Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/mediaqueries/mq-invalid-media-type-004.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/mediaqueries/mq-invalid-media-type-004.html@@ -18,6 +18,9 @@ @media not only { div { background-color: red; } }+ @media only {+ div { background-color: red; }+ } </style> </head> <body>
Based on the provided code diff, I'll analyze it for potential security vulnerabilities:
1. Vulnerability Existed: no
No specific vulnerability found [File] [Lines 18-21]
[Old Code]
No previous code at this location
[Fixed Code]
Added new test case for @media only query
Analysis:
- The diff shows an addition of a new test case for CSS media queries
- This appears to be adding test coverage for a specific media query case ("@media only")
- There are no security vulnerabilities evident in this change
- The modification is purely related to test coverage expansion
- No security-relevant code was modified or removed
- The change is focused on testing CSS parsing behavior
The change appears to be part of normal test suite maintenance and expansion, not related to any security fixes. No vulnerabilities were identified in this diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/devtools/server/actors/webconsole.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/devtools/server/actors/webconsole.js@@ -4,7 +4,6 @@ "use strict";-/* global XPCNativeWrapper */ const { ActorClassWithSpec, Actor } = require("devtools/shared/protocol"); const { webconsoleSpec } = require("devtools/shared/specs/webconsole");@@ -377,28 +376,6 @@ return { actor: this.actorID }; },- hasNativeConsoleAPI: function(window) {- if (isWorker || !(window instanceof Ci.nsIDOMWindow)) {- // We can only use XPCNativeWrapper on non-worker nsIDOMWindow.- return true;- }-- let isNative = false;- try {- // We are very explicitly examining the "console" property of- // the non-Xrayed object here.- const console = window.wrappedJSObject.console;- // In xpcshell tests, console ends up being undefined and XPCNativeWrapper- // crashes in debug builds.- if (console) {- isNative = new XPCNativeWrapper(console).IS_NATIVE_CONSOLE;- }- } catch (ex) {- // ignored- }- return isNative;- },- _findProtoChain: ThreadActor.prototype._findProtoChain, _removeFromProtoChain: ThreadActor.prototype._removeFromProtoChain,@@ -789,8 +766,7 @@ startedListeners.forEach(this._listeners.add, this._listeners); return {- startedListeners: startedListeners,- nativeConsoleAPI: this.hasNativeConsoleAPI(this.global),+ startedListeners, }; },
Here's the analysis of the provided code diff following the specified format:
1. Vulnerability Existed: not sure
[Removed XPCNativeWrapper usage] [devtools/server/actors/webconsole.js] [Lines 377-396 removed, 789 modified]
[Old Code]
```javascript
hasNativeConsoleAPI: function(window) {
if (isWorker || !(window instanceof Ci.nsIDOMWindow)) {
// We can only use XPCNativeWrapper on non-worker nsIDOMWindow.
return true;
}
let isNative = false;
try {
// We are very explicitly examining the "console" property of
// the non-Xrayed object here.
const console = window.wrappedJSObject.console;
// In xpcshell tests, console ends up being undefined and XPCNativeWrapper
// crashes in debug builds.
if (console) {
isNative = new XPCNativeWrapper(console).IS_NATIVE_CONSOLE;
}
} catch (ex) {
// ignored
}
return isNative;
},
```
[Fixed Code]
(Removed completely, along with its usage in the return statement)
Additional Details:
- The diff shows removal of the `hasNativeConsoleAPI` function which used `XPCNativeWrapper`
- `XPCNativeWrapper` has been deprecated in Firefox and can potentially cause security issues
- The removal suggests moving away from this deprecated API, which could have had security implications
- Without more context about why `XPCNativeWrapper` was being used here, it's hard to determine if this was fixing a specific vulnerability or just modernizing the code
- The change also simplifies the return object by removing the `nativeConsoleAPI` property
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/jpeg-xl/lib/jxl/enc_color_management.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/jpeg-xl/lib/jxl/enc_color_management.h@@ -13,6 +13,7 @@ #include <vector>+#include "jxl/cms_interface.h" #include "lib/jxl/base/padded_bytes.h" #include "lib/jxl/base/status.h" #include "lib/jxl/color_encoding_internal.h"@@ -22,48 +23,65 @@ namespace jxl {-// Run is thread-safe.+// Internal C++ wrapper for a JxlCmsInterface. class ColorSpaceTransform { public:- ColorSpaceTransform();- ~ColorSpaceTransform();+ explicit ColorSpaceTransform(const JxlCmsInterface& cms) : cms_(cms) {}+ ~ColorSpaceTransform() {+ if (cms_data_ != nullptr) {+ cms_.destroy(cms_data_);+ }+ }- // Cannot copy (transforms_ holds pointers).+ // Cannot copy. ColorSpaceTransform(const ColorSpaceTransform&) = delete; ColorSpaceTransform& operator=(const ColorSpaceTransform&) = delete;- // "Constructor"; allocates for up to `num_threads`, or returns false.- // `intensity_target` is used for conversion to and from PQ, which is absolute- // (1 always represents 10000 cd/m²) and thus needs scaling in linear space if- // 1 is to represent another luminance level instead. Status Init(const ColorEncoding& c_src, const ColorEncoding& c_dst,- float intensity_target, size_t xsize, size_t num_threads);+ float intensity_target, size_t xsize, size_t num_threads) {+ xsize_ = xsize;+ JxlColorProfile input_profile;+ icc_src_ = c_src.ICC();+ input_profile.icc.data = icc_src_.data();+ input_profile.icc.size = icc_src_.size();+ ConvertInternalToExternalColorEncoding(c_src,+ &input_profile.color_encoding);+ input_profile.num_channels = c_src.Channels();+ JxlColorProfile output_profile;+ icc_dst_ = c_dst.ICC();+ output_profile.icc.data = icc_dst_.data();+ output_profile.icc.size = icc_dst_.size();+ ConvertInternalToExternalColorEncoding(c_dst,+ &output_profile.color_encoding);+ output_profile.num_channels = c_dst.Channels();+ cms_data_ = cms_.init(cms_.init_data, num_threads, xsize, &input_profile,+ &output_profile, intensity_target);+ JXL_RETURN_IF_ERROR(cms_data_ != nullptr);+ return true;+ }- float* BufSrc(const size_t thread) { return buf_src_.Row(thread); }+ float* BufSrc(const size_t thread) const {+ return cms_.get_src_buf(cms_data_, thread);+ }- float* BufDst(const size_t thread) { return buf_dst_.Row(thread); }+ float* BufDst(const size_t thread) const {+ return cms_.get_dst_buf(cms_data_, thread);+ }-#if JPEGXL_ENABLE_SKCMS- struct SkcmsICC;- std::unique_ptr<SkcmsICC> skcms_icc_;-#else- void* lcms_transform_;-#endif+ Status Run(const size_t thread, const float* buf_src, float* buf_dst) {+ return cms_.run(cms_data_, thread, buf_src, buf_dst, xsize_);+ }- ImageF buf_src_;- ImageF buf_dst_;- float intensity_target_;+ private:+ JxlCmsInterface cms_;+ void* cms_data_ = nullptr;+ // The interface may retain pointers into these.+ PaddedBytes icc_src_;+ PaddedBytes icc_dst_; size_t xsize_;- bool skip_lcms_ = false;- ExtraTF preprocess_ = ExtraTF::kNone;- ExtraTF postprocess_ = ExtraTF::kNone; };-// buf_X can either be from BufX() or caller-allocated, interleaved storage.-// `thread` must be less than the `num_threads` passed to Init.-// `t` is non-const because buf_* may be modified.-void DoColorSpaceTransform(ColorSpaceTransform* t, size_t thread,- const float* buf_src, float* buf_dst);+const JxlCmsInterface& GetJxlCms(); } // namespace jxl
Let me analyze the code diff for potential security vulnerabilities. 1. Vulnerability Existed: not sure [Potential Memory Leak] [third_party/jpeg-xl/lib/jxl/enc_color_management.h] [Lines 22-48] [Old Code] No explicit destructor shown, potential memory leak if resources weren't properly cleaned up [Fixed Code] Added explicit destructor that properly cleans up cms_data_ using cms_.destroy() 2. Vulnerability Existed: not sure [Potential Null Pointer Dereference] [third_party/jpeg-xl/lib/jxl/enc_color_management.h] [Lines 22-48] [Old Code] No explicit null checks when accessing transformation buffers [Fixed Code] Now using interface methods (get_src_buf, get_dst_buf) that presumably handle null checks 3. Vulnerability Existed: not sure [Potential Race Condition] [third_party/jpeg-xl/lib/jxl/enc_color_management.h] [Lines 22-48] [Old Code] Direct buffer access with thread index but no clear thread safety guarantees [Fixed Code] Now using interface methods that presumably handle thread safety The changes appear to be more about architectural improvements (moving to an interface-based design) rather than fixing specific known vulnerabilities. The new implementation: 1. Better encapsulates memory management 2. Uses a more structured interface for color management 3. Removes direct buffer access 4. Properly cleans up resources While these changes improve code safety and could prevent potential vulnerabilities, I can't identify any specific, named vulnerabilities that were fixed. The changes seem more proactive than reactive. Note: Without seeing the actual implementation of the JxlCmsInterface methods, it's hard to be certain about all security implications, but the changes generally appear to move toward safer practices.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/devtools/server/performance/profiler.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/devtools/server/performance/profiler.js@@ -555,14 +555,6 @@ }); return { registered: response }; }-- /**- * Checks whether or not the profiler module can currently run.- * @return boolean- */- static canProfile() {- return Services.profiler.CanProfile();- } } /**
Let me analyze the code diff for security fixes.
Vulnerability Existed: not sure
[Potential Information Leak] [devtools/server/performance/profiler.js] [Lines 555-560]
[Old Code]
/**
* Checks whether or not the profiler module can currently run.
* @return boolean
*/
static canProfile() {
return Services.profiler.CanProfile();
}
[Fixed Code]
[Method completely removed]
Additional Details:
1. The removed method `canProfile()` was exposing profiler capability information which could potentially be used by attackers to determine system capabilities before attempting other attacks.
2. While this isn't a direct vulnerability, removing such capability checks can be part of security hardening by reducing information disclosure.
3. Without more context about why this method was removed, I can't definitively say this was a security fix, but it could be related to security hardening.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/ash/src/vk/native.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/ash/src/vk/native.rs@@ -89,142 +89,145 @@ pub type __uint32_t = ::std::os::raw::c_uint; pub type __int64_t = ::std::os::raw::c_long; pub type __uint64_t = ::std::os::raw::c_ulong;-pub const StdVideoH264ChromaFormatIdc_std_video_h264_chroma_format_idc_monochrome:+pub const StdVideoH264ChromaFormatIdc_STD_VIDEO_H264_CHROMA_FORMAT_IDC_MONOCHROME: StdVideoH264ChromaFormatIdc = 0;-pub const StdVideoH264ChromaFormatIdc_std_video_h264_chroma_format_idc_420:+pub const StdVideoH264ChromaFormatIdc_STD_VIDEO_H264_CHROMA_FORMAT_IDC_420: StdVideoH264ChromaFormatIdc = 1;-pub const StdVideoH264ChromaFormatIdc_std_video_h264_chroma_format_idc_422:+pub const StdVideoH264ChromaFormatIdc_STD_VIDEO_H264_CHROMA_FORMAT_IDC_422: StdVideoH264ChromaFormatIdc = 2;-pub const StdVideoH264ChromaFormatIdc_std_video_h264_chroma_format_idc_444:+pub const StdVideoH264ChromaFormatIdc_STD_VIDEO_H264_CHROMA_FORMAT_IDC_444: StdVideoH264ChromaFormatIdc = 3;+pub const StdVideoH264ChromaFormatIdc_STD_VIDEO_H264_CHROMA_FORMAT_IDC_INVALID:+ StdVideoH264ChromaFormatIdc = 2147483647; pub type StdVideoH264ChromaFormatIdc = ::std::os::raw::c_uint;-pub const StdVideoH264ProfileIdc_std_video_h264_profile_idc_baseline: StdVideoH264ProfileIdc = 66;-pub const StdVideoH264ProfileIdc_std_video_h264_profile_idc_main: StdVideoH264ProfileIdc = 77;-pub const StdVideoH264ProfileIdc_std_video_h264_profile_idc_high: StdVideoH264ProfileIdc = 100;-pub const StdVideoH264ProfileIdc_std_video_h264_profile_idc_high_444_predictive:+pub const StdVideoH264ProfileIdc_STD_VIDEO_H264_PROFILE_IDC_BASELINE: StdVideoH264ProfileIdc = 66;+pub const StdVideoH264ProfileIdc_STD_VIDEO_H264_PROFILE_IDC_MAIN: StdVideoH264ProfileIdc = 77;+pub const StdVideoH264ProfileIdc_STD_VIDEO_H264_PROFILE_IDC_HIGH: StdVideoH264ProfileIdc = 100;+pub const StdVideoH264ProfileIdc_STD_VIDEO_H264_PROFILE_IDC_HIGH_444_PREDICTIVE: StdVideoH264ProfileIdc = 244;-pub const StdVideoH264ProfileIdc_std_video_h264_profile_idc_invalid: StdVideoH264ProfileIdc =+pub const StdVideoH264ProfileIdc_STD_VIDEO_H264_PROFILE_IDC_INVALID: StdVideoH264ProfileIdc = 2147483647; pub type StdVideoH264ProfileIdc = ::std::os::raw::c_uint;-pub const StdVideoH264Level_std_video_h264_level_1_0: StdVideoH264Level = 0;-pub const StdVideoH264Level_std_video_h264_level_1_1: StdVideoH264Level = 1;-pub const StdVideoH264Level_std_video_h264_level_1_2: StdVideoH264Level = 2;-pub const StdVideoH264Level_std_video_h264_level_1_3: StdVideoH264Level = 3;-pub const StdVideoH264Level_std_video_h264_level_2_0: StdVideoH264Level = 4;-pub const StdVideoH264Level_std_video_h264_level_2_1: StdVideoH264Level = 5;-pub const StdVideoH264Level_std_video_h264_level_2_2: StdVideoH264Level = 6;-pub const StdVideoH264Level_std_video_h264_level_3_0: StdVideoH264Level = 7;-pub const StdVideoH264Level_std_video_h264_level_3_1: StdVideoH264Level = 8;-pub const StdVideoH264Level_std_video_h264_level_3_2: StdVideoH264Level = 9;-pub const StdVideoH264Level_std_video_h264_level_4_0: StdVideoH264Level = 10;-pub const StdVideoH264Level_std_video_h264_level_4_1: StdVideoH264Level = 11;-pub const StdVideoH264Level_std_video_h264_level_4_2: StdVideoH264Level = 12;-pub const StdVideoH264Level_std_video_h264_level_5_0: StdVideoH264Level = 13;-pub const StdVideoH264Level_std_video_h264_level_5_1: StdVideoH264Level = 14;-pub const StdVideoH264Level_std_video_h264_level_5_2: StdVideoH264Level = 15;-pub const StdVideoH264Level_std_video_h264_level_6_0: StdVideoH264Level = 16;-pub const StdVideoH264Level_std_video_h264_level_6_1: StdVideoH264Level = 17;-pub const StdVideoH264Level_std_video_h264_level_6_2: StdVideoH264Level = 18;-pub const StdVideoH264Level_std_video_h264_level_invalid: StdVideoH264Level = 2147483647;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_1_0: StdVideoH264Level = 0;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_1_1: StdVideoH264Level = 1;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_1_2: StdVideoH264Level = 2;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_1_3: StdVideoH264Level = 3;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_2_0: StdVideoH264Level = 4;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_2_1: StdVideoH264Level = 5;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_2_2: StdVideoH264Level = 6;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_3_0: StdVideoH264Level = 7;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_3_1: StdVideoH264Level = 8;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_3_2: StdVideoH264Level = 9;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_4_0: StdVideoH264Level = 10;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_4_1: StdVideoH264Level = 11;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_4_2: StdVideoH264Level = 12;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_5_0: StdVideoH264Level = 13;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_5_1: StdVideoH264Level = 14;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_5_2: StdVideoH264Level = 15;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_6_0: StdVideoH264Level = 16;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_6_1: StdVideoH264Level = 17;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_6_2: StdVideoH264Level = 18;+pub const StdVideoH264Level_STD_VIDEO_H264_LEVEL_INVALID: StdVideoH264Level = 2147483647; pub type StdVideoH264Level = ::std::os::raw::c_uint;-pub const StdVideoH264PocType_std_video_h264_poc_type_0: StdVideoH264PocType = 0;-pub const StdVideoH264PocType_std_video_h264_poc_type_1: StdVideoH264PocType = 1;-pub const StdVideoH264PocType_std_video_h264_poc_type_2: StdVideoH264PocType = 2;-pub const StdVideoH264PocType_std_video_h264_poc_type_invalid: StdVideoH264PocType = 2147483647;+pub const StdVideoH264PocType_STD_VIDEO_H264_POC_TYPE_0: StdVideoH264PocType = 0;+pub const StdVideoH264PocType_STD_VIDEO_H264_POC_TYPE_1: StdVideoH264PocType = 1;+pub const StdVideoH264PocType_STD_VIDEO_H264_POC_TYPE_2: StdVideoH264PocType = 2;+pub const StdVideoH264PocType_STD_VIDEO_H264_POC_TYPE_INVALID: StdVideoH264PocType = 2147483647; pub type StdVideoH264PocType = ::std::os::raw::c_uint;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_unspecified:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_UNSPECIFIED: StdVideoH264AspectRatioIdc = 0;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_square:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_SQUARE: StdVideoH264AspectRatioIdc = 1;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_12_11:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_12_11: StdVideoH264AspectRatioIdc = 2;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_10_11:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_10_11: StdVideoH264AspectRatioIdc = 3;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_16_11:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_16_11: StdVideoH264AspectRatioIdc = 4;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_40_33:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_40_33: StdVideoH264AspectRatioIdc = 5;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_24_11:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_24_11: StdVideoH264AspectRatioIdc = 6;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_20_11:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_20_11: StdVideoH264AspectRatioIdc = 7;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_32_11:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_32_11: StdVideoH264AspectRatioIdc = 8;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_80_33:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_80_33: StdVideoH264AspectRatioIdc = 9;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_18_11:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_18_11: StdVideoH264AspectRatioIdc = 10;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_15_11:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_15_11: StdVideoH264AspectRatioIdc = 11;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_64_33:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_64_33: StdVideoH264AspectRatioIdc = 12;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_160_99:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_160_99: StdVideoH264AspectRatioIdc = 13;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_4_3:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_4_3: StdVideoH264AspectRatioIdc = 14;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_3_2:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_3_2: StdVideoH264AspectRatioIdc = 15;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_2_1:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_2_1: StdVideoH264AspectRatioIdc = 16;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_extended_sar:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_EXTENDED_SAR: StdVideoH264AspectRatioIdc = 255;-pub const StdVideoH264AspectRatioIdc_std_video_h264_aspect_ratio_idc_invalid:+pub const StdVideoH264AspectRatioIdc_STD_VIDEO_H264_ASPECT_RATIO_IDC_INVALID: StdVideoH264AspectRatioIdc = 2147483647; pub type StdVideoH264AspectRatioIdc = ::std::os::raw::c_uint;-pub const StdVideoH264WeightedBiPredIdc_std_video_h264_default_weighted_b_slices_prediction_idc:- StdVideoH264WeightedBiPredIdc = 0;-pub const StdVideoH264WeightedBiPredIdc_std_video_h264_explicit_weighted_b_slices_prediction_idc:- StdVideoH264WeightedBiPredIdc = 1;-pub const StdVideoH264WeightedBiPredIdc_std_video_h264_implicit_weighted_b_slices_prediction_idc:- StdVideoH264WeightedBiPredIdc = 2;-pub const StdVideoH264WeightedBiPredIdc_std_video_h264_invalid_weighted_b_slices_prediction_idc:- StdVideoH264WeightedBiPredIdc = 2147483647;-pub type StdVideoH264WeightedBiPredIdc = ::std::os::raw::c_uint;-pub const StdVideoH264ModificationOfPicNumsIdc_std_video_h264_modification_of_pic_nums_idc_short_term_subtract : StdVideoH264ModificationOfPicNumsIdc = 0 ;-pub const StdVideoH264ModificationOfPicNumsIdc_std_video_h264_modification_of_pic_nums_idc_short_term_add : StdVideoH264ModificationOfPicNumsIdc = 1 ;-pub const StdVideoH264ModificationOfPicNumsIdc_std_video_h264_modification_of_pic_nums_idc_long_term : StdVideoH264ModificationOfPicNumsIdc = 2 ;-pub const StdVideoH264ModificationOfPicNumsIdc_std_video_h264_modification_of_pic_nums_idc_end:+pub const StdVideoH264WeightedBipredIdc_STD_VIDEO_H264_WEIGHTED_BIPRED_IDC_DEFAULT:+ StdVideoH264WeightedBipredIdc = 0;+pub const StdVideoH264WeightedBipredIdc_STD_VIDEO_H264_WEIGHTED_BIPRED_IDC_EXPLICIT:+ StdVideoH264WeightedBipredIdc = 1;+pub const StdVideoH264WeightedBipredIdc_STD_VIDEO_H264_WEIGHTED_BIPRED_IDC_IMPLICIT:+ StdVideoH264WeightedBipredIdc = 2;+pub const StdVideoH264WeightedBipredIdc_STD_VIDEO_H264_WEIGHTED_BIPRED_IDC_INVALID:+ StdVideoH264WeightedBipredIdc = 2147483647;+pub type StdVideoH264WeightedBipredIdc = ::std::os::raw::c_uint;+pub const StdVideoH264ModificationOfPicNumsIdc_STD_VIDEO_H264_MODIFICATION_OF_PIC_NUMS_IDC_SHORT_TERM_SUBTRACT : StdVideoH264ModificationOfPicNumsIdc = 0 ;+pub const StdVideoH264ModificationOfPicNumsIdc_STD_VIDEO_H264_MODIFICATION_OF_PIC_NUMS_IDC_SHORT_TERM_ADD : StdVideoH264ModificationOfPicNumsIdc = 1 ;+pub const StdVideoH264ModificationOfPicNumsIdc_STD_VIDEO_H264_MODIFICATION_OF_PIC_NUMS_IDC_LONG_TERM : StdVideoH264ModificationOfPicNumsIdc = 2 ;+pub const StdVideoH264ModificationOfPicNumsIdc_STD_VIDEO_H264_MODIFICATION_OF_PIC_NUMS_IDC_END: StdVideoH264ModificationOfPicNumsIdc = 3;-pub const StdVideoH264ModificationOfPicNumsIdc_std_video_h264_modification_of_pic_nums_idc_invalid : StdVideoH264ModificationOfPicNumsIdc = 2147483647 ;+pub const StdVideoH264ModificationOfPicNumsIdc_STD_VIDEO_H264_MODIFICATION_OF_PIC_NUMS_IDC_INVALID : StdVideoH264ModificationOfPicNumsIdc = 2147483647 ; pub type StdVideoH264ModificationOfPicNumsIdc = ::std::os::raw::c_uint;-pub const StdVideoH264MemMgmtControlOp_std_video_h264_mem_mgmt_control_op_end:+pub const StdVideoH264MemMgmtControlOp_STD_VIDEO_H264_MEM_MGMT_CONTROL_OP_END: StdVideoH264MemMgmtControlOp = 0;-pub const StdVideoH264MemMgmtControlOp_std_video_h264_mem_mgmt_control_op_unmark_short_term:+pub const StdVideoH264MemMgmtControlOp_STD_VIDEO_H264_MEM_MGMT_CONTROL_OP_UNMARK_SHORT_TERM: StdVideoH264MemMgmtControlOp = 1;-pub const StdVideoH264MemMgmtControlOp_std_video_h264_mem_mgmt_control_op_unmark_long_term:+pub const StdVideoH264MemMgmtControlOp_STD_VIDEO_H264_MEM_MGMT_CONTROL_OP_UNMARK_LONG_TERM: StdVideoH264MemMgmtControlOp = 2;-pub const StdVideoH264MemMgmtControlOp_std_video_h264_mem_mgmt_control_op_mark_long_term:+pub const StdVideoH264MemMgmtControlOp_STD_VIDEO_H264_MEM_MGMT_CONTROL_OP_MARK_LONG_TERM: StdVideoH264MemMgmtControlOp = 3;-pub const StdVideoH264MemMgmtControlOp_std_video_h264_mem_mgmt_control_op_set_max_long_term_index : StdVideoH264MemMgmtControlOp = 4 ;-pub const StdVideoH264MemMgmtControlOp_std_video_h264_mem_mgmt_control_op_unmark_all:+pub const StdVideoH264MemMgmtControlOp_STD_VIDEO_H264_MEM_MGMT_CONTROL_OP_SET_MAX_LONG_TERM_INDEX : StdVideoH264MemMgmtControlOp = 4 ;+pub const StdVideoH264MemMgmtControlOp_STD_VIDEO_H264_MEM_MGMT_CONTROL_OP_UNMARK_ALL: StdVideoH264MemMgmtControlOp = 5;-pub const StdVideoH264MemMgmtControlOp_std_video_h264_mem_mgmt_control_op_mark_current_as_long_term : StdVideoH264MemMgmtControlOp = 6 ;-pub const StdVideoH264MemMgmtControlOp_std_video_h264_mem_mgmt_control_op_invalid:+pub const StdVideoH264MemMgmtControlOp_STD_VIDEO_H264_MEM_MGMT_CONTROL_OP_MARK_CURRENT_AS_LONG_TERM : StdVideoH264MemMgmtControlOp = 6 ;+pub const StdVideoH264MemMgmtControlOp_STD_VIDEO_H264_MEM_MGMT_CONTROL_OP_INVALID: StdVideoH264MemMgmtControlOp = 2147483647; pub type StdVideoH264MemMgmtControlOp = ::std::os::raw::c_uint;-pub const StdVideoH264CabacInitIdc_std_video_h264_cabac_init_idc_0: StdVideoH264CabacInitIdc = 0;-pub const StdVideoH264CabacInitIdc_std_video_h264_cabac_init_idc_1: StdVideoH264CabacInitIdc = 1;-pub const StdVideoH264CabacInitIdc_std_video_h264_cabac_init_idc_2: StdVideoH264CabacInitIdc = 2;-pub const StdVideoH264CabacInitIdc_std_video_h264_cabac_init_idc_invalid: StdVideoH264CabacInitIdc =+pub const StdVideoH264CabacInitIdc_STD_VIDEO_H264_CABAC_INIT_IDC_0: StdVideoH264CabacInitIdc = 0;+pub const StdVideoH264CabacInitIdc_STD_VIDEO_H264_CABAC_INIT_IDC_1: StdVideoH264CabacInitIdc = 1;+pub const StdVideoH264CabacInitIdc_STD_VIDEO_H264_CABAC_INIT_IDC_2: StdVideoH264CabacInitIdc = 2;+pub const StdVideoH264CabacInitIdc_STD_VIDEO_H264_CABAC_INIT_IDC_INVALID: StdVideoH264CabacInitIdc = 2147483647; pub type StdVideoH264CabacInitIdc = ::std::os::raw::c_uint;-pub const StdVideoH264DisableDeblockingFilterIdc_std_video_h264_disable_deblocking_filter_idc_disabled : StdVideoH264DisableDeblockingFilterIdc = 0 ;-pub const StdVideoH264DisableDeblockingFilterIdc_std_video_h264_disable_deblocking_filter_idc_enabled : StdVideoH264DisableDeblockingFilterIdc = 1 ;-pub const StdVideoH264DisableDeblockingFilterIdc_std_video_h264_disable_deblocking_filter_idc_partial : StdVideoH264DisableDeblockingFilterIdc = 2 ;-pub const StdVideoH264DisableDeblockingFilterIdc_std_video_h264_disable_deblocking_filter_idc_invalid : StdVideoH264DisableDeblockingFilterIdc = 2147483647 ;+pub const StdVideoH264DisableDeblockingFilterIdc_STD_VIDEO_H264_DISABLE_DEBLOCKING_FILTER_IDC_DISABLED : StdVideoH264DisableDeblockingFilterIdc = 0 ;+pub const StdVideoH264DisableDeblockingFilterIdc_STD_VIDEO_H264_DISABLE_DEBLOCKING_FILTER_IDC_ENABLED : StdVideoH264DisableDeblockingFilterIdc = 1 ;+pub const StdVideoH264DisableDeblockingFilterIdc_STD_VIDEO_H264_DISABLE_DEBLOCKING_FILTER_IDC_PARTIAL : StdVideoH264DisableDeblockingFilterIdc = 2 ;+pub const StdVideoH264DisableDeblockingFilterIdc_STD_VIDEO_H264_DISABLE_DEBLOCKING_FILTER_IDC_INVALID : StdVideoH264DisableDeblockingFilterIdc = 2147483647 ; pub type StdVideoH264DisableDeblockingFilterIdc = ::std::os::raw::c_uint;-pub const StdVideoH264PictureType_std_video_h264_picture_type_i: StdVideoH264PictureType = 0;-pub const StdVideoH264PictureType_std_video_h264_picture_type_p: StdVideoH264PictureType = 1;-pub const StdVideoH264PictureType_std_video_h264_picture_type_b: StdVideoH264PictureType = 2;-pub const StdVideoH264PictureType_std_video_h264_picture_type_invalid: StdVideoH264PictureType =+pub const StdVideoH264SliceType_STD_VIDEO_H264_SLICE_TYPE_P: StdVideoH264SliceType = 0;+pub const StdVideoH264SliceType_STD_VIDEO_H264_SLICE_TYPE_B: StdVideoH264SliceType = 1;+pub const StdVideoH264SliceType_STD_VIDEO_H264_SLICE_TYPE_I: StdVideoH264SliceType = 2;+pub const StdVideoH264SliceType_STD_VIDEO_H264_SLICE_TYPE_INVALID: StdVideoH264SliceType =+ 2147483647;+pub type StdVideoH264SliceType = ::std::os::raw::c_uint;+pub const StdVideoH264PictureType_STD_VIDEO_H264_PICTURE_TYPE_P: StdVideoH264PictureType = 0;+pub const StdVideoH264PictureType_STD_VIDEO_H264_PICTURE_TYPE_B: StdVideoH264PictureType = 1;+pub const StdVideoH264PictureType_STD_VIDEO_H264_PICTURE_TYPE_I: StdVideoH264PictureType = 2;+pub const StdVideoH264PictureType_STD_VIDEO_H264_PICTURE_TYPE_IDR: StdVideoH264PictureType = 5;+pub const StdVideoH264PictureType_STD_VIDEO_H264_PICTURE_TYPE_INVALID: StdVideoH264PictureType = 2147483647; pub type StdVideoH264PictureType = ::std::os::raw::c_uint;-pub const StdVideoH264SliceType_std_video_h264_slice_type_i: StdVideoH264SliceType = 0;-pub const StdVideoH264SliceType_std_video_h264_slice_type_p: StdVideoH264SliceType = 1;-pub const StdVideoH264SliceType_std_video_h264_slice_type_b: StdVideoH264SliceType = 2;-pub const StdVideoH264SliceType_std_video_h264_slice_type_invalid: StdVideoH264SliceType =- 2147483647;-pub type StdVideoH264SliceType = ::std::os::raw::c_uint; #[repr(C)] #[repr(align(4))] #[derive(Debug, Copy, Clone)]@@ -626,8 +629,8 @@ pub matrix_coefficients: u8, pub num_units_in_tick: u32, pub time_scale: u32,- pub hrd_parameters: StdVideoH264HrdParameters,- pub num_reorder_frames: u8,+ pub pHrdParameters: *mut StdVideoH264HrdParameters,+ pub max_num_reorder_frames: u8, pub max_dec_frame_buffering: u8, pub flags: StdVideoH264SpsVuiFlags, }@@ -635,12 +638,12 @@ fn bindgen_test_layout_StdVideoH264SequenceParameterSetVui() { assert_eq!( ::std::mem::size_of::<StdVideoH264SequenceParameterSetVui>(),- 336usize,+ 40usize, concat!("Size of: ", stringify!(StdVideoH264SequenceParameterSetVui)) ); assert_eq!( ::std::mem::align_of::<StdVideoH264SequenceParameterSetVui>(),- 4usize,+ 8usize, concat!( "Alignment of ", stringify!(StdVideoH264SequenceParameterSetVui)@@ -765,28 +768,28 @@ ); assert_eq!( unsafe {- &(*(::std::ptr::null::<StdVideoH264SequenceParameterSetVui>())).hrd_parameters- as *const _ as usize- },- 20usize,+ &(*(::std::ptr::null::<StdVideoH264SequenceParameterSetVui>())).pHrdParameters+ as *const _ as usize+ },+ 24usize, concat!( "Offset of field: ", stringify!(StdVideoH264SequenceParameterSetVui), "::",- stringify!(hrd_parameters)- )- );- assert_eq!(- unsafe {- &(*(::std::ptr::null::<StdVideoH264SequenceParameterSetVui>())).num_reorder_frames- as *const _ as usize- },- 328usize,+ stringify!(pHrdParameters)+ )+ );+ assert_eq!(+ unsafe {+ &(*(::std::ptr::null::<StdVideoH264SequenceParameterSetVui>())).max_num_reorder_frames+ as *const _ as usize+ },+ 32usize, concat!( "Offset of field: ", stringify!(StdVideoH264SequenceParameterSetVui), "::",- stringify!(num_reorder_frames)+ stringify!(max_num_reorder_frames) ) ); assert_eq!(@@ -794,7 +797,7 @@ &(*(::std::ptr::null::<StdVideoH264SequenceParameterSetVui>())).max_dec_frame_buffering as *const _ as usize },- 329usize,+ 33usize, concat!( "Offset of field: ", stringify!(StdVideoH264SequenceParameterSetVui),@@ -807,7 +810,7 @@ &(*(::std::ptr::null::<StdVideoH264SequenceParameterSetVui>())).flags as *const _ as usize },- 332usize,+ 36usize, concat!( "Offset of field: ", stringify!(StdVideoH264SequenceParameterSetVui),@@ -821,8 +824,8 @@ #[derive(Debug, Copy, Clone)] pub struct StdVideoH264SpsFlags { pub _bitfield_align_1: [u8; 0],- pub _bitfield_1: __BindgenBitfieldUnit<[u8; 3usize]>,- pub __bindgen_padding_0: u8,+ pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>,+ pub __bindgen_padding_0: u16, } #[test] fn bindgen_test_layout_StdVideoH264SpsFlags() {@@ -949,11 +952,11 @@ } } #[inline]- pub fn residual_colour_transform_flag(&self) -> u32 {+ pub fn separate_colour_plane_flag(&self) -> u32 { unsafe { ::std::mem::transmute(self._bitfield_1.get(10usize, 1u8) as u32) } } #[inline]- pub fn set_residual_colour_transform_flag(&mut self, val: u32) {+ pub fn set_separate_colour_plane_flag(&mut self, val: u32) { unsafe { let val: u32 = ::std::mem::transmute(val); self._bitfield_1.set(10usize, 1u8, val as u64)@@ -971,58 +974,47 @@ } } #[inline]- pub fn first_picture_after_seek_flag(&self) -> u32 {+ pub fn qpprime_y_zero_transform_bypass_flag(&self) -> u32 { unsafe { ::std::mem::transmute(self._bitfield_1.get(12usize, 1u8) as u32) } } #[inline]- pub fn set_first_picture_after_seek_flag(&mut self, val: u32) {+ pub fn set_qpprime_y_zero_transform_bypass_flag(&mut self, val: u32) { unsafe { let val: u32 = ::std::mem::transmute(val); self._bitfield_1.set(12usize, 1u8, val as u64) } } #[inline]- pub fn qpprime_y_zero_transform_bypass_flag(&self) -> u32 {+ pub fn frame_cropping_flag(&self) -> u32 { unsafe { ::std::mem::transmute(self._bitfield_1.get(13usize, 1u8) as u32) } } #[inline]- pub fn set_qpprime_y_zero_transform_bypass_flag(&mut self, val: u32) {+ pub fn set_frame_cropping_flag(&mut self, val: u32) { unsafe { let val: u32 = ::std::mem::transmute(val); self._bitfield_1.set(13usize, 1u8, val as u64) } } #[inline]- pub fn frame_cropping_flag(&self) -> u32 {+ pub fn seq_scaling_matrix_present_flag(&self) -> u32 { unsafe { ::std::mem::transmute(self._bitfield_1.get(14usize, 1u8) as u32) } } #[inline]- pub fn set_frame_cropping_flag(&mut self, val: u32) {+ pub fn set_seq_scaling_matrix_present_flag(&mut self, val: u32) { unsafe { let val: u32 = ::std::mem::transmute(val); self._bitfield_1.set(14usize, 1u8, val as u64) } } #[inline]- pub fn scaling_matrix_present_flag(&self) -> u32 {+ pub fn vui_parameters_present_flag(&self) -> u32 { unsafe { ::std::mem::transmute(self._bitfield_1.get(15usize, 1u8) as u32) } } #[inline]- pub fn set_scaling_matrix_present_flag(&mut self, val: u32) {+ pub fn set_vui_parameters_present_flag(&mut self, val: u32) { unsafe { let val: u32 = ::std::mem::transmute(val); self._bitfield_1.set(15usize, 1u8, val as u64)- }- }- #[inline]- pub fn vui_parameters_present_flag(&self) -> u32 {- unsafe { ::std::mem::transmute(self._bitfield_1.get(16usize, 1u8) as u32) }- }- #[inline]- pub fn set_vui_parameters_present_flag(&mut self, val: u32) {- unsafe {- let val: u32 = ::std::mem::transmute(val);- self._bitfield_1.set(16usize, 1u8, val as u64) } } #[inline]@@ -1037,15 +1029,14 @@ mb_adaptive_frame_field_flag: u32, frame_mbs_only_flag: u32, delta_pic_order_always_zero_flag: u32,- residual_colour_transform_flag: u32,+ separate_colour_plane_flag: u32, gaps_in_frame_num_value_allowed_flag: u32,- first_picture_after_seek_flag: u32, qpprime_y_zero_transform_bypass_flag: u32, frame_cropping_flag: u32,- scaling_matrix_present_flag: u32,+ seq_scaling_matrix_present_flag: u32, vui_parameters_present_flag: u32,- ) -> __BindgenBitfieldUnit<[u8; 3usize]> {- let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 3usize]> = Default::default();+ ) -> __BindgenBitfieldUnit<[u8; 2usize]> {+ let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); __bindgen_bitfield_unit.set(0usize, 1u8, { let constraint_set0_flag: u32 = unsafe { ::std::mem::transmute(constraint_set0_flag) }; constraint_set0_flag as u64@@ -1090,9 +1081,9 @@ delta_pic_order_always_zero_flag as u64 }); __bindgen_bitfield_unit.set(10usize, 1u8, {- let residual_colour_transform_flag: u32 =- unsafe { ::std::mem::transmute(residual_colour_transform_flag) };- residual_colour_transform_flag as u64+ let separate_colour_plane_flag: u32 =+ unsafe { ::std::mem::transmute(separate_colour_plane_flag) };+ separate_colour_plane_flag as u64 }); __bindgen_bitfield_unit.set(11usize, 1u8, { let gaps_in_frame_num_value_allowed_flag: u32 =@@ -1100,25 +1091,20 @@ gaps_in_frame_num_value_allowed_flag as u64 }); __bindgen_bitfield_unit.set(12usize, 1u8, {- let first_picture_after_seek_flag: u32 =- unsafe { ::std::mem::transmute(first_picture_after_seek_flag) };- first_picture_after_seek_flag as u64- });- __bindgen_bitfield_unit.set(13usize, 1u8, { let qpprime_y_zero_transform_bypass_flag: u32 = unsafe { ::std::mem::transmute(qpprime_y_zero_transform_bypass_flag) }; qpprime_y_zero_transform_bypass_flag as u64 });- __bindgen_bitfield_unit.set(14usize, 1u8, {+ __bindgen_bitfield_unit.set(13usize, 1u8, { let frame_cropping_flag: u32 = unsafe { ::std::mem::transmute(frame_cropping_flag) }; frame_cropping_flag as u64 });+ __bindgen_bitfield_unit.set(14usize, 1u8, {+ let seq_scaling_matrix_present_flag: u32 =+ unsafe { ::std::mem::transmute(seq_scaling_matrix_present_flag) };+ seq_scaling_matrix_present_flag as u64+ }); __bindgen_bitfield_unit.set(15usize, 1u8, {- let scaling_matrix_present_flag: u32 =- unsafe { ::std::mem::transmute(scaling_matrix_present_flag) };- scaling_matrix_present_flag as u64- });- __bindgen_bitfield_unit.set(16usize, 1u8, { let vui_parameters_present_flag: u32 = unsafe { ::std::mem::transmute(vui_parameters_present_flag) }; vui_parameters_present_flag as u64@@ -1198,7 +1184,7 @@ ); } #[repr(C)]-#[derive(Copy, Clone)]+#[derive(Debug, Copy, Clone)] pub struct StdVideoH264SequenceParameterSet { pub profile_idc: StdVideoH264ProfileIdc, pub level_idc: StdVideoH264Level,@@ -1220,7 +1206,7 @@ pub frame_crop_top_offset: u32, pub frame_crop_bottom_offset: u32, pub flags: StdVideoH264SpsFlags,- pub offset_for_ref_frame: [i32; 255usize],+ pub pOffsetForRefFrame: *mut i32, pub pScalingLists: *mut StdVideoH264ScalingLists, pub pSequenceParameterSetVui: *mut StdVideoH264SequenceParameterSetVui, }@@ -1228,7 +1214,7 @@ fn bindgen_test_layout_StdVideoH264SequenceParameterSet() { assert_eq!( ::std::mem::size_of::<StdVideoH264SequenceParameterSet>(),- 1104usize,+ 96usize, concat!("Size of: ", stringify!(StdVideoH264SequenceParameterSet)) ); assert_eq!(@@ -1500,15 +1486,15 @@ ); assert_eq!( unsafe {- &(*(::std::ptr::null::<StdVideoH264SequenceParameterSet>())).offset_for_ref_frame- as *const _ as usize- },- 68usize,+ &(*(::std::ptr::null::<StdVideoH264SequenceParameterSet>())).pOffsetForRefFrame+ as *const _ as usize+ },+ 72usize, concat!( "Offset of field: ", stringify!(StdVideoH264SequenceParameterSet), "::",- stringify!(offset_for_ref_frame)+ stringify!(pOffsetForRefFrame) ) ); assert_eq!(@@ -1516,7 +1502,7 @@ &(*(::std::ptr::null::<StdVideoH264SequenceParameterSet>())).pScalingLists as *const _ as usize },- 1088usize,+ 80usize, concat!( "Offset of field: ", stringify!(StdVideoH264SequenceParameterSet),@@ -1529,7 +1515,7 @@ &(*(::std::ptr::null::<StdVideoH264SequenceParameterSet>())).pSequenceParameterSetVui as *const _ as usize },- 1096usize,+ 88usize, concat!( "Offset of field: ", stringify!(StdVideoH264SequenceParameterSet),@@ -1649,11 +1635,11 @@ } } #[inline]- pub fn scaling_matrix_present_flag(&self) -> u32 {+ pub fn pic_scaling_matrix_present_flag(&self) -> u32 { unsafe { ::std::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } } #[inline]- pub fn set_scaling_matrix_present_flag(&mut self, val: u32) {+ pub fn set_pic_scaling_matrix_present_flag(&mut self, val: u32) { unsafe { let val: u32 = ::std::mem::transmute(val); self._bitfield_1.set(8usize, 1u8, val as u64)@@ -1669,7 +1655,7 @@ weighted_pred_flag: u32, pic_order_present_flag: u32, entropy_coding_mode_flag: u32,- scaling_matrix_present_flag: u32,+ pic_scaling_matrix_present_flag: u32, ) -> __BindgenBitfieldUnit<[u8; 2usize]> { let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); __bindgen_bitfield_unit.set(0usize, 1u8, {@@ -1712,9 +1698,9 @@ entropy_coding_mode_flag as u64 }); __bindgen_bitfield_unit.set(8usize, 1u8, {- let scaling_matrix_present_flag: u32 =- unsafe { ::std::mem::transmute(scaling_matrix_present_flag) };- scaling_matrix_present_flag as u64+ let pic_scaling_matrix_present_flag: u32 =+ unsafe { ::std::mem::transmute(pic_scaling_matrix_present_flag) };+ pic_scaling_matrix_present_flag as u64 }); __bindgen_bitfield_unit }@@ -1726,7 +1712,7 @@ pub pic_parameter_set_id: u8, pub num_ref_idx_l0_default_active_minus1: u8, pub num_ref_idx_l1_default_active_minus1: u8,- pub weighted_bipred_idc: StdVideoH264WeightedBiPredIdc,+ pub weighted_bipred_idc: StdVideoH264WeightedBipredIdc, pub pic_init_qp_minus26: i8, pub pic_init_qs_minus26: i8, pub chroma_qp_index_offset: i8,@@ -1937,42 +1923,54 @@ } } #[inline]+ pub fn IdrPicFlag(&self) -> u32 {+ unsafe { ::std::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) }+ }+ #[inline]+ pub fn set_IdrPicFlag(&mut self, val: u32) {+ unsafe {+ let val: u32 = ::std::mem::transmute(val);+ self._bitfield_1.set(2usize, 1u8, val as u64)+ }+ }+ #[inline] pub fn bottom_field_flag(&self) -> u32 {- unsafe { ::std::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) }+ unsafe { ::std::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } } #[inline] pub fn set_bottom_field_flag(&mut self, val: u32) { unsafe { let val: u32 = ::std::mem::transmute(val);- self._bitfield_1.set(2usize, 1u8, val as u64)+ self._bitfield_1.set(3usize, 1u8, val as u64) } } #[inline] pub fn is_reference(&self) -> u32 {- unsafe { ::std::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) }+ unsafe { ::std::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } } #[inline] pub fn set_is_reference(&mut self, val: u32) { unsafe { let val: u32 = ::std::mem::transmute(val);- self._bitfield_1.set(3usize, 1u8, val as u64)+ self._bitfield_1.set(4usize, 1u8, val as u64) } } #[inline] pub fn complementary_field_pair(&self) -> u32 {- unsafe { ::std::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) }+ unsafe { ::std::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } } #[inline] pub fn set_complementary_field_pair(&mut self, val: u32) { unsafe { let val: u32 = ::std::mem::transmute(val);- self._bitfield_1.set(4usize, 1u8, val as u64)+ self._bitfield_1.set(5usize, 1u8, val as u64) } } #[inline] pub fn new_bitfield_1( field_pic_flag: u32, is_intra: u32,+ IdrPicFlag: u32, bottom_field_flag: u32, is_reference: u32, complementary_field_pair: u32,@@ -1987,14 +1985,18 @@ is_intra as u64 }); __bindgen_bitfield_unit.set(2usize, 1u8, {+ let IdrPicFlag: u32 = unsafe { ::std::mem::transmute(IdrPicFlag) };+ IdrPicFlag as u64+ });+ __bindgen_bitfield_unit.set(3usize, 1u8, { let bottom_field_flag: u32 = unsafe { ::std::mem::transmute(bottom_field_flag) }; bottom_field_flag as u64 });- __bindgen_bitfield_unit.set(3usize, 1u8, {+ __bindgen_bitfield_unit.set(4usize, 1u8, { let is_reference: u32 = unsafe { ::std::mem::transmute(is_reference) }; is_reference as u64 });- __bindgen_bitfield_unit.set(4usize, 1u8, {+ __bindgen_bitfield_unit.set(5usize, 1u8, { let complementary_field_pair: u32 = unsafe { ::std::mem::transmute(complementary_field_pair) }; complementary_field_pair as u64@@ -2614,32 +2616,45 @@ ) ); }-pub const StdVideoH265ProfileIdc_std_video_h265_profile_idc_main: StdVideoH265ProfileIdc = 1;-pub const StdVideoH265ProfileIdc_std_video_h265_profile_idc_main_10: StdVideoH265ProfileIdc = 2;-pub const StdVideoH265ProfileIdc_std_video_h265_profile_idc_main_still_picture:+pub const StdVideoH265ProfileIdc_STD_VIDEO_H265_PROFILE_IDC_MAIN: StdVideoH265ProfileIdc = 1;+pub const StdVideoH265ProfileIdc_STD_VIDEO_H265_PROFILE_IDC_MAIN_10: StdVideoH265ProfileIdc = 2;+pub const StdVideoH265ProfileIdc_STD_VIDEO_H265_PROFILE_IDC_MAIN_STILL_PICTURE: StdVideoH265ProfileIdc = 3;-pub const StdVideoH265ProfileIdc_std_video_h265_profile_idc_format_range_extensions:+pub const StdVideoH265ProfileIdc_STD_VIDEO_H265_PROFILE_IDC_FORMAT_RANGE_EXTENSIONS: StdVideoH265ProfileIdc = 4;-pub const StdVideoH265ProfileIdc_std_video_h265_profile_idc_scc_extensions: StdVideoH265ProfileIdc =+pub const StdVideoH265ProfileIdc_STD_VIDEO_H265_PROFILE_IDC_SCC_EXTENSIONS: StdVideoH265ProfileIdc = 9;-pub const StdVideoH265ProfileIdc_std_video_h265_profile_idc_invalid: StdVideoH265ProfileIdc =+pub const StdVideoH265ProfileIdc_STD_VIDEO_H265_PROFILE_IDC_INVALID: StdVideoH265ProfileIdc = 2147483647; pub type StdVideoH265ProfileIdc = ::std::os::raw::c_uint;-pub const StdVideoH265Level_std_video_h265_level_1_0: StdVideoH265Level = 0;-pub const StdVideoH265Level_std_video_h265_level_2_0: StdVideoH265Level = 1;-pub const StdVideoH265Level_std_video_h265_level_2_1: StdVideoH265Level = 2;-pub const StdVideoH265Level_std_video_h265_level_3_0: StdVideoH265Level = 3;-pub const StdVideoH265Level_std_video_h265_level_3_1: StdVideoH265Level = 4;-pub const StdVideoH265Level_std_video_h265_level_4_0: StdVideoH265Level = 5;-pub const StdVideoH265Level_std_video_h265_level_4_1: StdVideoH265Level = 6;-pub const StdVideoH265Level_std_video_h265_level_5_0: StdVideoH265Level = 7;-pub const StdVideoH265Level_std_video_h265_level_5_1: StdVideoH265Level = 8;-pub const StdVideoH265Level_std_video_h265_level_5_2: StdVideoH265Level = 9;-pub const StdVideoH265Level_std_video_h265_level_6_0: StdVideoH265Level = 10;-pub const StdVideoH265Level_std_video_h265_level_6_1: StdVideoH265Level = 11;-pub const StdVideoH265Level_std_video_h265_level_6_2: StdVideoH265Level = 12;-pub const StdVideoH265Level_std_video_h265_level_invalid: StdVideoH265Level = 2147483647;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_1_0: StdVideoH265Level = 0;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_2_0: StdVideoH265Level = 1;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_2_1: StdVideoH265Level = 2;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_3_0: StdVideoH265Level = 3;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_3_1: StdVideoH265Level = 4;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_4_0: StdVideoH265Level = 5;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_4_1: StdVideoH265Level = 6;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_5_0: StdVideoH265Level = 7;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_5_1: StdVideoH265Level = 8;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_5_2: StdVideoH265Level = 9;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_6_0: StdVideoH265Level = 10;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_6_1: StdVideoH265Level = 11;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_6_2: StdVideoH265Level = 12;+pub const StdVideoH265Level_STD_VIDEO_H265_LEVEL_INVALID: StdVideoH265Level = 2147483647; pub type StdVideoH265Level = ::std::os::raw::c_uint;+pub const StdVideoH265SliceType_STD_VIDEO_H265_SLICE_TYPE_B: StdVideoH265SliceType = 0;+pub const StdVideoH265SliceType_STD_VIDEO_H265_SLICE_TYPE_P: StdVideoH265SliceType = 1;+pub const StdVideoH265SliceType_STD_VIDEO_H265_SLICE_TYPE_I: StdVideoH265SliceType = 2;+pub const StdVideoH265SliceType_STD_VIDEO_H265_SLICE_TYPE_INVALID: StdVideoH265SliceType =+ 2147483647;+pub type StdVideoH265SliceType = ::std::os::raw::c_uint;+pub const StdVideoH265PictureType_STD_VIDEO_H265_PICTURE_TYPE_P: StdVideoH265PictureType = 0;+pub const StdVideoH265PictureType_STD_VIDEO_H265_PICTURE_TYPE_B: StdVideoH265PictureType = 1;+pub const StdVideoH265PictureType_STD_VIDEO_H265_PICTURE_TYPE_I: StdVideoH265PictureType = 2;+pub const StdVideoH265PictureType_STD_VIDEO_H265_PICTURE_TYPE_IDR: StdVideoH265PictureType = 3;+pub const StdVideoH265PictureType_STD_VIDEO_H265_PICTURE_TYPE_INVALID: StdVideoH265PictureType =+ 2147483647;+pub type StdVideoH265PictureType = ::std::os::raw::c_uint; #[repr(C)] #[derive(Debug, Copy, Clone)] pub struct StdVideoH265DecPicBufMgr {@@ -2794,10 +2809,7 @@ #[derive(Debug, Copy, Clone)] pub struct StdVideoH265HrdFlags { pub _bitfield_align_1: [u8; 0],- pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,- pub fixed_pic_rate_general_flag: u8,- pub fixed_pic_rate_within_cvs_flag: u8,- pub low_delay_hrd_flag: u8,+ pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, } #[test] fn bindgen_test_layout_StdVideoH265HrdFlags() {@@ -2811,44 +2823,6 @@ 4usize, concat!("Alignment of ", stringify!(StdVideoH265HrdFlags)) );- assert_eq!(- unsafe {- &(*(::std::ptr::null::<StdVideoH265HrdFlags>())).fixed_pic_rate_general_flag as *const _- as usize- },- 1usize,- concat!(- "Offset of field: ",- stringify!(StdVideoH265HrdFlags),- "::",- stringify!(fixed_pic_rate_general_flag)- )- );- assert_eq!(- unsafe {- &(*(::std::ptr::null::<StdVideoH265HrdFlags>())).fixed_pic_rate_within_cvs_flag- as *const _ as usize- },- 2usize,- concat!(- "Offset of field: ",- stringify!(StdVideoH265HrdFlags),- "::",- stringify!(fixed_pic_rate_within_cvs_flag)- )- );- assert_eq!(- unsafe {- &(*(::std::ptr::null::<StdVideoH265HrdFlags>())).low_delay_hrd_flag as *const _ as usize- },- 3usize,- concat!(- "Offset of field: ",- stringify!(StdVideoH265HrdFlags),- "::",- stringify!(low_delay_hrd_flag)- )- ); } impl StdVideoH265HrdFlags { #[inline]@@ -2893,6 +2867,39 @@ unsafe { let val: u32 = ::std::mem::transmute(val); self._bitfield_1.set(3usize, 1u8, val as u64)+ }+ }+ #[inline]+ pub fn fixed_pic_rate_general_flag(&self) -> u32 {+ unsafe { ::std::mem::transmute(self._bitfield_1.get(4usize, 8u8) as u32) }+ }+ #[inline]+ pub fn set_fixed_pic_rate_general_flag(&mut self, val: u32) {+ unsafe {+ let val: u32 = ::std::mem::transmute(val);+ self._bitfield_1.set(4usize, 8u8, val as u64)+ }+ }+ #[inline]+ pub fn fixed_pic_rate_within_cvs_flag(&self) -> u32 {+ unsafe { ::std::mem::transmute(self._bitfield_1.get(12usize, 8u8) as u32) }+ }+ #[inline]+ pub fn set_fixed_pic_rate_within_cvs_flag(&mut self, val: u32) {+ unsafe {+ let val: u32 = ::std::mem::transmute(val);+ self._bitfield_1.set(12usize, 8u8, val as u64)+ }+ }+ #[inline]+ pub fn low_delay_hrd_flag(&self) -> u32 {+ unsafe { ::std::mem::transmute(self._bitfield_1.get(20usize, 8u8) as u32) }+ }+ #[inline]+ pub fn set_low_delay_hrd_flag(&mut self, val: u32) {+ unsafe {+ let val: u32 = ::std::mem::transmute(val);+ self._bitfield_1.set(20usize, 8u8, val as u64) } } #[inline]@@ -2901,8 +2908,11 @@ vcl_hrd_parameters_present_flag: u32, sub_pic_hrd_params_present_flag: u32, sub_pic_cpb_params_in_pic_timing_sei_flag: u32,- ) -> __BindgenBitfieldUnit<[u8; 1usize]> {- let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();+ fixed_pic_rate_general_flag: u32,+ fixed_pic_rate_within_cvs_flag: u32,+ low_delay_hrd_flag: u32,+ ) -> __BindgenBitfieldUnit<[u8; 4usize]> {+ let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); __bindgen_bitfield_unit.set(0usize, 1u8, { let nal_hrd_parameters_present_flag: u32 = unsafe { ::std::mem::transmute(nal_hrd_parameters_present_flag) };@@ -2922,6 +2932,20 @@ let sub_pic_cpb_params_in_pic_timing_sei_flag: u32 = unsafe { ::std::mem::transmute(sub_pic_cpb_params_in_pic_timing_sei_flag) }; sub_pic_cpb_params_in_pic_timing_sei_flag as u64+ });+ __bindgen_bitfield_unit.set(4usize, 8u8, {+ let fixed_pic_rate_general_flag: u32 =+ unsafe { ::std::mem::transmute(fixed_pic_rate_general_flag) };+ fixed_pic_rate_general_flag as u64+ });+ __bindgen_bitfield_unit.set(12usize, 8u8, {+ let fixed_pic_rate_within_cvs_flag: u32 =+ unsafe { ::std::mem::transmute(fixed_pic_rate_within_cvs_flag) };+ fixed_pic_rate_within_cvs_flag as u64+ });+ __bindgen_bitfield_unit.set(20usize, 8u8, {+ let low_delay_hrd_flag: u32 = unsafe { ::std::mem::transmute(low_delay_hrd_flag) };+ low_delay_hrd_flag as u64 }); __bindgen_bitfield_unit }@@ -2940,8 +2964,8 @@ pub dpb_output_delay_length_minus1: u8, pub cpb_cnt_minus1: [u8; 7usize], pub elemental_duration_in_tc_minus1: [u16; 7usize],- pub SubLayerHrdParametersNal: [*mut StdVideoH265SubLayerHrdParameters; 7usize],- pub SubLayerHrdParametersVcl: [*mut StdVideoH265SubLayerHrdParameters; 7usize],+ pub pSubLayerHrdParametersNal: [*mut StdVideoH265SubLayerHrdParameters; 7usize],+ pub pSubLayerHrdParametersVcl: [*mut StdVideoH265SubLayerHrdParameters; 7usize], pub flags: StdVideoH265HrdFlags, } #[test]@@ -3101,7 +3125,7 @@ ); assert_eq!( unsafe {- &(*(::std::ptr::null::<StdVideoH265HrdParameters>())).SubLayerHrdParametersNal+ &(*(::std::ptr::null::<StdVideoH265HrdParameters>())).pSubLayerHrdParametersNal as *const _ as usize }, 32usize,@@ -3109,12 +3133,12 @@ "Offset of field: ", stringify!(StdVideoH265HrdParameters), "::",- stringify!(SubLayerHrdParametersNal)- )- );- assert_eq!(- unsafe {- &(*(::std::ptr::null::<StdVideoH265HrdParameters>())).SubLayerHrdParametersVcl+ stringify!(pSubLayerHrdParametersNal)+ )+ );+ assert_eq!(+ unsafe {+ &(*(::std::ptr::null::<StdVideoH265HrdParameters>())).pSubLayerHrdParametersVcl as *const _ as usize }, 88usize,@@ -3122,7 +3146,7 @@ "Offset of field: ", stringify!(StdVideoH265HrdParameters), "::",- stringify!(SubLayerHrdParametersVcl)+ stringify!(pSubLayerHrdParametersVcl) ) ); assert_eq!(@@ -3242,7 +3266,7 @@ pub vps_time_scale: u32, pub vps_num_ticks_poc_diff_one_minus1: u32, pub pDecPicBufMgr: *mut StdVideoH265DecPicBufMgr,- pub hrd_parameters: *mut StdVideoH265HrdParameters,+ pub pHrdParameters: *mut StdVideoH265HrdParameters, pub flags: StdVideoH265VpsFlags, } #[test]@@ -3337,7 +3361,7 @@ ); assert_eq!( unsafe {- &(*(::std::ptr::null::<StdVideoH265VideoParameterSet>())).hrd_parameters as *const _+ &(*(::std::ptr::null::<StdVideoH265VideoParameterSet>())).pHrdParameters as *const _ as usize }, 24usize,@@ -3345,7 +3369,7 @@ "Offset of field: ", stringify!(StdVideoH265VideoParameterSet), "::",- stringify!(hrd_parameters)+ stringify!(pHrdParameters) ) ); assert_eq!(@@ -3813,7 +3837,7 @@ pub vui_num_units_in_tick: u32, pub vui_time_scale: u32, pub vui_num_ticks_poc_diff_one_minus1: u32,- pub hrd_parameters: *mut StdVideoH265HrdParameters,+ pub pHrdParameters: *mut StdVideoH265HrdParameters, pub min_spatial_segmentation_idc: u16, pub max_bytes_per_pic_denom: u8, pub max_bits_per_min_cu_denom: u8,@@ -4046,7 +4070,7 @@ ); assert_eq!( unsafe {- &(*(::std::ptr::null::<StdVideoH265SequenceParameterSetVui>())).hrd_parameters+ &(*(::std::ptr::null::<StdVideoH265SequenceParameterSetVui>())).pHrdParameters as *const _ as usize }, 32usize,@@ -4054,7 +4078,7 @@ "Offset of field: ", stringify!(StdVideoH265SequenceParameterSetVui), "::",- stringify!(hrd_parameters)+ stringify!(pHrdParameters) ) ); assert_eq!(@@ -7437,3 +7461,1243 @@ ) ); }+#[repr(C)]+#[repr(align(4))]+#[derive(Debug, Copy, Clone)]+pub struct StdVideoEncodeH265SliceHeaderFlags {+ pub _bitfield_align_1: [u32; 0],+ pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>,+ pub luma_weight_l0_flag: u16,+ pub chroma_weight_l0_flag: u16,+ pub luma_weight_l1_flag: u16,+ pub chroma_weight_l1_flag: u16,+}+#[test]+fn bindgen_test_layout_StdVideoEncodeH265SliceHeaderFlags() {+ assert_eq!(+ ::std::mem::size_of::<StdVideoEncodeH265SliceHeaderFlags>(),+ 12usize,+ concat!("Size of: ", stringify!(StdVideoEncodeH265SliceHeaderFlags))+ );+ assert_eq!(
Based on the provided code diff, I'll analyze it for security fixes: 1. Vulnerability Existed: no This appears to be primarily a code style/formatting change where constant names were updated from lowercase_with_underscores to UPPERCASE_WITH_UNDERSCORES format. No security vulnerability is addressed here. 2. Vulnerability Existed: no The changes include: - Adding a new constant STD_VIDEO_H264_CHROMA_FORMAT_IDC_INVALID - Renaming StdVideoH264WeightedBiPredIdc to StdVideoH264WeightedBipredIdc - Various enum value name changes These are naming convention changes and additions, not security fixes. 3. Vulnerability Existed: no Structural changes include: - Changing hrd_parameters to pHrdParameters (pointer) - Changing num_reorder_frames to max_num_reorder_frames - Structure size/layout changes These appear to be API refinements rather than security fixes. 4. Vulnerability Existed: no Flag field changes: - Renaming residual_colour_transform_flag to separate_colour_plane_flag - Removing first_picture_after_seek_flag - Renaming scaling_matrix_present_flag to seq_scaling_matrix_present_flag These are semantic changes to the API but don't appear to address any security issues. 5. Vulnerability Existed: no Changes to StdVideoH264SequenceParameterSet: - Changing offset_for_ref_frame array to pOffsetForRefFrame pointer This is a memory management change but doesn't appear to fix a specific vulnerability. The diff shows extensive changes to naming conventions and some structural modifications to the Vulkan video encoding API definitions, but I don't see any clear security vulnerabilities being addressed in these changes. The modifications appear to be focused on: 1. Standardizing naming conventions 2. Adding new enum values 3. Refining structure definitions 4. Changing some array fields to pointers 5. Adjusting flag field semantics No CVE or specific vulnerability references are mentioned in the diff, and the changes don't appear to patch any known security issues.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/widget/ScrollbarDrawingCocoa.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/widget/ScrollbarDrawingCocoa.h@@ -10,7 +10,6 @@ #include "ScrollbarDrawing.h" #include "mozilla/Array.h"-#include "nsNativeBasicTheme.h" namespace mozilla::widget {
Analyzing the provided code diff for security fixes: 1. Vulnerability Existed: not sure [Potential Header Inclusion Issue] [widget/ScrollbarDrawingCocoa.h] [Lines 10] [Old Code] `#include "nsNativeBasicTheme.h"` [Fixed Code] (removed line) Additional Details: - The diff shows removal of an include directive for "nsNativeBasicTheme.h" - Without more context about why this include was removed or what functionality it provided, I can't determine if this was fixing a security vulnerability - Possible reasons could be: unused header (cleanup), circular dependency resolution, or removal of unnecessary dependencies - No specific vulnerability name can be assigned without more information about the impact of this change
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.hex7.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.hex7.html@@ -17,14 +17,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; try { ctx.fillStyle = '#ff0000f'; } catch (e) { } // this shouldn't throw, but it shouldn't matter here if it does ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
Based on the provided diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely cosmetic/refactoring (variable name change from `offscreenCanvas` to `canvas`). Here's the analysis following your format:
Vulnerability Existed: no
No security vulnerability found [File] [Lines]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
The changes are:
1. Variable name change from `offscreenCanvas` to `canvas`
2. Corresponding updates to the variable name in the assertions
No security implications are apparent in these changes. The test appears to be checking color parsing behavior in canvas, but the changes don't affect the security aspects of the test.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.stroke.basic.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.stroke.basic.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -30,9 +30,9 @@ ctx.moveTo(0, -25); ctx.lineTo(100, -25); ctx.stroke();-_assertPixel(offscreenCanvas, 1,25, 0,255,0,255, "1,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 98,25, 0,255,0,255, "98,25", "0,255,0,255");+_assertPixel(canvas, 1,25, 0,255,0,255, "1,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 98,25, 0,255,0,255, "98,25", "0,255,0,255"); t.done(); });
Based on the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely variable renaming (from `offscreenCanvas` to `canvas`) and updating the corresponding assertions to use the new variable name.
Here's the structured response:
Vulnerability Existed: no
No security vulnerability found [testing/web-platform/tests/html/canvas/offscreen/shadows/2d.shadow.stroke.basic.html] [Lines 17-30]
[Old Code: var offscreenCanvas = new OffscreenCanvas(100, 50); var ctx = offscreenCanvas.getContext('2d'); ... _assertPixel(offscreenCanvas, ...)]
[Fixed Code: var canvas = new OffscreenCanvas(100, 50); var ctx = canvas.getContext('2d'); ... _assertPixel(canvas, ...)]
The changes are purely cosmetic/refactoring in nature and don't appear to address any security issues. The functionality remains exactly the same, just with a different variable name.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/python/mozbuild/mozbuild/vendor/vendor_rust.py+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/python/mozbuild/mozbuild/vendor/vendor_rust.py@@ -13,7 +13,7 @@ import re import subprocess import sys-from collections import OrderedDict+from collections import defaultdict, OrderedDict from distutils.version import LooseVersion from itertools import dropwhile from datetime import datetime@@ -68,6 +68,30 @@ "cmake", "vcpkg", ]+++# Historically duplicated crates. Eventually we want this list to be empty.+# If you do need to make changes increasing the number of duplicates, please+# add a comment as to why.+TOLERATED_DUPES = {+ "arrayvec": 2,+ "base64": 3,+ "bytes": 3,+ "cfg-if": 2,+ "crossbeam-deque": 2,+ "crossbeam-epoch": 2,+ "crossbeam-utils": 3,+ "futures": 2,+ "itertools": 2,+ "libloading": 2,+ "memmap2": 2,+ "memoffset": 2,+ "mio": 2,+ "pin-project-lite": 2,+ "sfv": 2,+ "target-lexicon": 2,+ "tokio": 2,+} class VendorRust(MozbuildObject):@@ -511,92 +535,6 @@ # changes. See bug 1324462 subprocess.check_call([cargo, "update", "-p", "gkrust"], cwd=self.topsrcdir)- output = subprocess.check_output(- [cargo, "vendor", vendor_dir], cwd=self.topsrcdir- ).decode("UTF-8")-- # Get the snippet of configuration that cargo vendor outputs, and- # update .cargo/config with it.- # XXX(bug 1576765): Hopefully do something better after- # https://github.com/rust-lang/cargo/issues/7280 is addressed.- config = "\n".join(- dropwhile(lambda l: not l.startswith("["), output.splitlines())- )-- # The config is toml, parse it as such.- config = pytoml.loads(config)-- # For each replace-with, extract their configuration and update the- # corresponding directory to be relative to topsrcdir.- replaces = {- v["replace-with"] for v in config["source"].values() if "replace-with" in v- }-- # We only really expect one replace-with- if len(replaces) != 1:- self.log(- logging.ERROR,- "vendor_failed",- {},- """cargo vendor didn't output a unique replace-with. Found: %s."""- % replaces,- )- sys.exit(1)-- replace_name = replaces.pop()- replace = config["source"].pop(replace_name)- replace["directory"] = mozpath.relpath(- mozpath.normsep(os.path.normcase(replace["directory"])),- mozpath.normsep(os.path.normcase(self.topsrcdir)),- )-- # Introduce some determinism for the output.- def recursive_sort(obj):- if isinstance(obj, dict):- return OrderedDict(- sorted((k, recursive_sort(v)) for k, v in obj.items())- )- if isinstance(obj, list):- return [recursive_sort(o) for o in obj]- return obj-- config = recursive_sort(config)-- # Normalize pytoml output:- # - removing empty lines- # - remove empty [section]- def toml_dump(data):- dump = pytoml.dumps(data)- if isinstance(data, dict):- for k, v in data.items():- if all(isinstance(v2, dict) for v2 in v.values()):- dump = dump.replace("[%s]" % k, "")- return dump.strip()-- cargo_config = os.path.join(self.topsrcdir, ".cargo", "config.in")- with open(cargo_config, "w", encoding="utf-8", newline="\n") as fh:- fh.write(- CARGO_CONFIG_TEMPLATE.format(- config=toml_dump(config),- replace_name=replace_name,- directory=replace["directory"],- )- )-- if not self._check_licenses(vendor_dir):- self.log(- logging.ERROR,- "license_check_failed",- {},- """The changes from `mach vendor rust` will NOT be added to version control.--{notice}""".format(- notice=CARGO_LOCK_NOTICE- ),- )- self.repository.clean_directory(vendor_dir)- sys.exit(1)- with open(os.path.join(self.topsrcdir, "Cargo.lock")) as fh: cargo_lock = pytoml.load(fh) failed = False@@ -609,6 +547,7 @@ ) failed = True+ grouped = defaultdict(list) for package in cargo_lock["package"]: if package["name"] in PACKAGES_WE_ALWAYS_WANT_AN_OVERRIDE_OF: # When the in-tree version is used, there is `source` for@@ -626,9 +565,168 @@ "and comes from {source}.", ) failed = True+ grouped[package["name"]].append(package)++ for name, packages in grouped.items():+ num = len(packages)+ expected = TOLERATED_DUPES.get(name, 1)+ if num > expected:+ self.log(+ logging.ERROR,+ "duplicate_crate",+ {+ "crate": name,+ "num": num,+ "expected": expected,+ "file": __file__,+ },+ "There are {num} different versions of crate {crate} "+ "(expected {expected}). Please void the extra duplication "+ "or adjust TOLERATED_DUPES in {file} if not possible.",+ )+ failed = True+ elif num < expected and num > 1:+ self.log(+ logging.ERROR,+ "less_duplicate_crate",+ {+ "crate": name,+ "num": num,+ "expected": expected,+ "file": __file__,+ },+ "There are {num} different versions of crate {crate} "+ "(expected {expected}). Please adjust TOLERATED_DUPES in "+ "{file} to reflect this improvement.",+ )+ failed = True+ elif num < expected:+ self.log(+ logging.ERROR,+ "less_duplicate_crate",+ {+ "crate": name,+ "file": __file__,+ },+ "Crate {crate} is not duplicated anymore. "+ "Please adjust TOLERATED_DUPES in {file} to reflect this improvement.",+ )+ failed = True+ elif name in TOLERATED_DUPES and expected <= 1:+ self.log(+ logging.ERROR,+ "broken_allowed_dupes",+ {+ "crate": name,+ "file": __file__,+ },+ "Crate {crate} is not duplicated. Remove it from "+ "TOLERATED_DUPES in {file}.",+ )+ failed = True++ for name in TOLERATED_DUPES:+ if name not in grouped:+ self.log(+ logging.ERROR,+ "outdated_allowed_dupes",+ {+ "crate": name,+ "file": __file__,+ },+ "Crate {crate} is not in Cargo.lock anymore. Remove it from "+ "TOLERATED_DUPES in {file}.",+ )+ failed = True+ if failed:- self.repository.clean_directory(vendor_dir) sys.exit(1)++ output = subprocess.check_output(+ [cargo, "vendor", vendor_dir], cwd=self.topsrcdir+ ).decode("UTF-8")++ # Get the snippet of configuration that cargo vendor outputs, and+ # update .cargo/config with it.+ # XXX(bug 1576765): Hopefully do something better after+ # https://github.com/rust-lang/cargo/issues/7280 is addressed.+ config = "\n".join(+ dropwhile(lambda l: not l.startswith("["), output.splitlines())+ )++ # The config is toml, parse it as such.+ config = pytoml.loads(config)++ # For each replace-with, extract their configuration and update the+ # corresponding directory to be relative to topsrcdir.+ replaces = {+ v["replace-with"] for v in config["source"].values() if "replace-with" in v+ }++ # We only really expect one replace-with+ if len(replaces) != 1:+ self.log(+ logging.ERROR,+ "vendor_failed",+ {},+ """cargo vendor didn't output a unique replace-with. Found: %s."""+ % replaces,+ )+ sys.exit(1)++ replace_name = replaces.pop()+ replace = config["source"].pop(replace_name)+ replace["directory"] = mozpath.relpath(+ mozpath.normsep(os.path.normcase(replace["directory"])),+ mozpath.normsep(os.path.normcase(self.topsrcdir)),+ )++ # Introduce some determinism for the output.+ def recursive_sort(obj):+ if isinstance(obj, dict):+ return OrderedDict(+ sorted((k, recursive_sort(v)) for k, v in obj.items())+ )+ if isinstance(obj, list):+ return [recursive_sort(o) for o in obj]+ return obj++ config = recursive_sort(config)++ # Normalize pytoml output:+ # - removing empty lines+ # - remove empty [section]+ def toml_dump(data):+ dump = pytoml.dumps(data)+ if isinstance(data, dict):+ for k, v in data.items():+ if all(isinstance(v2, dict) for v2 in v.values()):+ dump = dump.replace("[%s]" % k, "")+ return dump.strip()++ cargo_config = os.path.join(self.topsrcdir, ".cargo", "config.in")+ with open(cargo_config, "w", encoding="utf-8", newline="\n") as fh:+ fh.write(+ CARGO_CONFIG_TEMPLATE.format(+ config=toml_dump(config),+ replace_name=replace_name,+ directory=replace["directory"],+ )+ )++ if not self._check_licenses(vendor_dir):+ self.log(+ logging.ERROR,+ "license_check_failed",+ {},+ """The changes from `mach vendor rust` will NOT be added to version control.++{notice}""".format(+ notice=CARGO_LOCK_NOTICE+ ),+ )+ self.repository.clean_directory(vendor_dir)+ sys.exit(1) self.repository.add_remove_files(vendor_dir)
Let me analyze the code diff for security fixes. Here's my analysis:
1. Vulnerability Existed: not sure
[Potential Subprocess Injection] [python/mozbuild/mozbuild/vendor/vendor_rust.py] [Lines involving subprocess.check_output]
[Old Code]
subprocess.check_output([cargo, "vendor", vendor_dir], cwd=self.topsrcdir).decode("UTF-8")
[Fixed Code]
No direct fix, but the code was moved and reorganized
Note: While not a direct security fix, the reorganization of the code places the subprocess calls after more validation checks, which could help prevent some injection scenarios. However, the subprocess calls still use string inputs without explicit sanitization.
2. Vulnerability Existed: not sure
[Potential TOCTOU (Time-of-check to Time-of-use) Race Condition] [python/mozbuild/mozbuild/vendor/vendor_rust.py] [File operations]
[Old Code]
Various file operations were performed in a different order
[Fixed Code]
File operations were reordered with more validation checks first
Note: The diff shows a significant reorganization of file operations and validation checks, which might help prevent race conditions by performing more validation before file operations.
3. Vulnerability Existed: not sure
[Potential Information Leak] [python/mozbuild/mozbuild/vendor/vendor_rust.py] [Error handling]
[Old Code]
Error messages contained potentially sensitive information about paths
[Fixed Code]
Error messages were made more generic in some cases
Note: The error handling was improved to be more specific about issues while potentially reducing sensitive information leakage in error messages.
The main changes appear to be:
1. Addition of TOLERATED_DUPES for better crate version control
2. Reorganization of code to perform more validation before file operations
3. Improved error handling and messaging
4. Better tracking of crate versions and duplicates
While these changes improve code quality and maintainability, I don't see any clear, specific security vulnerabilities being fixed. The changes appear to be more about improving robustness and maintainability rather than addressing specific security issues.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.roundrect.zero.1.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.roundrect.zero.1.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -27,7 +27,7 @@ ctx.beginPath(); ctx.roundRect(0, 50, 100, 0, [0]); ctx.stroke();-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
Based on the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely cosmetic/refactoring changes (variable renaming) rather than security-related fixes.
Here's the analysis following your requested format:
Vulnerability Existed: no
No security vulnerability found [testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.roundrect.zero.1.html] [Lines 17-18, 27]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
The changes simply rename the variable `offscreenCanvas` to `canvas` and update all references to it. There are no changes to the actual security-related behavior of the code.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/tools/wptrunner/wptrunner/browsers/epiphany.py+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/tools/wptrunner/wptrunner/browsers/epiphany.py@@ -2,21 +2,21 @@ certificate_domain_list, get_timeout_multiplier, # noqa: F401 maybe_add_args)-from .webkit import WebKitBrowser+from .webkit import WebKitBrowser # noqa: F401 from ..executors import executor_kwargs as base_executor_kwargs+from ..executors.base import WdspecExecutor # noqa: F401 from ..executors.executorwebdriver import (WebDriverTestharnessExecutor, # noqa: F401 WebDriverRefTestExecutor, # noqa: F401 WebDriverCrashtestExecutor) # noqa: F401-from ..executors.executorwebkit import WebKitDriverWdspecExecutor # noqa: F401 __wptrunner__ = {"product": "epiphany", "check_args": "check_args",- "browser": {None: "EpiphanyBrowser",+ "browser": {None: "WebKitBrowser", "wdspec": "NullBrowser"}, "browser_kwargs": "browser_kwargs", "executor": {"testharness": "WebDriverTestharnessExecutor", "reftest": "WebDriverRefTestExecutor",- "wdspec": "WebKitDriverWdspecExecutor",+ "wdspec": "WdspecExecutor", "crashtest": "WebDriverCrashtestExecutor"}, "executor_kwargs": "executor_kwargs", "env_extras": "env_extras",@@ -71,10 +71,3 @@ def run_info_extras(**kwargs): return {"webkit_port": "gtk"}---class EpiphanyBrowser(WebKitBrowser):- def __init__(self, logger, binary=None, webdriver_binary=None,- webdriver_args=None, **kwargs):- WebKitBrowser.__init__(self, logger, binary, webdriver_binary,- webdriver_args)
Let me analyze the code diff for security fixes:
1. Vulnerability Existed: not sure
[Potential Import Cleanup] [testing/web-platform/tests/tools/wptrunner/wptrunner/browsers/epiphany.py] [Lines 2-6]
[Old Code]
from .webkit import WebKitBrowser
[Fixed Code]
from .webkit import WebKitBrowser # noqa: F401
2. Vulnerability Existed: not sure
[Executor Class Change] [testing/web-platform/tests/tools/wptrunner/wptrunner/browsers/epiphany.py] [Lines 15-16]
[Old Code]
"wdspec": "WebKitDriverWdspecExecutor",
[Fixed Code]
"wdspec": "WdspecExecutor",
3. Vulnerability Existed: not sure
[Browser Class Removal] [testing/web-platform/tests/tools/wptrunner/wptrunner/browsers/epiphany.py] [Lines 71-75]
[Old Code]
class EpiphanyBrowser(WebKitBrowser):
def __init__(self, logger, binary=None, webdriver_binary=None,
webdriver_args=None, **kwargs):
WebKitBrowser.__init__(self, logger, binary, webdriver_binary,
webdriver_args)
[Fixed Code]
[Removed entirely]
The changes appear to be more about code cleanup and restructuring rather than explicit security fixes. The modifications include:
1. Adding noqa comments to imports
2. Changing the executor class used for wdspec tests
3. Removing the EpiphanyBrowser class implementation in favor of using WebKitBrowser directly
While these changes might improve code maintainability, I don't see clear evidence of security vulnerabilities being fixed in this diff. The changes seem more related to test infrastructure refactoring.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/cache/test/mochitest/test_cache_shrink.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/cache/test/mochitest/test_cache_shrink.html@@ -64,7 +64,13 @@ "set": [["dom.caches.enabled", true], ["dom.caches.testing.enabled", true], ["dom.quotaManager.testing", true]],-}, function() {+}, async function() {+ // Bug 1746646: Make mochitests work with TCP enabled (cookieBehavior = 5)+ // Acquire storage access permission here so that the Cache API is avaialable+ SpecialPowers.wrap(document).notifyUserGestureActivation();+ await SpecialPowers.addPermission("storageAccessAPI", true, window.location.href);+ await SpecialPowers.wrap(document).requestStorageAccess();+ var name = "foo"; var cache = null; var initialUsage = 0;
Based on the provided diff, here's the analysis:
Vulnerability Existed: not sure
[Potential Cross-Origin Storage Access Issue] [dom/cache/test/mochitest/test_cache_shrink.html] [Lines 64-70]
[Old Code]
"set": [["dom.caches.enabled", true],
["dom.caches.testing.enabled", true],
["dom.quotaManager.testing", true]],
}, function() {
[Fixed Code]
"set": [["dom.caches.enabled", true],
["dom.caches.testing.enabled", true],
["dom.quotaManager.testing", true]],
}, async function() {
// Bug 1746646: Make mochitests work with TCP enabled (cookieBehavior = 5)
// Acquire storage access permission here so that the Cache API is avaialable
SpecialPowers.wrap(document).notifyUserGestureActivation();
await SpecialPowers.addPermission("storageAccessAPI", true, window.location.href);
await SpecialPowers.wrap(document).requestStorageAccess();
Additional Details:
1. The change appears to be related to test functionality rather than a direct security fix in production code.
2. The modification adds storage access permission handling for testing purposes when Total Cookie Protection (TCP) is enabled (cookieBehavior = 5).
3. While this isn't fixing a vulnerability in the traditional sense, it's addressing potential test failures that could occur with stricter security settings.
4. The reference to Bug 1746646 suggests this is a test compatibility improvement rather than a security fix.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/idna/src/punycode.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/idna/src/punycode.rs@@ -52,81 +52,157 @@ /// Overflow can only happen on inputs that take more than /// 63 encoded bytes, the DNS limit on domain name labels. pub fn decode(input: &str) -> Option<Vec<char>> {- // Handle "basic" (ASCII) code points.- // They are encoded as-is before the last delimiter, if any.- let (mut output, input) = match input.rfind(DELIMITER) {- None => (Vec::new(), input),- Some(position) => (- input[..position].chars().collect(),- if position > 0 {- &input[position + 1..]- } else {- input- },- ),- };- let mut code_point = INITIAL_N;- let mut bias = INITIAL_BIAS;- let mut i = 0;- let mut iter = input.bytes();- loop {- let previous_i = i;- let mut weight = 1;- let mut k = BASE;- let mut byte = match iter.next() {- None => break,- Some(byte) => byte,+ Some(Decoder::default().decode(input).ok()?.collect())+}++#[derive(Default)]+pub(crate) struct Decoder {+ insertions: Vec<(usize, char)>,+}++impl Decoder {+ /// Split the input iterator and return a Vec with insertions of encoded characters+ pub(crate) fn decode<'a>(&'a mut self, input: &'a str) -> Result<Decode<'a>, ()> {+ self.insertions.clear();+ // Handle "basic" (ASCII) code points.+ // They are encoded as-is before the last delimiter, if any.+ let (base, input) = match input.rfind(DELIMITER) {+ None => ("", input),+ Some(position) => (+ &input[..position],+ if position > 0 {+ &input[position + 1..]+ } else {+ input+ },+ ), };- // Decode a generalized variable-length integer into delta,- // which gets added to i.++ let base_len = base.len();+ let mut length = base_len as u32;+ let mut code_point = INITIAL_N;+ let mut bias = INITIAL_BIAS;+ let mut i = 0;+ let mut iter = input.bytes(); loop {- let digit = match byte {- byte @ b'0'..=b'9' => byte - b'0' + 26,- byte @ b'A'..=b'Z' => byte - b'A',- byte @ b'a'..=b'z' => byte - b'a',- _ => return None,- } as u32;- if digit > (u32::MAX - i) / weight {- return None; // Overflow- }- i += digit * weight;- let t = if k <= bias {- T_MIN- } else if k >= bias + T_MAX {- T_MAX- } else {- k - bias- };- if digit < t {- break;- }- if weight > u32::MAX / (BASE - t) {- return None; // Overflow- }- weight *= BASE - t;- k += BASE;- byte = match iter.next() {- None => return None, // End of input before the end of this delta+ let previous_i = i;+ let mut weight = 1;+ let mut k = BASE;+ let mut byte = match iter.next() {+ None => break, Some(byte) => byte, };- }- let length = output.len() as u32;- bias = adapt(i - previous_i, length + 1, previous_i == 0);- if i / (length + 1) > u32::MAX - code_point {- return None; // Overflow- }- // i was supposed to wrap around from length+1 to 0,- // incrementing code_point each time.- code_point += i / (length + 1);- i %= length + 1;- let c = match char::from_u32(code_point) {- Some(c) => c,- None => return None,- };- output.insert(i as usize, c);- i += 1;- }- Some(output)++ // Decode a generalized variable-length integer into delta,+ // which gets added to i.+ loop {+ let digit = match byte {+ byte @ b'0'..=b'9' => byte - b'0' + 26,+ byte @ b'A'..=b'Z' => byte - b'A',+ byte @ b'a'..=b'z' => byte - b'a',+ _ => return Err(()),+ } as u32;+ if digit > (u32::MAX - i) / weight {+ return Err(()); // Overflow+ }+ i += digit * weight;+ let t = if k <= bias {+ T_MIN+ } else if k >= bias + T_MAX {+ T_MAX+ } else {+ k - bias+ };+ if digit < t {+ break;+ }+ if weight > u32::MAX / (BASE - t) {+ return Err(()); // Overflow+ }+ weight *= BASE - t;+ k += BASE;+ byte = match iter.next() {+ None => return Err(()), // End of input before the end of this delta+ Some(byte) => byte,+ };+ }++ bias = adapt(i - previous_i, length + 1, previous_i == 0);+ if i / (length + 1) > u32::MAX - code_point {+ return Err(()); // Overflow+ }++ // i was supposed to wrap around from length+1 to 0,+ // incrementing code_point each time.+ code_point += i / (length + 1);+ i %= length + 1;+ let c = match char::from_u32(code_point) {+ Some(c) => c,+ None => return Err(()),+ };++ // Move earlier insertions farther out in the string+ for (idx, _) in &mut self.insertions {+ if *idx >= i as usize {+ *idx += 1;+ }+ }+ self.insertions.push((i as usize, c));+ length += 1;+ i += 1;+ }++ self.insertions.sort_by_key(|(i, _)| *i);+ Ok(Decode {+ base: base.chars(),+ insertions: &self.insertions,+ inserted: 0,+ position: 0,+ len: base_len + self.insertions.len(),+ })+ }+}++pub(crate) struct Decode<'a> {+ base: std::str::Chars<'a>,+ pub(crate) insertions: &'a [(usize, char)],+ inserted: usize,+ position: usize,+ len: usize,+}++impl<'a> Iterator for Decode<'a> {+ type Item = char;++ fn next(&mut self) -> Option<Self::Item> {+ loop {+ match self.insertions.get(self.inserted) {+ Some((pos, c)) if *pos == self.position => {+ self.inserted += 1;+ self.position += 1;+ return Some(*c);+ }+ _ => {}+ }+ if let Some(c) = self.base.next() {+ self.position += 1;+ return Some(c);+ } else if self.inserted >= self.insertions.len() {+ return None;+ }+ }+ }++ fn size_hint(&self) -> (usize, Option<usize>) {+ let len = self.len - self.position;+ (len, Some(len))+ }+}++impl<'a> ExactSizeIterator for Decode<'a> {+ fn len(&self) -> usize {+ self.len - self.position+ } } /// Convert an Unicode `str` to Punycode.@@ -134,7 +210,8 @@ /// This is a convenience wrapper around `encode`. #[inline] pub fn encode_str(input: &str) -> Option<String> {- encode(&input.chars().collect::<Vec<char>>())+ let mut buf = String::with_capacity(input.len());+ encode_into(input.chars(), &mut buf).ok().map(|()| buf) } /// Convert Unicode to Punycode.@@ -142,42 +219,54 @@ /// Return None on overflow, which can only happen on inputs that would take more than /// 63 encoded bytes, the DNS limit on domain name labels. pub fn encode(input: &[char]) -> Option<String> {+ let mut buf = String::with_capacity(input.len());+ encode_into(input.iter().copied(), &mut buf)+ .ok()+ .map(|()| buf)+}++pub(crate) fn encode_into<I>(input: I, output: &mut String) -> Result<(), ()>+where+ I: Iterator<Item = char> + Clone,+{ // Handle "basic" (ASCII) code points. They are encoded as-is.- let output_bytes = input- .iter()- .filter_map(|&c| if c.is_ascii() { Some(c as u8) } else { None })- .collect();- let mut output = unsafe { String::from_utf8_unchecked(output_bytes) };- let basic_length = output.len() as u32;+ let (mut input_length, mut basic_length) = (0, 0);+ for c in input.clone() {+ input_length += 1;+ if c.is_ascii() {+ output.push(c);+ basic_length += 1;+ }+ }+ if basic_length > 0 {- output.push_str("-")+ output.push('-') } let mut code_point = INITIAL_N; let mut delta = 0; let mut bias = INITIAL_BIAS; let mut processed = basic_length;- let input_length = input.len() as u32; while processed < input_length { // All code points < code_point have been handled already. // Find the next larger one. let min_code_point = input- .iter()- .map(|&c| c as u32)+ .clone()+ .map(|c| c as u32) .filter(|&c| c >= code_point) .min() .unwrap(); if min_code_point - code_point > (u32::MAX - delta) / (processed + 1) {- return None; // Overflow+ return Err(()); // Overflow } // Increase delta to advance the decoder’s <code_point,i> state to <min_code_point,0> delta += (min_code_point - code_point) * (processed + 1); code_point = min_code_point;- for &c in input {+ for c in input.clone() { let c = c as u32; if c < code_point { delta += 1; if delta == 0 {- return None; // Overflow+ return Err(()); // Overflow } } if c == code_point {@@ -209,14 +298,14 @@ delta += 1; code_point += 1; }- Some(output)+ Ok(()) } #[inline] fn value_to_digit(value: u32) -> char { match value {- 0..=25 => (value as u8 + 'a' as u8) as char, // a..z- 26..=35 => (value as u8 - 26 + '0' as u8) as char, // 0..9+ 0..=25 => (value as u8 + b'a') as char, // a..z+ 26..=35 => (value as u8 - 26 + b'0') as char, // 0..9 _ => panic!(), } }
I'll analyze the code diff for security fixes following the specified format.
Vulnerability Existed: yes
Integer Overflow Vulnerability [third_party/rust/idna/src/punycode.rs] [Multiple locations]
Old Code:
The original code had several integer overflow checks but was more prone to errors due to direct manipulation of values and less structured error handling. For example:
```
if digit > (u32::MAX - i) / weight {
return None; // Overflow
}
```
Fixed Code:
The new code restructures the implementation into a Decoder struct with more robust overflow checking and uses Result<_, ()> for error handling. For example:
```
if digit > (u32::MAX - i) / weight {
return Err(()); // Overflow
}
```
Vulnerability Existed: yes
Unsafe String Conversion Vulnerability [third_party/rust/idna/src/punycode.rs] [Lines 142-144]
Old Code:
```
let output_bytes = input
.iter()
.filter_map(|&c| if c.is_ascii() { Some(c as u8) } else { None })
.collect();
let mut output = unsafe { String::from_utf8_unchecked(output_bytes) };
```
Fixed Code:
The new code removes the unsafe conversion and uses proper string building:
```
for c in input.clone() {
input_length += 1;
if c.is_ascii() {
output.push(c);
basic_length += 1;
}
}
```
Vulnerability Existed: not sure
Potential Buffer Handling Issue [third_party/rust/idna/src/punycode.rs] [Multiple locations]
Old Code:
The original code directly manipulated strings and vectors without clear capacity management.
Fixed Code:
The new code introduces better buffer management with:
```
let mut buf = String::with_capacity(input.len());
```
The changes appear to address several potential security issues, particularly around integer overflow and unsafe string handling. The restructured code provides more robust error handling and safer memory management patterns.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-break/widows-orphans-015.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-break/widows-orphans-015.html@@ -20,7 +20,6 @@ -->- <meta name="flags" content=""> <meta name="assert" content="This test checks that 'widows' applies to multi-column containers and that the initial value of 'widows' is '2'. When an UA succeeds at applying 'widows', then there is 2 line boxes at the top of the 3rd column box."> <style>
Based on the provided code diff, here's the analysis: Vulnerability Existed: no No security vulnerability found [File] testing/web-platform/tests/css/css-break/widows-orphans-015.html [Lines] 20 [Old Code] <meta name="flags" content=""> [Fixed Code] (removed line) Additional Details: 1. The change simply removes an empty meta tag for "flags" which doesn't appear to have any security implications. 2. This appears to be a test file modification rather than a security fix. 3. The change doesn't involve any security-sensitive operations or potentially dangerous content.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/toolkit/content/aboutAbout.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/toolkit/content/aboutAbout.html@@ -13,6 +13,7 @@ <title data-l10n-id="about-about-title"></title> <link rel="stylesheet" href="chrome://global/skin/in-content/info-pages.css"> <link rel="localization" href="toolkit/about/aboutAbout.ftl">+ <link rel="icon" type="image/png" href="chrome://branding/content/icon32.png"> <script src="chrome://global/content/aboutAbout.js"></script> </head>
Analyzing the provided code diff, here's the security assessment:
1. Vulnerability Existed: not sure
[Potential Missing Favicon] [File: toolkit/content/aboutAbout.html] [Lines: 13]
[Old Code: No favicon link]
[Fixed Code: <link rel="icon" type="image/png" href="chrome://branding/content/icon32.png">]
Additional Details:
- The change adds a favicon to the about:about page. While not directly a security vulnerability, missing favicons could potentially be used in phishing attacks by making malicious pages appear more legitimate. However, this appears to be more of a user experience improvement rather than a security fix.
- There's no clear evidence of a security vulnerability being fixed in this change. The addition of a favicon is likely for branding consistency rather than security purposes.
No other vulnerabilities were identified in this diff. The change appears to be a minor UI/UX improvement rather than a security fix.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/js/src/jit/shared/AtomicOperations-shared-jit.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/js/src/jit/shared/AtomicOperations-shared-jit.cpp@@ -4,155 +4,16 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */-#include "mozilla/Atomics.h"+#include "jit/AtomicOperations.h"-#ifdef JS_CODEGEN_ARM-# include "jit/arm/Architecture-arm.h"-#endif-#include "jit/AtomicOperations.h"-#include "jit/IonTypes.h"-#include "jit/MacroAssembler.h"-#include "jit/RegisterSets.h"-#include "js/ScalarType.h" // js::Scalar::Type-#include "util/Poison.h"+#ifdef JS_HAVE_GENERATED_ATOMIC_OPS-#include "jit/MacroAssembler-inl.h"+# include <atomic>++# include "js/GCAPI.h" using namespace js; using namespace js::jit;--// Assigned registers must follow these rules:-//-// - if they overlap the argument registers (for arguments we use) then they-//-// M M U U SSSS TTTTT-// ====\ MM MM U U S T /====-// =====> M M M U U SSS T <=====-// ====/ M M U U S T \====-// M M UUU SSSS T-//-// require no register movement, even for 64-bit registers. (If this becomes-// too complex to handle then we need to create an abstraction that uses the-// MoveResolver, see comments on bug 1394420.)-//-// - they should be volatile when possible so that we don't have to save and-// restore them.-//-// Note that the functions we're generating have a very limited number of-// signatures, and the register assignments need only work for these signatures.-// The signatures are these:-//-// ()-// (ptr)-// (ptr, val/val64)-// (ptr, ptr)-// (ptr, val/val64, val/val64)-//-// It would be nice to avoid saving and restoring all the nonvolatile registers-// for all the operations, and instead save and restore only the registers used-// by each specific operation, but the amount of protocol needed to accomplish-// that probably does not pay for itself.--#if defined(JS_CODEGEN_X64)--// Selected registers match the argument registers exactly, and none of them-// overlap the result register.--static const LiveRegisterSet AtomicNonVolatileRegs;--static constexpr Register AtomicPtrReg = IntArgReg0;-static constexpr Register AtomicPtr2Reg = IntArgReg1;-static constexpr Register AtomicValReg = IntArgReg1;-static constexpr Register64 AtomicValReg64(IntArgReg1);-static constexpr Register AtomicVal2Reg = IntArgReg2;-static constexpr Register64 AtomicVal2Reg64(IntArgReg2);-static constexpr Register AtomicTemp = IntArgReg3;-static constexpr Register64 AtomicTemp64(IntArgReg3);--static constexpr Register64 AtomicReturnReg64 = ReturnReg64;--#elif defined(JS_CODEGEN_ARM64)--// Selected registers match the argument registers, except that the Ptr is not-// in IntArgReg0 so as not to conflict with the result register.--static const LiveRegisterSet AtomicNonVolatileRegs;--static constexpr Register AtomicPtrReg = IntArgReg4;-static constexpr Register AtomicPtr2Reg = IntArgReg1;-static constexpr Register AtomicValReg = IntArgReg1;-static constexpr Register64 AtomicValReg64(IntArgReg1);-static constexpr Register AtomicVal2Reg = IntArgReg2;-static constexpr Register64 AtomicVal2Reg64(IntArgReg2);-static constexpr Register AtomicTemp = IntArgReg3;-static constexpr Register64 AtomicTemp64(IntArgReg3);--static constexpr Register64 AtomicReturnReg64 = ReturnReg64;--#elif defined(JS_CODEGEN_ARM)--// Assigned registers except temp are disjoint from the argument registers,-// since accounting for both 32-bit and 64-bit arguments and constraints on the-// result register is much too messy. The temp is in an argument register since-// it won't be used until we've moved all arguments to other registers.-//-// Save LR because it's the second scratch register. The first scratch register-// is r12 (IP). The atomics implementation in the MacroAssembler uses both.--static const LiveRegisterSet AtomicNonVolatileRegs = LiveRegisterSet(- GeneralRegisterSet(- (uint32_t(1) << Registers::r4) | (uint32_t(1) << Registers::r5) |- (uint32_t(1) << Registers::r6) | (uint32_t(1) << Registers::r7) |- (uint32_t(1) << Registers::r8) | (uint32_t(1) << Registers::lr)),- FloatRegisterSet(0));--static constexpr Register AtomicPtrReg = r8;-static constexpr Register AtomicPtr2Reg = r6;-static constexpr Register AtomicTemp = r3;-static constexpr Register AtomicValReg = r6;-static constexpr Register64 AtomicValReg64(r7, r6);-static constexpr Register AtomicVal2Reg = r4;-static constexpr Register64 AtomicVal2Reg64(r5, r4);--static constexpr Register64 AtomicReturnReg64 = ReturnReg64;--#elif defined(JS_CODEGEN_X86)--// There are no argument registers.--static const LiveRegisterSet AtomicNonVolatileRegs = LiveRegisterSet(- GeneralRegisterSet((1 << X86Encoding::rbx) | (1 << X86Encoding::rsi)),- FloatRegisterSet(0));--static constexpr Register AtomicPtrReg = esi;-static constexpr Register AtomicPtr2Reg = ebx;-static constexpr Register AtomicValReg = ebx;-static constexpr Register AtomicVal2Reg = ecx;-static constexpr Register AtomicTemp = edx;--// 64-bit registers for cmpxchg8b. ValReg/Val2Reg/Temp are not used in this-// case.--static constexpr Register64 AtomicValReg64(edx, eax);-static constexpr Register64 AtomicVal2Reg64(ecx, ebx);--// AtomicReturnReg64 is unused on x86.--#else-# error "Unsupported platform"-#endif--// These are useful shorthands and hide the meaningless uint/int distinction.--static constexpr Scalar::Type SIZE8 = Scalar::Uint8;-static constexpr Scalar::Type SIZE16 = Scalar::Uint16;-static constexpr Scalar::Type SIZE32 = Scalar::Uint32;-static constexpr Scalar::Type SIZE64 = Scalar::Int64;-#ifdef JS_64BIT-static constexpr Scalar::Type SIZEWORD = SIZE64;-#else-static constexpr Scalar::Type SIZEWORD = SIZE32;-#endif // A "block" is a sequence of bytes that is a reasonable quantum to copy to // amortize call overhead when implementing memcpy and memmove. A block will@@ -166,489 +27,49 @@ // Blocks and words can be aligned or unaligned; specific (generated) copying // functions handle this in platform-specific ways.-static constexpr size_t WORDSIZE =- sizeof(uintptr_t); // Also see SIZEWORD above+static constexpr size_t WORDSIZE = sizeof(uintptr_t); static constexpr size_t BLOCKSIZE = 8 * WORDSIZE; // Must be a power of 2 static_assert(BLOCKSIZE % WORDSIZE == 0, "A block is an integral number of words");+// Constants must match the ones in GenerateAtomicOperations.py+static_assert(JS_GENERATED_ATOMICS_BLOCKSIZE == BLOCKSIZE);+static_assert(JS_GENERATED_ATOMICS_WORDSIZE == WORDSIZE);+ static constexpr size_t WORDMASK = WORDSIZE - 1; static constexpr size_t BLOCKMASK = BLOCKSIZE - 1;--struct ArgIterator {- ABIArgGenerator abi;- unsigned argBase = 0;-};--static void GenGprArg(MacroAssembler& masm, MIRType t, ArgIterator* iter,- Register reg) {- MOZ_ASSERT(t == MIRType::Pointer || t == MIRType::Int32);- ABIArg arg = iter->abi.next(t);- switch (arg.kind()) {- case ABIArg::GPR: {- if (arg.gpr() != reg) {- masm.movePtr(arg.gpr(), reg);- }- break;- }- case ABIArg::Stack: {- Address src(masm.getStackPointer(),- iter->argBase + arg.offsetFromArgBase());- masm.loadPtr(src, reg);- break;- }- default: {- MOZ_CRASH("Not possible");- }- }-}--static void GenGpr64Arg(MacroAssembler& masm, ArgIterator* iter,- Register64 reg) {- ABIArg arg = iter->abi.next(MIRType::Int64);- switch (arg.kind()) {- case ABIArg::GPR: {- if (arg.gpr64() != reg) {- masm.move64(arg.gpr64(), reg);- }- break;- }- case ABIArg::Stack: {- Address src(masm.getStackPointer(),- iter->argBase + arg.offsetFromArgBase());-#ifdef JS_64BIT- masm.load64(src, reg);-#else- masm.load32(LowWord(src), reg.low);- masm.load32(HighWord(src), reg.high);-#endif- break;- }-#if defined(JS_CODEGEN_REGISTER_PAIR)- case ABIArg::GPR_PAIR: {- if (arg.gpr64() != reg) {- masm.move32(arg.oddGpr(), reg.high);- masm.move32(arg.evenGpr(), reg.low);- }- break;- }-#endif- default: {- MOZ_CRASH("Not possible");- }- }-}--static uint32_t GenPrologue(MacroAssembler& masm, ArgIterator* iter) {- masm.assumeUnreachable("Shouldn't get here");- masm.flushBuffer();- masm.haltingAlign(CodeAlignment);- masm.setFramePushed(0);- uint32_t start = masm.currentOffset();- masm.PushRegsInMask(AtomicNonVolatileRegs);-#if defined(JS_CODEGEN_ARM) || defined(JS_CODEGEN_ARM64)- // The return address is among the nonvolatile registers, if pushed at all.- iter->argBase = masm.framePushed();-#elif defined(JS_CODEGEN_X86) || defined(JS_CODEGEN_X64)- // The return address is pushed separately.- iter->argBase = sizeof(void*) + masm.framePushed();-#else-# error "Unsupported platform"-#endif- return start;-}--static void GenEpilogue(MacroAssembler& masm) {- masm.PopRegsInMask(AtomicNonVolatileRegs);- MOZ_ASSERT(masm.framePushed() == 0);-#if defined(JS_CODEGEN_ARM64)- masm.Ret();-#elif defined(JS_CODEGEN_ARM)- masm.mov(lr, pc);-#elif defined(JS_CODEGEN_X86) || defined(JS_CODEGEN_X64)- masm.ret();-#endif-}--#ifndef JS_64BIT-static uint32_t GenNop(MacroAssembler& masm) {- ArgIterator iter;- uint32_t start = GenPrologue(masm, &iter);- GenEpilogue(masm);- return start;-}-#endif--static uint32_t GenFenceSeqCst(MacroAssembler& masm) {- ArgIterator iter;- uint32_t start = GenPrologue(masm, &iter);- masm.memoryBarrier(MembarFull);- GenEpilogue(masm);- return start;-}--static uint32_t GenLoad(MacroAssembler& masm, Scalar::Type size,- Synchronization sync) {- ArgIterator iter;- uint32_t start = GenPrologue(masm, &iter);- GenGprArg(masm, MIRType::Pointer, &iter, AtomicPtrReg);-- masm.memoryBarrier(sync.barrierBefore);- Address addr(AtomicPtrReg, 0);- switch (size) {- case SIZE8:- masm.load8ZeroExtend(addr, ReturnReg);- break;- case SIZE16:- masm.load16ZeroExtend(addr, ReturnReg);- break;- case SIZE32:- masm.load32(addr, ReturnReg);- break;- case SIZE64:-#if defined(JS_64BIT)- masm.load64(addr, AtomicReturnReg64);- break;-#else- MOZ_CRASH("64-bit atomic load not available on this platform");-#endif- default:- MOZ_CRASH("Unknown size");- }- masm.memoryBarrier(sync.barrierAfter);-- GenEpilogue(masm);- return start;-}--static uint32_t GenStore(MacroAssembler& masm, Scalar::Type size,- Synchronization sync) {- ArgIterator iter;- uint32_t start = GenPrologue(masm, &iter);- GenGprArg(masm, MIRType::Pointer, &iter, AtomicPtrReg);-- masm.memoryBarrier(sync.barrierBefore);- Address addr(AtomicPtrReg, 0);- switch (size) {- case SIZE8:- GenGprArg(masm, MIRType::Int32, &iter, AtomicValReg);- masm.store8(AtomicValReg, addr);- break;- case SIZE16:- GenGprArg(masm, MIRType::Int32, &iter, AtomicValReg);- masm.store16(AtomicValReg, addr);- break;- case SIZE32:- GenGprArg(masm, MIRType::Int32, &iter, AtomicValReg);- masm.store32(AtomicValReg, addr);- break;- case SIZE64:-#if defined(JS_64BIT)- GenGpr64Arg(masm, &iter, AtomicValReg64);- masm.store64(AtomicValReg64, addr);- break;-#else- MOZ_CRASH("64-bit atomic store not available on this platform");-#endif- default:- MOZ_CRASH("Unknown size");- }- masm.memoryBarrier(sync.barrierAfter);-- GenEpilogue(masm);- return start;-}--enum class CopyDir {- DOWN, // Move data down, ie, iterate toward higher addresses- UP // The other way-};--static uint32_t GenCopy(MacroAssembler& masm, Scalar::Type size,- uint32_t unroll, CopyDir direction) {- ArgIterator iter;- uint32_t start = GenPrologue(masm, &iter);-- Register dest = AtomicPtrReg;- Register src = AtomicPtr2Reg;-- GenGprArg(masm, MIRType::Pointer, &iter, dest);- GenGprArg(masm, MIRType::Pointer, &iter, src);-- uint32_t offset = direction == CopyDir::DOWN ? 0 : unroll - 1;- for (uint32_t i = 0; i < unroll; i++) {- switch (size) {- case SIZE8:- masm.load8ZeroExtend(Address(src, offset), AtomicTemp);- masm.store8(AtomicTemp, Address(dest, offset));- break;- case SIZE16:- masm.load16ZeroExtend(Address(src, offset * 2), AtomicTemp);- masm.store16(AtomicTemp, Address(dest, offset * 2));- break;- case SIZE32:- masm.load32(Address(src, offset * 4), AtomicTemp);- masm.store32(AtomicTemp, Address(dest, offset * 4));- break;- case SIZE64:-#if defined(JS_64BIT)- masm.load64(Address(src, offset * 8), AtomicTemp64);- masm.store64(AtomicTemp64, Address(dest, offset * 8));- break;-#else- MOZ_CRASH("64-bit atomic load/store not available on this platform");-#endif- default:- MOZ_CRASH("Unknown size");- }- offset += direction == CopyDir::DOWN ? 1 : -1;- }-- GenEpilogue(masm);- return start;-}--static uint32_t GenCmpxchg(MacroAssembler& masm, Scalar::Type size,- Synchronization sync) {- ArgIterator iter;- uint32_t start = GenPrologue(masm, &iter);- GenGprArg(masm, MIRType::Pointer, &iter, AtomicPtrReg);-- Address addr(AtomicPtrReg, 0);- switch (size) {- case SIZE8:- case SIZE16:- case SIZE32:- GenGprArg(masm, MIRType::Int32, &iter, AtomicValReg);- GenGprArg(masm, MIRType::Int32, &iter, AtomicVal2Reg);- masm.compareExchange(size, sync, addr, AtomicValReg, AtomicVal2Reg,- ReturnReg);- break;- case SIZE64:- GenGpr64Arg(masm, &iter, AtomicValReg64);- GenGpr64Arg(masm, &iter, AtomicVal2Reg64);-#if defined(JS_CODEGEN_X86)- static_assert(AtomicValReg64 == Register64(edx, eax));- static_assert(AtomicVal2Reg64 == Register64(ecx, ebx));-- // The return register edx:eax is a compiler/ABI assumption that is not- // necessarily the same as ReturnReg64, so it's correct not to use- // ReturnReg64 here.- masm.lock_cmpxchg8b(edx, eax, ecx, ebx, Operand(addr));-#else- masm.compareExchange64(sync, addr, AtomicValReg64, AtomicVal2Reg64,- AtomicReturnReg64);-#endif- break;- default:- MOZ_CRASH("Unknown size");- }-- GenEpilogue(masm);- return start;-}--static uint32_t GenExchange(MacroAssembler& masm, Scalar::Type size,- Synchronization sync) {- ArgIterator iter;- uint32_t start = GenPrologue(masm, &iter);- GenGprArg(masm, MIRType::Pointer, &iter, AtomicPtrReg);-- Address addr(AtomicPtrReg, 0);- switch (size) {- case SIZE8:- case SIZE16:- case SIZE32:- GenGprArg(masm, MIRType::Int32, &iter, AtomicValReg);- masm.atomicExchange(size, sync, addr, AtomicValReg, ReturnReg);- break;- case SIZE64:-#if defined(JS_64BIT)- GenGpr64Arg(masm, &iter, AtomicValReg64);- masm.atomicExchange64(sync, addr, AtomicValReg64, AtomicReturnReg64);- break;-#else- MOZ_CRASH("64-bit atomic exchange not available on this platform");-#endif- default:- MOZ_CRASH("Unknown size");- }-- GenEpilogue(masm);- return start;-}--static uint32_t GenFetchOp(MacroAssembler& masm, Scalar::Type size, AtomicOp op,- Synchronization sync) {- ArgIterator iter;- uint32_t start = GenPrologue(masm, &iter);- GenGprArg(masm, MIRType::Pointer, &iter, AtomicPtrReg);-- Address addr(AtomicPtrReg, 0);- switch (size) {- case SIZE8:- case SIZE16:- case SIZE32: {-#if defined(JS_CODEGEN_X86) || defined(JS_CODEGEN_X64)- Register tmp = op == AtomicFetchAddOp || op == AtomicFetchSubOp- ? Register::Invalid()- : AtomicTemp;-#else- Register tmp = AtomicTemp;-#endif- GenGprArg(masm, MIRType::Int32, &iter, AtomicValReg);- masm.atomicFetchOp(size, sync, op, AtomicValReg, addr, tmp, ReturnReg);- break;- }- case SIZE64: {-#if defined(JS_64BIT)-# if defined(JS_CODEGEN_X64)- Register64 tmp = op == AtomicFetchAddOp || op == AtomicFetchSubOp- ? Register64::Invalid()- : AtomicTemp64;-# else- Register64 tmp = AtomicTemp64;-# endif- GenGpr64Arg(masm, &iter, AtomicValReg64);- masm.atomicFetchOp64(sync, op, AtomicValReg64, addr, tmp,- AtomicReturnReg64);- break;-#else- MOZ_CRASH("64-bit atomic fetchOp not available on this platform");-#endif- }- default:- MOZ_CRASH("Unknown size");- }-- GenEpilogue(masm);- return start;-} namespace js { namespace jit {-void (*AtomicFenceSeqCst)();--#ifndef JS_64BIT-void (*AtomicCompilerFence)();-#endif--uint8_t (*AtomicLoad8SeqCst)(const uint8_t* addr);-uint16_t (*AtomicLoad16SeqCst)(const uint16_t* addr);-uint32_t (*AtomicLoad32SeqCst)(const uint32_t* addr);-#ifdef JS_64BIT-uint64_t (*AtomicLoad64SeqCst)(const uint64_t* addr);-#endif--uint8_t (*AtomicLoad8Unsynchronized)(const uint8_t* addr);-uint16_t (*AtomicLoad16Unsynchronized)(const uint16_t* addr);-uint32_t (*AtomicLoad32Unsynchronized)(const uint32_t* addr);-#ifdef JS_64BIT-uint64_t (*AtomicLoad64Unsynchronized)(const uint64_t* addr);-#endif--uint8_t (*AtomicStore8SeqCst)(uint8_t* addr, uint8_t val);-uint16_t (*AtomicStore16SeqCst)(uint16_t* addr, uint16_t val);-uint32_t (*AtomicStore32SeqCst)(uint32_t* addr, uint32_t val);-#ifdef JS_64BIT-uint64_t (*AtomicStore64SeqCst)(uint64_t* addr, uint64_t val);-#endif--uint8_t (*AtomicStore8Unsynchronized)(uint8_t* addr, uint8_t val);-uint16_t (*AtomicStore16Unsynchronized)(uint16_t* addr, uint16_t val);-uint32_t (*AtomicStore32Unsynchronized)(uint32_t* addr, uint32_t val);-#ifdef JS_64BIT-uint64_t (*AtomicStore64Unsynchronized)(uint64_t* addr, uint64_t val);-#endif--// See the definitions of BLOCKSIZE and WORDSIZE earlier. The "unaligned"-// functions perform individual byte copies (and must always be "down" or "up").-// The others ignore alignment issues, and thus either depend on unaligned-// accesses being OK or not being invoked on unaligned addresses.-//-// src and dest point to the lower addresses of the respective data areas-// irrespective of "up" or "down".--static void (*AtomicCopyUnalignedBlockDownUnsynchronized)(uint8_t* dest,- const uint8_t* src);-static void (*AtomicCopyUnalignedBlockUpUnsynchronized)(uint8_t* dest,- const uint8_t* src);-static void (*AtomicCopyUnalignedWordDownUnsynchronized)(uint8_t* dest,- const uint8_t* src);-static void (*AtomicCopyUnalignedWordUpUnsynchronized)(uint8_t* dest,- const uint8_t* src);--static void (*AtomicCopyBlockDownUnsynchronized)(uint8_t* dest,- const uint8_t* src);-static void (*AtomicCopyBlockUpUnsynchronized)(uint8_t* dest,- const uint8_t* src);-static void (*AtomicCopyWordUnsynchronized)(uint8_t* dest, const uint8_t* src);-static void (*AtomicCopyByteUnsynchronized)(uint8_t* dest, const uint8_t* src);--uint8_t (*AtomicCmpXchg8SeqCst)(uint8_t* addr, uint8_t oldval, uint8_t newval);-uint16_t (*AtomicCmpXchg16SeqCst)(uint16_t* addr, uint16_t oldval,- uint16_t newval);-uint32_t (*AtomicCmpXchg32SeqCst)(uint32_t* addr, uint32_t oldval,- uint32_t newval);-uint64_t (*AtomicCmpXchg64SeqCst)(uint64_t* addr, uint64_t oldval,- uint64_t newval);--uint8_t (*AtomicExchange8SeqCst)(uint8_t* addr, uint8_t val);-uint16_t (*AtomicExchange16SeqCst)(uint16_t* addr, uint16_t val);-uint32_t (*AtomicExchange32SeqCst)(uint32_t* addr, uint32_t val);-#ifdef JS_64BIT-uint64_t (*AtomicExchange64SeqCst)(uint64_t* addr, uint64_t val);-#endif--uint8_t (*AtomicAdd8SeqCst)(uint8_t* addr, uint8_t val);-uint16_t (*AtomicAdd16SeqCst)(uint16_t* addr, uint16_t val);-uint32_t (*AtomicAdd32SeqCst)(uint32_t* addr, uint32_t val);-#ifdef JS_64BIT-uint64_t (*AtomicAdd64SeqCst)(uint64_t* addr, uint64_t val);-#endif--uint8_t (*AtomicAnd8SeqCst)(uint8_t* addr, uint8_t val);-uint16_t (*AtomicAnd16SeqCst)(uint16_t* addr, uint16_t val);-uint32_t (*AtomicAnd32SeqCst)(uint32_t* addr, uint32_t val);-#ifdef JS_64BIT-uint64_t (*AtomicAnd64SeqCst)(uint64_t* addr, uint64_t val);-#endif--uint8_t (*AtomicOr8SeqCst)(uint8_t* addr, uint8_t val);-uint16_t (*AtomicOr16SeqCst)(uint16_t* addr, uint16_t val);-uint32_t (*AtomicOr32SeqCst)(uint32_t* addr, uint32_t val);-#ifdef JS_64BIT-uint64_t (*AtomicOr64SeqCst)(uint64_t* addr, uint64_t val);-#endif--uint8_t (*AtomicXor8SeqCst)(uint8_t* addr, uint8_t val);-uint16_t (*AtomicXor16SeqCst)(uint16_t* addr, uint16_t val);-uint32_t (*AtomicXor32SeqCst)(uint32_t* addr, uint32_t val);-#ifdef JS_64BIT-uint64_t (*AtomicXor64SeqCst)(uint64_t* addr, uint64_t val);-#endif- static bool UnalignedAccessesAreOK() {-#ifdef DEBUG+# ifdef DEBUG const char* flag = getenv("JS_NO_UNALIGNED_MEMCPY"); if (flag && *flag == '1') return false;-#endif-#if defined(JS_CODEGEN_X86) || defined(JS_CODEGEN_X64)+# endif+# if defined(__x86_64__) || defined(__i386__) return true;-#elif defined(JS_CODEGEN_ARM)+# elif defined(__arm__) return !HasAlignmentFault();-#elif defined(JS_CODEGEN_ARM64)+# elif defined(__aarch64__) // This is not necessarily true but it's the best guess right now. return true;-#else-# error "Unsupported platform"-#endif+# else+# error "Unsupported platform"+# endif }++# ifndef JS_64BIT+void AtomicCompilerFence() {+ std::atomic_signal_fence(std::memory_order_acq_rel);+}+# endif void AtomicMemcpyDownUnsynchronized(uint8_t* dest, const uint8_t* src, size_t nbytes) {+ JS::AutoSuppressGCAnalysis nogc;+ const uint8_t* lim = src + nbytes; // Set up bulk copying. The cases are ordered the way they are on the@@ -702,6 +123,8 @@ void AtomicMemcpyUpUnsynchronized(uint8_t* dest, const uint8_t* src, size_t nbytes) {+ JS::AutoSuppressGCAnalysis nogc;+ const uint8_t* lim = src; src += nbytes;@@ -747,293 +170,7 @@ } }-// These will be read and written only by the main thread during startup and-// shutdown.--static uint8_t* codeSegment;-static uint32_t codeSegmentSize;--bool InitializeJittedAtomics() {- // We should only initialize once.- MOZ_ASSERT(!codeSegment);-- LifoAlloc lifo(4096);- TempAllocator alloc(&lifo);- JitContext jcx(&alloc);- StackMacroAssembler masm;- AutoCreatedBy acb(masm, "InitializeJittedAtomics");-- uint32_t fenceSeqCst = GenFenceSeqCst(masm);--#ifndef JS_64BIT- uint32_t nop = GenNop(masm);-#endif-- Synchronization Full = Synchronization::Full();- Synchronization None = Synchronization::None();-- uint32_t load8SeqCst = GenLoad(masm, SIZE8, Full);- uint32_t load16SeqCst = GenLoad(masm, SIZE16, Full);- uint32_t load32SeqCst = GenLoad(masm, SIZE32, Full);-#ifdef JS_64BIT- uint32_t load64SeqCst = GenLoad(masm, SIZE64, Full);-#endif-- uint32_t load8Unsynchronized = GenLoad(masm, SIZE8, None);- uint32_t load16Unsynchronized = GenLoad(masm, SIZE16, None);- uint32_t load32Unsynchronized = GenLoad(masm, SIZE32, None);-#ifdef JS_64BIT- uint32_t load64Unsynchronized = GenLoad(masm, SIZE64, None);-#endif-- uint32_t store8SeqCst = GenStore(masm, SIZE8, Full);- uint32_t store16SeqCst = GenStore(masm, SIZE16, Full);- uint32_t store32SeqCst = GenStore(masm, SIZE32, Full);-#ifdef JS_64BIT- uint32_t store64SeqCst = GenStore(masm, SIZE64, Full);-#endif-- uint32_t store8Unsynchronized = GenStore(masm, SIZE8, None);- uint32_t store16Unsynchronized = GenStore(masm, SIZE16, None);- uint32_t store32Unsynchronized = GenStore(masm, SIZE32, None);-#ifdef JS_64BIT- uint32_t store64Unsynchronized = GenStore(masm, SIZE64, None);-#endif-- uint32_t copyUnalignedBlockDownUnsynchronized =- GenCopy(masm, SIZE8, BLOCKSIZE, CopyDir::DOWN);- uint32_t copyUnalignedBlockUpUnsynchronized =- GenCopy(masm, SIZE8, BLOCKSIZE, CopyDir::UP);- uint32_t copyUnalignedWordDownUnsynchronized =- GenCopy(masm, SIZE8, WORDSIZE, CopyDir::DOWN);- uint32_t copyUnalignedWordUpUnsynchronized =- GenCopy(masm, SIZE8, WORDSIZE, CopyDir::UP);-- uint32_t copyBlockDownUnsynchronized =- GenCopy(masm, SIZEWORD, BLOCKSIZE / WORDSIZE, CopyDir::DOWN);- uint32_t copyBlockUpUnsynchronized =- GenCopy(masm, SIZEWORD, BLOCKSIZE / WORDSIZE, CopyDir::UP);- uint32_t copyWordUnsynchronized = GenCopy(masm, SIZEWORD, 1, CopyDir::DOWN);- uint32_t copyByteUnsynchronized = GenCopy(masm, SIZE8, 1, CopyDir::DOWN);-- uint32_t cmpxchg8SeqCst = GenCmpxchg(masm, SIZE8, Full);- uint32_t cmpxchg16SeqCst = GenCmpxchg(masm, SIZE16, Full);- uint32_t cmpxchg32SeqCst = GenCmpxchg(masm, SIZE32, Full);- uint32_t cmpxchg64SeqCst = GenCmpxchg(masm, SIZE64, Full);-- uint32_t exchange8SeqCst = GenExchange(masm, SIZE8, Full);- uint32_t exchange16SeqCst = GenExchange(masm, SIZE16, Full);- uint32_t exchange32SeqCst = GenExchange(masm, SIZE32, Full);-#ifdef JS_64BIT- uint32_t exchange64SeqCst = GenExchange(masm, SIZE64, Full);-#endif-- uint32_t add8SeqCst = GenFetchOp(masm, SIZE8, AtomicFetchAddOp, Full);- uint32_t add16SeqCst = GenFetchOp(masm, SIZE16, AtomicFetchAddOp, Full);- uint32_t add32SeqCst = GenFetchOp(masm, SIZE32, AtomicFetchAddOp, Full);-#ifdef JS_64BIT- uint32_t add64SeqCst = GenFetchOp(masm, SIZE64, AtomicFetchAddOp, Full);-#endif-- uint32_t and8SeqCst = GenFetchOp(masm, SIZE8, AtomicFetchAndOp, Full);- uint32_t and16SeqCst = GenFetchOp(masm, SIZE16, AtomicFetchAndOp, Full);- uint32_t and32SeqCst = GenFetchOp(masm, SIZE32, AtomicFetchAndOp, Full);-#ifdef JS_64BIT- uint32_t and64SeqCst = GenFetchOp(masm, SIZE64, AtomicFetchAndOp, Full);-#endif-- uint32_t or8SeqCst = GenFetchOp(masm, SIZE8, AtomicFetchOrOp, Full);- uint32_t or16SeqCst = GenFetchOp(masm, SIZE16, AtomicFetchOrOp, Full);- uint32_t or32SeqCst = GenFetchOp(masm, SIZE32, AtomicFetchOrOp, Full);-#ifdef JS_64BIT- uint32_t or64SeqCst = GenFetchOp(masm, SIZE64, AtomicFetchOrOp, Full);-#endif-- uint32_t xor8SeqCst = GenFetchOp(masm, SIZE8, AtomicFetchXorOp, Full);- uint32_t xor16SeqCst = GenFetchOp(masm, SIZE16, AtomicFetchXorOp, Full);- uint32_t xor32SeqCst = GenFetchOp(masm, SIZE32, AtomicFetchXorOp, Full);-#ifdef JS_64BIT- uint32_t xor64SeqCst = GenFetchOp(masm, SIZE64, AtomicFetchXorOp, Full);-#endif-- masm.finish();- if (masm.oom()) {- return false;- }-- // Allocate executable memory.- uint32_t codeLength = masm.bytesNeeded();- size_t roundedCodeLength = RoundUp(codeLength, ExecutableCodePageSize);- uint8_t* code = (uint8_t*)AllocateExecutableMemory(- roundedCodeLength, ProtectionSetting::Writable,- MemCheckKind::MakeUndefined);- if (!code) {- return false;- }-- // Zero the padding.- memset(code + codeLength, 0, roundedCodeLength - codeLength);-- // Copy the code into place.- masm.executableCopy(code);-- // Reprotect the whole region to avoid having separate RW and RX mappings.- if (!ExecutableAllocator::makeExecutableAndFlushICache(- FlushICacheSpec::LocalThreadOnly, code, roundedCodeLength)) {- DeallocateExecutableMemory(code, roundedCodeLength);- return false;- }-- // Create the function pointers.-- AtomicFenceSeqCst = (void (*)())(code + fenceSeqCst);--#ifndef JS_64BIT- AtomicCompilerFence = (void (*)())(code + nop);-#endif-- AtomicLoad8SeqCst = (uint8_t(*)(const uint8_t* addr))(code + load8SeqCst);- AtomicLoad16SeqCst = (uint16_t(*)(const uint16_t* addr))(code + load16SeqCst);- AtomicLoad32SeqCst = (uint32_t(*)(const uint32_t* addr))(code + load32SeqCst);-#ifdef JS_64BIT- AtomicLoad64SeqCst = (uint64_t(*)(const uint64_t* addr))(code + load64SeqCst);-#endif-- AtomicLoad8Unsynchronized =- (uint8_t(*)(const uint8_t* addr))(code + load8Unsynchronized);- AtomicLoad16Unsynchronized =- (uint16_t(*)(const uint16_t* addr))(code + load16Unsynchronized);- AtomicLoad32Unsynchronized =- (uint32_t(*)(const uint32_t* addr))(code + load32Unsynchronized);-#ifdef JS_64BIT- AtomicLoad64Unsynchronized =- (uint64_t(*)(const uint64_t* addr))(code + load64Unsynchronized);-#endif-- AtomicStore8SeqCst =- (uint8_t(*)(uint8_t * addr, uint8_t val))(code + store8SeqCst);- AtomicStore16SeqCst =- (uint16_t(*)(uint16_t * addr, uint16_t val))(code + store16SeqCst);- AtomicStore32SeqCst =- (uint32_t(*)(uint32_t * addr, uint32_t val))(code + store32SeqCst);-#ifdef JS_64BIT- AtomicStore64SeqCst =- (uint64_t(*)(uint64_t * addr, uint64_t val))(code + store64SeqCst);-#endif-- AtomicStore8Unsynchronized =- (uint8_t(*)(uint8_t * addr, uint8_t val))(code + store8Unsynchronized);- AtomicStore16Unsynchronized = (uint16_t(*)(uint16_t * addr, uint16_t val))(- code + store16Unsynchronized);- AtomicStore32Unsynchronized = (uint32_t(*)(uint32_t * addr, uint32_t val))(- code + store32Unsynchronized);-#ifdef JS_64BIT- AtomicStore64Unsynchronized = (uint64_t(*)(uint64_t * addr, uint64_t val))(- code + store64Unsynchronized);-#endif-- AtomicCopyUnalignedBlockDownUnsynchronized =- (void (*)(uint8_t * dest, const uint8_t* src))(- code + copyUnalignedBlockDownUnsynchronized);- AtomicCopyUnalignedBlockUpUnsynchronized =- (void (*)(uint8_t * dest, const uint8_t* src))(- code + copyUnalignedBlockUpUnsynchronized);- AtomicCopyUnalignedWordDownUnsynchronized =- (void (*)(uint8_t * dest, const uint8_t* src))(- code + copyUnalignedWordDownUnsynchronized);- AtomicCopyUnalignedWordUpUnsynchronized =- (void (*)(uint8_t * dest, const uint8_t* src))(- code + copyUnalignedWordUpUnsynchronized);-- AtomicCopyBlockDownUnsynchronized = (void (*)(- uint8_t * dest, const uint8_t* src))(code + copyBlockDownUnsynchronized);- AtomicCopyBlockUpUnsynchronized = (void (*)(- uint8_t * dest, const uint8_t* src))(code + copyBlockUpUnsynchronized);- AtomicCopyWordUnsynchronized = (void (*)(uint8_t * dest, const uint8_t* src))(- code + copyWordUnsynchronized);- AtomicCopyByteUnsynchronized = (void (*)(uint8_t * dest, const uint8_t* src))(- code + copyByteUnsynchronized);-- AtomicCmpXchg8SeqCst = (uint8_t(*)(uint8_t * addr, uint8_t oldval,- uint8_t newval))(code + cmpxchg8SeqCst);- AtomicCmpXchg16SeqCst =- (uint16_t(*)(uint16_t * addr, uint16_t oldval, uint16_t newval))(- code + cmpxchg16SeqCst);- AtomicCmpXchg32SeqCst =- (uint32_t(*)(uint32_t * addr, uint32_t oldval, uint32_t newval))(- code + cmpxchg32SeqCst);- AtomicCmpXchg64SeqCst =- (uint64_t(*)(uint64_t * addr, uint64_t oldval, uint64_t newval))(- code + cmpxchg64SeqCst);-- AtomicExchange8SeqCst =- (uint8_t(*)(uint8_t * addr, uint8_t val))(code + exchange8SeqCst);- AtomicExchange16SeqCst =- (uint16_t(*)(uint16_t * addr, uint16_t val))(code + exchange16SeqCst);- AtomicExchange32SeqCst =- (uint32_t(*)(uint32_t * addr, uint32_t val))(code + exchange32SeqCst);-#ifdef JS_64BIT- AtomicExchange64SeqCst =- (uint64_t(*)(uint64_t * addr, uint64_t val))(code + exchange64SeqCst);-#endif-- AtomicAdd8SeqCst =- (uint8_t(*)(uint8_t * addr, uint8_t val))(code + add8SeqCst);- AtomicAdd16SeqCst =- (uint16_t(*)(uint16_t * addr, uint16_t val))(code + add16SeqCst);- AtomicAdd32SeqCst =- (uint32_t(*)(uint32_t * addr, uint32_t val))(code + add32SeqCst);-#ifdef JS_64BIT- AtomicAdd64SeqCst =- (uint64_t(*)(uint64_t * addr, uint64_t val))(code + add64SeqCst);-#endif-- AtomicAnd8SeqCst =- (uint8_t(*)(uint8_t * addr, uint8_t val))(code + and8SeqCst);- AtomicAnd16SeqCst =- (uint16_t(*)(uint16_t * addr, uint16_t val))(code + and16SeqCst);- AtomicAnd32SeqCst =- (uint32_t(*)(uint32_t * addr, uint32_t val))(code + and32SeqCst);-#ifdef JS_64BIT- AtomicAnd64SeqCst =- (uint64_t(*)(uint64_t * addr, uint64_t val))(code + and64SeqCst);-#endif-- AtomicOr8SeqCst = (uint8_t(*)(uint8_t * addr, uint8_t val))(code + or8SeqCst);- AtomicOr16SeqCst =- (uint16_t(*)(uint16_t * addr, uint16_t val))(code + or16SeqCst);- AtomicOr32SeqCst =- (uint32_t(*)(uint32_t * addr, uint32_t val))(code + or32SeqCst);-#ifdef JS_64BIT- AtomicOr64SeqCst =- (uint64_t(*)(uint64_t * addr, uint64_t val))(code + or64SeqCst);-#endif-- AtomicXor8SeqCst =- (uint8_t(*)(uint8_t * addr, uint8_t val))(code + xor8SeqCst);- AtomicXor16SeqCst =- (uint16_t(*)(uint16_t * addr, uint16_t val))(code + xor16SeqCst);- AtomicXor32SeqCst =- (uint32_t(*)(uint32_t * addr, uint32_t val))(code + xor32SeqCst);-#ifdef JS_64BIT- AtomicXor64SeqCst =- (uint64_t(*)(uint64_t * addr, uint64_t val))(code + xor64SeqCst);-#endif-- codeSegment = code;- codeSegmentSize = roundedCodeLength;-- return true;-}--void ShutDownJittedAtomics() {- // Must have been initialized.- MOZ_ASSERT(codeSegment);-- DeallocateExecutableMemory(codeSegment, codeSegmentSize);- codeSegment = nullptr;- codeSegmentSize = 0;-}- } // namespace jit } // namespace js++#endif // JS_HAVE_GENERATED_ATOMIC_OPS
After analyzing the code diff, I don't identify any clear security vulnerabilities that were fixed. The changes appear to be a major refactoring of the atomic operations implementation, moving from a manually-written JIT implementation to using generated atomic operations. Here's the analysis following your requested format: Vulnerability Existed: no No security vulnerability found [js/src/jit/shared/AtomicOperations-shared-jit.cpp] [entire file] [Old code was a complex manual implementation of atomic operations] [New code is a simpler implementation using generated atomic operations] The changes mainly: 1. Remove hundreds of lines of platform-specific manual atomic operation implementations 2. Replace them with a simpler implementation that uses generated atomic operations 3. Keep the same core functionality but with cleaner code 4. Add some static assertions about block/word sizes There are no obvious security fixes in this change - it appears to be purely a code maintainability and architecture improvement. The atomic operations themselves maintain the same memory ordering and synchronization guarantees. If I had to speculate about potential security motivations, it might make the code less prone to subtle synchronization bugs since it's now using more standardized implementations, but there's no specific vulnerability being fixed here.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.rect.basic.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.rect.basic.worker.js@@ -13,15 +13,15 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50); ctx.fillStyle = '#0f0'; ctx.rect(0, 0, 100, 50); ctx.fill();-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
Based on the provided diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely variable renaming and don't involve any security-related modifications. Here's the analysis:
Vulnerability Existed: no
No security vulnerability found [File] [Lines 13-15]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
Vulnerability Existed: no
No security vulnerability found [File] [Lines 21]
[Old Code]
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
[Fixed Code]
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
The changes are simply renaming the variable `offscreenCanvas` to `canvas` for consistency or readability, which doesn't have any security implications. The functionality remains exactly the same.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.measure.fontBoundingBox.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.measure.fontBoundingBox.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); var f = new FontFace("CanvasTest", "url('/fonts/CanvasTest.ttf')"); let fonts = (self.fonts ? self.fonts : document.fonts);
Let me analyze the code diff for potential security vulnerabilities:
Vulnerability Existed: no
[Variable Renaming] [testing/web-platform/tests/html/canvas/offscreen/text/2d.text.measure.fontBoundingBox.html] [Lines 17-18]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
Additional Details:
This appears to be a simple variable name change from 'offscreenCanvas' to 'canvas'. There are no security implications in this change - it's purely a cosmetic/readability improvement. The functionality remains exactly the same, just with a different variable name. No actual security vulnerabilities are being fixed here.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/gfx/layers/NativeLayer.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/gfx/layers/NativeLayer.h@@ -58,8 +58,6 @@ virtual void AppendLayer(NativeLayer* aLayer) = 0; virtual void RemoveLayer(NativeLayer* aLayer) = 0; virtual void SetLayers(const nsTArray<RefPtr<NativeLayer>>& aLayers) = 0;- virtual void PauseCompositor() {}- virtual bool ResumeCompositor() { return true; } // Called before any layer content changes virtual void PrepareForCommit() {}
Analyzing the provided code diff for security fixes:
1. Vulnerability Existed: not sure
[Potential Unused/Insecure Compositor Control] [gfx/layers/NativeLayer.h] [Lines 58-59]
[Old Code]
virtual void PauseCompositor() {}
virtual bool ResumeCompositor() { return true; }
[Fixed Code]
[Removed entirely]
Additional Details:
- The diff shows removal of two virtual methods related to compositor control (pause/resume)
- While not clearly a security vulnerability, such control methods could potentially be abused if they were improperly implemented or exposed
- The removal might indicate these methods were either unnecessary or posed potential risks
- Without more context about how these methods were used, we can't definitively say this was a security fix, but it's worth noting the change
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-contain/contain-size-025.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-contain/contain-size-025.html@@ -9,7 +9,6 @@ <link rel="match" href="reference/contain-size-025-ref.html"> <meta content="This test checks that when laying out an inline-block element with 'contain: size', the inline-block element must be treated as if it would have no contents. In this test, the inline-block element has 2 in-flow block descendants made of images." name="assert">- <meta name="flags" content=""> <!--
Analyzing the provided code diff, here's the security assessment: Vulnerability Existed: no [No specific vulnerability] [testing/web-platform/tests/css/css-contain/contain-size-025.html] [Lines 9] [Old Code] <meta name="flags" content=""> [Fixed Code] [Line removed] Additional Details: - This appears to be a test file modification rather than a security fix - The change simply removes an empty meta tag for test flags - No actual security vulnerability is being addressed here - The modification is likely related to test cleanup or standardization No security vulnerabilities were identified in this diff. The change is minor and doesn't appear to address any security concerns.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.