Package: libjavascriptcore-1.0-0 Version: 2.4.11-2 Tags: patch Hi there,
As reported on #688640 and #834236, a recent update of libjavascriptcore-1.0-0 broke Midori 0.5.11-ds1-3, causing a segmentation fault right on startup. The reason for this is the incorrect/not-so-strict handling of the 'sourceURL' argument on JSEvaluateScript (from Source/JavaScriptCore/API/JSBase.cpp). Midori passes 'sourceURL' as NULL (and always did), but recently, because JSEvaluateScript tries to call the ->string() method of the object, the code crashes there. Anyway, I fixed this on Midori by passing an empty JSString object to JSEvaluateScript, but I see that WebKit upstream takes better care of the 'sourceURL' argument and checks if it is not NULL before accessing its members. Therefore, I'd like to propose the attached fix (which is basically a backport of the upstream code) for the current version of WebKit. I haven't tested it as I am currently in a not very powerful machine, so I appreciate reviews and tests. Also, the bug number on 'Closes' is invalid (because I still don't have the bug number), so please adjust it before applying the patch. Let me know if there is anything else you need. Thanks, -- Sergio GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 Please send encrypted e-mail if possible http://sergiodj.net/
From 0806eafc0243dd6df62cdfbb1e61f4ee42adcef4 Mon Sep 17 00:00:00 2001 From: Sergio Durigan Junior <sergi...@sergiodj.net> Date: Tue, 16 Aug 2016 20:58:57 -0400 Subject: [PATCH] Improve handling of 'sourceURL' on JSEvaluateScript. The current code of JSEvaluateScript (Source/JavaScriptCore/API/JSBase.cpp) does not check if 'sourceURL' is NULL before trying to access its members, causing a segmentation fault on some scenarios. This patch improves the code by checking for NULL and passing a String() if needed. Closes: #123456 --- debian/changelog | 9 +++++++++ .../fix-javascriptcoregtk-sourceURL-handling.patch | 22 ++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 32 insertions(+) create mode 100644 debian/patches/fix-javascriptcoregtk-sourceURL-handling.patch diff --git a/debian/changelog b/debian/changelog index 4673c8f..aeb660b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,18 @@ webkitgtk (2.4.11-3) UNRELEASED; urgency=medium + [ Jeremy Bicha ] * debian/control: - Bump breaks/replaces for libwebkitgtk-doc split since Ubuntu packaged 2.4.11 before taking the split (Closes: #833308) + [ Sergio Durigan Junior ] + * Improve handling of 'sourceURL' on JSEvaluateScript. + The current code of JSEvaluateScript + (Source/JavaScriptCore/API/JSBase.cpp) does not check if 'sourceURL' + is NULL before trying to access its members, causing a segmentation + fault on some scenarios. This patch improves the code by checking for + NULL and passing a String() if needed. (Closes: #123456) + -- Jeremy Bicha <jbi...@ubuntu.com> Tue, 02 Aug 2016 14:39:17 -0400 webkitgtk (2.4.11-2) unstable; urgency=medium diff --git a/debian/patches/fix-javascriptcoregtk-sourceURL-handling.patch b/debian/patches/fix-javascriptcoregtk-sourceURL-handling.patch new file mode 100644 index 0000000..d99cdf5 --- /dev/null +++ b/debian/patches/fix-javascriptcoregtk-sourceURL-handling.patch @@ -0,0 +1,22 @@ +Index: webkit/Source/JavaScriptCore/API/JSBase.cpp +=================================================================== +--- webkit.orig/Source/JavaScriptCore/API/JSBase.cpp 2016-08-16 20:40:13.223460059 -0400 ++++ webkit/Source/JavaScriptCore/API/JSBase.cpp 2016-08-16 20:46:15.244442388 -0400 +@@ -57,7 +57,7 @@ + + // evaluate sets "this" to the global object if it is NULL + JSGlobalObject* globalObject = exec->vmEntryGlobalObject(); +- SourceCode source = makeSource(script->string(), sourceURL->string(), TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber::first())); ++ SourceCode source = makeSource(script->string(), sourceURL ? sourceURL->string() : String(), TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber::first())); + + JSValue evaluationException; + JSValue returnValue = evaluate(globalObject->globalExec(), source, jsThisObject, &evaluationException); +@@ -86,7 +86,7 @@ + + startingLineNumber = std::max(1, startingLineNumber); + +- SourceCode source = makeSource(script->string(), sourceURL->string(), TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber::first())); ++ SourceCode source = makeSource(script->string(), sourceURL ? sourceURL->string() : String(), TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber::first())); + + JSValue syntaxException; + bool isValidSyntax = checkSyntax(exec->vmEntryGlobalObject()->globalExec(), source, &syntaxException); diff --git a/debian/patches/series b/debian/patches/series index ca1231e..724725f 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -7,3 +7,4 @@ x32_support.patch disable-jit-nonsse2.patch fix-ftbfs-m68k.patch fix-ftbfs-gcc6.patch +fix-javascriptcoregtk-sourceURL-handling.patch -- 2.8.1
signature.asc
Description: PGP signature