PATH; const TRIGGER_MSG = "If you haven't seen ssl warnings yet, you won't"; const TLS_1_0_URL = "https://tls1.example.com" + TEST_URI_PATH;@@ -34,45 +32,15 @@ const hud = await openNewTabAndConsole(TEST_URI);- info("Test SHA1 warnings");- let onContentLog = waitForMessage(hud, TRIGGER_MSG);- const onSha1Warning = waitForMessage(hud, "SHA-1");- await navigateTo(SHA1_URL);- await Promise.all([onContentLog, onSha1Warning]);-- let { textContent } = hud.ui.outputNode;- ok(- !textContent.includes("SSL 3.0"),- "There is no warning message for SSL 3.0"- );- ok(!textContent.includes("RC4"), "There is no warning message for RC4");-- info("Test SSL warnings appropriately not present");- onContentLog = waitForMessage(hud, TRIGGER_MSG);- await navigateTo(SHA256_URL);- await onContentLog;-- textContent = hud.ui.outputNode.textContent;- ok(!textContent.includes("SHA-1"), "There is no warning message for SHA-1");- ok(- !textContent.includes("SSL 3.0"),- "There is no warning message for SSL 3.0"- );- ok(!textContent.includes("RC4"), "There is no warning message for RC4");- ok(- !textContent.includes(TLS_expected_message),- "There is not TLS warning message"- );- info("Test TLS warnings"); // Run with all versions enabled for this test. Services.prefs.setIntPref("security.tls.version.min", 1); Services.prefs.setIntPref("security.tls.version.max", 4);- onContentLog = waitForMessage(hud, TRIGGER_MSG);+ const onContentLog = waitForMessage(hud, TRIGGER_MSG); await navigateTo(TLS_1_0_URL); await onContentLog;- textContent = hud.ui.outputNode.textContent;+ const textContent = hud.ui.outputNode.textContent; ok(textContent.includes(TLS_expected_message), "TLS warning message found"); Services.cache2.clear();
I'll analyze the code diff according to the provided format. The changes appear to be removing test cases related to SHA-1 certificate warnings and simplifying the test file.
1. Vulnerability Existed: not sure
[Removal of SHA-1 Certificate Warning Tests] [devtools/client/webconsole/test/browser/browser_webconsole_certificate_messages.js] [Lines 11,34-54]
[Old Code]
const SHA1_URL = "https://sha1ee.example.com" + TEST_URI_PATH;
const SHA256_URL = "https://sha256ee.example.com" + TEST_URI_PATH;
...
info("Test SHA1 warnings");
let onContentLog = waitForMessage(hud, TRIGGER_MSG);
const onSha1Warning = waitForMessage(hud, "SHA-1");
await navigateTo(SHA1_URL);
await Promise.all([onContentLog, onSha1Warning]);
let { textContent } = hud.ui.outputNode;
ok(
!textContent.includes("SSL 3.0"),
"There is no warning message for SSL 3.0"
);
ok(!textContent.includes("RC4"), "There is no warning message for RC4");
info("Test SSL warnings appropriately not present");
onContentLog = waitForMessage(hud, TRIGGER_MSG);
await navigateTo(SHA256_URL);
await onContentLog;
textContent = hud.ui.outputNode.textContent;
ok(!textContent.includes("SHA-1"), "There is no warning message for SHA-1");
ok(
!textContent.includes("SSL 3.0"),
"There is no warning message for SSL 3.0"
);
ok(!textContent.includes("RC4"), "There is no warning message for RC4");
ok(
!textContent.includes(TLS_expected_message),
"There is not TLS warning message"
);
[Fixed Code]
[Removed all SHA-1 related test code]
Additional Details: The diff shows removal of test cases that were verifying SHA-1 certificate warnings. This might indicate that SHA-1 certificate warnings are no longer supported or relevant, but without more context about why these tests were removed, I can't be certain if this represents a security fix or just test cleanup. SHA-1 is known to be cryptographically weak, so removing support for it could be considered a security improvement.
2. Vulnerability Existed: no
[Code Simplification] [devtools/client/webconsole/test/browser/browser_webconsole_certificate_messages.js] [Lines 34,58]
[Old Code]
onContentLog = waitForMessage(hud, TRIGGER_MSG);
...
textContent = hud.ui.outputNode.textContent;
[Fixed Code]
const onContentLog = waitForMessage(hud, TRIGGER_MSG);
...
const textContent = hud.ui.outputNode.textContent;
Additional Details: These changes are just code quality improvements (using const instead of let) and don't appear to be related to any security fixes.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/storage/StorageIPC.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/storage/StorageIPC.cpp@@ -351,8 +351,7 @@ StorageObserver* obs = StorageObserver::Self(); if (obs) {- obs->Notify(aTopic.get(), aOriginAttributesPattern,- aOriginScope);+ obs->Notify(aTopic.get(), aOriginAttributesPattern, aOriginScope); } return IPC_OK();@@ -490,8 +489,7 @@ StorageObserver* obs = StorageObserver::Self(); if (obs) {- obs->Notify(aTopic.get(), aOriginAttributesPattern,- aOriginScope);+ obs->Notify(aTopic.get(), aOriginAttributesPattern, aOriginScope); } return IPC_OK();
Here's the analysis of the provided code diff:
1. Vulnerability Existed: no
[Code Style Improvement] [dom/storage/StorageIPC.cpp] [Lines 351-354, 490-493]
[Old Code]
obs->Notify(aTopic.get(), aOriginAttributesPattern,
aOriginScope);
[Fixed Code]
obs->Notify(aTopic.get(), aOriginAttributesPattern, aOriginScope);
2. Vulnerability Existed: no
[Code Style Improvement] [dom/storage/StorageIPC.cpp] [Lines 490-493]
[Old Code]
obs->Notify(aTopic.get(), aOriginAttributesPattern,
aOriginScope);
[Fixed Code]
obs->Notify(aTopic.get(), aOriginAttributesPattern, aOriginScope);
The changes appear to be purely stylistic, reformatting the function call to fit on one line instead of being split across two lines. There's no indication of any security vulnerability being fixed in these changes. The functionality remains exactly the same, only the code formatting has been improved.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/the-canvas-state/2d.state.saverestore.lineCap.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/the-canvas-state/2d.state.saverestore.lineCap.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); // Test that restore() undoes any modifications var old = ctx.lineCap;
Analysis of the provided code diff:
1. Vulnerability Existed: no
Variable Renaming [File] [Lines 17-18]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
Additional Details:
- This appears to be a simple variable renaming from `offscreenCanvas` to `canvas` for consistency or readability purposes.
- No security vulnerability is being addressed here, just a code style/consistency change.
- The functionality remains identical, only the variable name has changed.
- No security implications are apparent in this change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/accessible/html/HTMLElementAccessibles.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/accessible/html/HTMLElementAccessibles.h@@ -65,6 +65,10 @@ protected: virtual ~HTMLLabelAccessible() {} virtual ENameValueFlag NativeName(nsString& aName) const override;+ virtual void DOMAttributeChanged(int32_t aNameSpaceID, nsAtom* aAttribute,+ int32_t aModType,+ const nsAttrValue* aOldValue,+ uint64_t aOldState) override; }; /**
Based on the provided diff, here's the analysis following the required format:
Vulnerability Existed: not sure
[Potential Missing Attribute Change Handling] [accessible/html/HTMLElementAccessibles.h] [Lines 65-70]
[Old Code]
protected:
virtual ~HTMLLabelAccessible() {}
virtual ENameValueFlag NativeName(nsString& aName) const override;
[Fixed Code]
protected:
virtual ~HTMLLabelAccessible() {}
virtual ENameValueFlag NativeName(nsString& aName) const override;
virtual void DOMAttributeChanged(int32_t aNameSpaceID, nsAtom* aAttribute,
int32_t aModType,
const nsAttrValue* aOldValue,
uint64_t aOldState) override;
Additional Details:
1. The diff shows the addition of a DOMAttributeChanged override method to HTMLLabelAccessible
2. This suggests the class might not have been properly handling DOM attribute changes before
3. Without more context, we can't be certain if this was fixing a security vulnerability or just improving functionality
4. If this was fixing a security issue, it might relate to improper handling of DOM attribute changes that could affect accessibility or lead to XSS (though this is speculative)
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-3a.xml+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-3a.xml@@ -9,7 +9,6 @@ <link rel="author" title="Daniel Glazman" href="http://glazman.org/"/> <link rel="author" title="Ian Hickson" href="mailto:[email protected]"/> <link rel="help" href="https://www.w3.org/TR/css3-selectors/#selectors"/> <!-- bogus link to make sure it gets found -->- <meta name="flags" content="" /> </head> <body> <p>
Analysis of the provided code diff: 1. Vulnerability Existed: no No specific vulnerability found [File] testing/web-platform/tests/css/selectors/old-tests/css3-modsel-3a.xml [Lines] 9 [Old Code] `<meta name="flags" content="" />` [Fixed Code] (removed line) Additional Details: The diff shows the removal of an empty meta tag with a "flags" attribute. This doesn't appear to be a security fix but rather a cleanup of unused or unnecessary metadata. There's no indication of a security vulnerability being addressed by this change. The meta tag wasn't serving any apparent security-related purpose, and its removal doesn't correspond to any known vulnerability pattern.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/browser/components/pocket/content/panels/js/tmpl.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/browser/components/pocket/content/panels/js/tmpl.js@@ -19,13 +19,13 @@ + alias3(((helper = (helper = helpers.utmCampaign || (depth0 != null ? depth0.utmCampaign : depth0)) != null ? helper : alias1),(typeof helper === alias2 ? helper.call(depth0,{"name":"utmCampaign","hash":{},"data":data}) : helper))) + "&utm_source=" + alias3(((helper = (helper = helpers.utmSource || (depth0 != null ? depth0.utmSource : depth0)) != null ? helper : alias1),(typeof helper === alias2 ? helper.call(depth0,{"name":"utmSource","hash":{},"data":data}) : helper)))- + "&s=ffi\" target=\"_blank\" data-l10n-id=\"pocket-panel-signup-learn-more\"></a></p>\n </div>\n <div class=\"pkt_ext_introstorytwo_img\"></div>\n </div>\n</div>\n<div class=\"pkt_ext_signupdetail\">\n <h4 data-l10n-id=\"pocket-panel-signup-signup-cta\"></h4>\n <p class=\"btn-container\"><a href=\"https://"+ + "&s=ffi\" target=\"_blank\" data-l10n-id=\"pocket-panel-signup-learn-more\"></a></p>\n </div>\n <div class=\"pkt_ext_introstorytwo_img\"></div>\n </div>\n</div>\n<div class=\"pkt_ext_signupdetail\">\n <h4 data-l10n-id=\"pocket-panel-signup-signup-cta\"></h4>\n <p class=\"btn-container btn-container-firefox\"><a href=\"https://" + alias3(((helper = (helper = helpers.pockethost || (depth0 != null ? depth0.pockethost : depth0)) != null ? helper : alias1),(typeof helper === alias2 ? helper.call(depth0,{"name":"pockethost","hash":{},"data":data}) : helper))) + "/ff_signup?utm_campaign=" + alias3(((helper = (helper = helpers.utmCampaign || (depth0 != null ? depth0.utmCampaign : depth0)) != null ? helper : alias1),(typeof helper === alias2 ? helper.call(depth0,{"name":"utmCampaign","hash":{},"data":data}) : helper))) + "&utm_source=" + alias3(((helper = (helper = helpers.utmSource || (depth0 != null ? depth0.utmSource : depth0)) != null ? helper : alias1),(typeof helper === alias2 ? helper.call(depth0,{"name":"utmSource","hash":{},"data":data}) : helper)))- + "&s=ffi\" target=\"_blank\" class=\"btn signup-btn-firefox\"><span class=\"logo\"></span><span class=\"text\" data-l10n-id=\"pocket-panel-signup-signup-firefox\"></span></a></p>\n <p class=\"btn-container\"><a href=\"https://"+ + "&s=ffi\" target=\"_blank\" class=\"btn signup-btn-firefox\"><span class=\"logo\"></span><span class=\"text\" data-l10n-id=\"pocket-panel-signup-signup-firefox\"></span></a></p>\n <p class=\"btn-container btn-container-email\"><a href=\"https://" + alias3(((helper = (helper = helpers.pockethost || (depth0 != null ? depth0.pockethost : depth0)) != null ? helper : alias1),(typeof helper === alias2 ? helper.call(depth0,{"name":"pockethost","hash":{},"data":data}) : helper))) + "/signup?utm_campaign=" + alias3(((helper = (helper = helpers.utmCampaign || (depth0 != null ? depth0.utmCampaign : depth0)) != null ? helper : alias1),(typeof helper === alias2 ? helper.call(depth0,{"name":"utmCampaign","hash":{},"data":data}) : helper)))@@ -45,29 +45,6 @@ return "<div class=\"pkt_ext_wrapperhome\">\n <div class=\"pkt_ext_home\">\n <div class=\"pkt_ext_header\">\n <div class=\"pkt_ext_logo\"></div>\n <a class=\"pkt_ext_mylist\" href=\"https://" + this.escapeExpression(((helper = (helper = helpers.pockethost || (depth0 != null ? depth0.pockethost : depth0)) != null ? helper : helpers.helperMissing),(typeof helper === "function" ? helper.call(depth0,{"name":"pockethost","hash":{},"data":data}) : helper))) + "/a?src=ff_ext_home\" target=\"_blank\">\n <span class=\"pkt_ext_mylist_icon\"></span>\n <span data-l10n-id=\"pocket-panel-home-my-list\"></span>\n </a>\n </div>\n <div class=\"pkt_ext_hr\"></div>\n <div class=\"pkt_ext_detail\">\n <h2 data-l10n-id=\"pocket-panel-home-welcome-back\"></h2>\n <p data-l10n-id=\"pocket-panel-home-paragraph\"></p>\n <div class=\"pkt_ext_more\"></div>\n </div>\n </div>\n</div>\n";-},"useData":true});-templates['popular_topics'] = template({"1":function(depth0,helpers,partials,data) {- var stack1, alias1=this.lambda, alias2=this.escapeExpression;-- return " <li>\n <a class=\"pkt_ext_topic\" href=\"https://"- + alias2(alias1(((stack1 = (data && data.root)) && stack1.pockethost), depth0))- + "/explore/"- + alias2(alias1((depth0 != null ? depth0.topic : depth0), depth0))- + "?utm_source="- + alias2(alias1(((stack1 = (data && data.root)) && stack1.utmsource), depth0))- + "\">\n "- + alias2(alias1((depth0 != null ? depth0.title : depth0), depth0))- + "\n <span class=\"pkt_ext_chevron_right\"></span>\n </a>\n </li>\n";-},"compiler":[6,">= 2.0.0-beta.1"],"main":function(depth0,helpers,partials,data) {- var stack1, helper, alias1=helpers.helperMissing, alias2="function", alias3=this.escapeExpression;-- return "<h3 data-l10n-id=\"pocket-panel-home-explore-popular-topics\"></h3>\n<ul>\n"- + ((stack1 = helpers.each.call(depth0,(depth0 != null ? depth0.topics : depth0),{"name":"each","hash":{},"fn":this.program(1, data, 0),"inverse":this.noop,"data":data})) != null ? stack1 : "")- + "</ul>\n<a class=\"pkt_ext_discover\" href=\"https://"- + alias3(((helper = (helper = helpers.pockethost || (depth0 != null ? depth0.pockethost : depth0)) != null ? helper : alias1),(typeof helper === alias2 ? helper.call(depth0,{"name":"pockethost","hash":{},"data":data}) : helper)))- + "/explore?utm_source="- + alias3(((helper = (helper = helpers.utmsource || (depth0 != null ? depth0.utmsource : depth0)) != null ? helper : alias1),(typeof helper === alias2 ? helper.call(depth0,{"name":"utmsource","hash":{},"data":data}) : helper)))- + "\" data-l10n-id=\"pocket-panel-home-discover-more\"></a>\n"; },"useData":true}); templates['explore_more'] = template({"compiler":[6,">= 2.0.0-beta.1"],"main":function(depth0,helpers,partials,data) { var helper, alias1=helpers.helperMissing, alias2="function", alias3=this.escapeExpression;
I'll analyze the provided code diff for security fixes following the specified format. Vulnerability Existed: not sure Potential HTML Injection/URL Manipulation [File] [Lines 19-45] [Old Code] The original code contained various URL constructions with user-provided parameters (utmCampaign, utmSource) without clear validation [Fixed Code] The changes appear to be primarily class name additions (btn-container-firefox, btn-container-email) rather than security fixes Vulnerability Existed: not sure Removed Code Vulnerability [File] [Lines 45-68] [Old Code] The removed 'popular_topics' template contained similar URL construction patterns with user-provided parameters (topic, title) [Fixed Code] The template was completely removed, which might eliminate potential injection vectors if the parameters weren't properly sanitized Note: While the changes don't clearly show security fixes, there are patterns that could potentially lead to vulnerabilities: 1. URL construction with multiple dynamic parameters 2. Use of target="_blank" without rel="noopener noreferrer" 3. Possible lack of input validation for URL parameters However, without more context about how the parameters are sanitized before being used in these templates, I can't definitively confirm if actual vulnerabilities existed or were fixed. The main visible changes are class name additions and template removal rather than clear security fixes.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.