The index section of a MAR archive file contains several fixed-length fields
and also variable-length names for each file in the archive, terminated by a
null byte. Since that makes the length of the index variable, the length of the
entire index is also provided in the file.
When libmar opens a file, it allocates a buffer with the length given in the
file and reads the index from the file into that buffer.
mar_consume_index() then parses the entire index from that copy,
trying to make sure it doesn't read past the buffer it was given.
The length of the buffer is given to mar_consume_index()
by providing it a pointer to one byte past the end of the buffer.
However, mar_consume_index() treats this pointer as pointing *to* the end.
Therefore, it is possible for a malformed MAR file (one where the stated length
is less than the real length) to trigger a read of one byte beyond the
allocated memory.
Fix this by failing the parse when we reach the buffer end pointer minus one,
instead of when we reach that address itself.
--HG--
extra : amend_source : 3001a5bc08e790251759418e014bbd7153b66d8a
As part of this move, HOST_NSPR_MDCPUCFG needed to be changed to get the quoting right.
--HG--
extra : commitid : J26MhSiPq9g
extra : rebase_source : 81c5b98371042803741ddace8d01b0097757dff3
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.
--HG--
extra : rebase_source : 82e3387abfbd5f1471e953961d301d3d97ed2973
There are, sadly, many combinations of linkage in use throughout the tree.
The main differentiator, though, is between program/libraries related to
Gecko or not. Kind of. Some need mozglue, some don't. Some need dependent
linkage, some standalone.
Anyways, these new templates remove the need to manually define the
right dependencies against xpcomglue, nspr, mozalloc and mozglue
in most cases.
Places that build programs and were resetting MOZ_GLUE_PROGRAM_LDFLAGS
or that build libraries and were resetting MOZ_GLUE_LDFLAGS can now
just not use those Gecko-specific templates.
OS_LIBS for libraries that are not part of the gecko tree, EXTRA_LIBS for
libraries, such as NSPR, that are in the tree, but are not handled by
moz.build just yet. Those EXTRA_LIBS may also come from a system library.
However, in cases where the expanded variables are always empty for the
in-tree case, OS_LIBS is used (as for, e.g. MOZ_ZLIB_LIBS). OS_LDFLAGS is
used exclusively for non-library linker flags.
Always pass EXTRA_LIBS before OS_LIBS on linker command lines.
Forbid EXTRA_DSO_LDOPTS, SHARED_LIBRARY_LIBS and LIBS in Makefiles.