summaryrefslogtreecommitdiffstats
path: root/meta/recipes-sato
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-sato')
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch43
-rw-r--r--meta/recipes-sato/webkit/webkitgtk_2.36.8.bb1
2 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch
new file mode 100644
index 0000000000..ff9df40433
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch
@@ -0,0 +1,43 @@
1From fd57a49d07c9c285780495344073350182fd7c7c Mon Sep 17 00:00:00 2001
2From: Yijia Huang <hyjorc1@gmail.com>
3Date: Mon, 10 Oct 2022 15:42:34 -0700
4Subject: [PATCH] [JSC] Should model BigInt with side effects
5 https://bugs.webkit.org/show_bug.cgi?id=246291 rdar://100494823
6
7Reviewed by Yusuke Suzuki.
8
9Operations with two BigInt operands have side effects,
10which should not be hoisted from loops.
11
12* Source/JavaScriptCore/dfg/DFGClobberize.cpp:
13(JSC::DFG::doesWrites):
14* Source/JavaScriptCore/dfg/DFGClobberize.h:
15(JSC::DFG::clobberize):
16
17Canonical link: https://commits.webkit.org/255368@main
18
19CVE: CVE-2022-46691
20
21Upstream-Status: Backport
22[https://github.com/WebKit/WebKit/commit/fd57a49d07c9c285780495344073350182fd7c7c]
23
24Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
25---
26 Source/JavaScriptCore/dfg/DFGClobberize.h | 2 ++
27 1 file changed, 2 insertions(+)
28
29diff --git a/Source/JavaScriptCore/dfg/DFGClobberize.h b/Source/JavaScriptCore/dfg/DFGClobberize.h
30index 0363ab20dcd8..4b1bcfea1fd7 100644
31--- a/Source/JavaScriptCore/dfg/DFGClobberize.h
32+++ b/Source/JavaScriptCore/dfg/DFGClobberize.h
33@@ -811,6 +811,8 @@ void clobberize(Graph& graph, Node* node, const ReadFunctor& read, const WriteFu
34 case ValueBitRShift:
35 // FIXME: this use of single-argument isBinaryUseKind would prevent us from specializing (for example) for a HeapBigInt left-operand and a BigInt32 right-operand.
36 if (node->isBinaryUseKind(AnyBigIntUse) || node->isBinaryUseKind(BigInt32Use) || node->isBinaryUseKind(HeapBigIntUse)) {
37+ read(World);
38+ write(SideState);
39 def(PureValue(node));
40 return;
41 }
42--
432.40.0
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
index 1dac4f5677..02258f84e4 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BP}.tar.xz \
17 file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \ 17 file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \
18 file://CVE-2022-32888.patch \ 18 file://CVE-2022-32888.patch \
19 file://CVE-2022-32923.patch \ 19 file://CVE-2022-32923.patch \
20 file://CVE-2022-46691.patch \
20 " 21 "
21SRC_URI[sha256sum] = "0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437" 22SRC_URI[sha256sum] = "0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437"
22 23