diff -Nru mozjs91-91.7.0/Cargo.lock mozjs91-91.10.0/Cargo.lock --- mozjs91-91.7.0/Cargo.lock 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/Cargo.lock 2022-06-01 08:35:30.000000000 -0400 @@ -3888,6 +3888,7 @@ version = "0.2.0" dependencies = [ "libc", + "rustc_version", ] [[package]] @@ -4048,9 +4049,9 @@ [[package]] name = "regex" -version = "1.5.4" +version = "1.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461" +checksum = "1a11647b6b25ff05a515cb92c365cec08801e83423a235b51e231e1808747286" dependencies = [ "aho-corasick", "memchr", diff -Nru mozjs91-91.7.0/config/milestone.txt mozjs91-91.10.0/config/milestone.txt --- mozjs91-91.7.0/config/milestone.txt 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/config/milestone.txt 2022-06-01 08:35:30.000000000 -0400 @@ -10,4 +10,4 @@ # hardcoded milestones in the tree from these two files. #-------------------------------------------------------- -91.7.0 +91.10.0 diff -Nru mozjs91-91.7.0/debian/changelog mozjs91-91.10.0/debian/changelog --- mozjs91-91.7.0/debian/changelog 2022-03-08 16:30:35.000000000 -0500 +++ mozjs91-91.10.0/debian/changelog 2022-06-16 10:11:50.000000000 -0400 @@ -1,3 +1,16 @@ +mozjs91 (91.10.0-0ubuntu1) jammy-security; urgency=medium + + [ Jeremy Bicha ] + * SECURITY UPDATE: Multiple issues (LP: #1978961) + - CVE-2022-28285: Incorrect AliasSet used in JIT Codegen + - CVE-2022-31740: Register allocation problem in WASM on arm64 + * Drop Bug-1687417-MIPS32 patch: applied in new release + + [ Simon McVittie ] + * Add a patch to fix test failure with vendored ICU (LP: #1976260) + + -- Jeremy Bicha Thu, 16 Jun 2022 10:11:50 -0400 + mozjs91 (91.7.0-2) unstable; urgency=medium * Include changes from 91.6.0-2 that were accidentally dropped diff -Nru mozjs91-91.7.0/debian/control mozjs91-91.10.0/debian/control --- mozjs91-91.7.0/debian/control 2022-03-08 16:30:35.000000000 -0500 +++ mozjs91-91.10.0/debian/control 2022-06-16 10:11:50.000000000 -0400 @@ -5,8 +5,9 @@ Source: mozjs91 Section: libs Priority: optional -Maintainer: Debian GNOME Maintainers -Uploaders: Iain Lane , Jeremy Bicha +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian GNOME Maintainers +Uploaders: Iain Lane , Jeremy Bicha , Tim Lunn Build-Depends: debhelper-compat (= 13), gnome-pkg-tools, cargo, @@ -26,8 +27,8 @@ zip Rules-Requires-Root: no Standards-Version: 4.5.1 -Vcs-Browser: https://salsa.debian.org/gnome-team/mozjs/tree/debian/91/master -Vcs-Git: https://salsa.debian.org/gnome-team/mozjs.git -b debian/91/master +Vcs-Browser: https://salsa.debian.org/gnome-team/mozjs/tree/ubuntu/91/jammy +Vcs-Git: https://salsa.debian.org/gnome-team/mozjs.git -b debian/91/jammy Homepage: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey Package: libmozjs-91-0 diff -Nru mozjs91-91.7.0/debian/control.in mozjs91-91.10.0/debian/control.in --- mozjs91-91.7.0/debian/control.in 2022-03-08 16:30:35.000000000 -0500 +++ mozjs91-91.10.0/debian/control.in 2022-06-16 10:11:50.000000000 -0400 @@ -1,7 +1,8 @@ Source: mozjs91 Section: libs Priority: optional -Maintainer: Debian GNOME Maintainers +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian GNOME Maintainers Uploaders: @GNOME_TEAM@ Build-Depends: debhelper-compat (= 13), gnome-pkg-tools, @@ -22,8 +23,8 @@ zip Rules-Requires-Root: no Standards-Version: 4.5.1 -Vcs-Browser: https://salsa.debian.org/gnome-team/mozjs/tree/debian/91/master -Vcs-Git: https://salsa.debian.org/gnome-team/mozjs.git -b debian/91/master +Vcs-Browser: https://salsa.debian.org/gnome-team/mozjs/tree/ubuntu/91/jammy +Vcs-Git: https://salsa.debian.org/gnome-team/mozjs.git -b debian/91/jammy Homepage: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey Package: libmozjs-91-0 diff -Nru mozjs91-91.7.0/debian/gbp.conf mozjs91-91.10.0/debian/gbp.conf --- mozjs91-91.7.0/debian/gbp.conf 2022-03-08 16:30:35.000000000 -0500 +++ mozjs91-91.10.0/debian/gbp.conf 2022-06-16 10:11:50.000000000 -0400 @@ -1,6 +1,6 @@ [DEFAULT] pristine-tar = True -debian-branch = debian/91/master +debian-branch = ubuntu/91/jammy upstream-branch = upstream/91 [buildpackage] diff -Nru mozjs91-91.7.0/debian/patches/Bug-1687417-MIPS32-nojit-silence-an-assert.patch mozjs91-91.10.0/debian/patches/Bug-1687417-MIPS32-nojit-silence-an-assert.patch --- mozjs91-91.7.0/debian/patches/Bug-1687417-MIPS32-nojit-silence-an-assert.patch 2022-03-08 16:30:35.000000000 -0500 +++ mozjs91-91.10.0/debian/patches/Bug-1687417-MIPS32-nojit-silence-an-assert.patch 1969-12-31 19:00:00.000000000 -0500 @@ -1,28 +0,0 @@ -From: Lars T Hansen -Date: Wed, 15 Sep 2021 06:11:09 +0000 -Subject: Bug 1687417 - MIPS32 nojit, silence an assert - -A static_assert is failing but this is not relevant for nojit builds, -so silence it. - -Differential Revision: https://phabricator.services.mozilla.com/D125526 -Origin: Firefox 94, part of commit:https://hg.mozilla.org/mozilla-central/rev/9408195567a2 ---- - js/src/wasm/WasmFrame.cpp | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/js/src/wasm/WasmFrame.cpp b/js/src/wasm/WasmFrame.cpp -index 9a1de91..495f3bf 100644 ---- a/js/src/wasm/WasmFrame.cpp -+++ b/js/src/wasm/WasmFrame.cpp -@@ -54,8 +54,10 @@ void DebugFrame::alignmentStaticAsserts() { - - static_assert(WasmStackAlignment >= Alignment, - "Aligned by ABI before pushing DebugFrame"); -+#ifndef JS_CODEGEN_NONE - static_assert((offsetof(DebugFrame, frame_) + sizeof(Frame)) % Alignment == 0, - "Aligned after pushing DebugFrame"); -+#endif - #ifdef JS_CODEGEN_ARM64 - // This constraint may or may not be necessary. If you hit this because - // you've changed the frame size then feel free to remove it, but be extra diff -Nru mozjs91-91.7.0/debian/patches/series mozjs91-91.10.0/debian/patches/series --- mozjs91-91.7.0/debian/patches/series 2022-03-08 16:30:35.000000000 -0500 +++ mozjs91-91.10.0/debian/patches/series 2022-06-16 10:11:50.000000000 -0400 @@ -5,7 +5,6 @@ copy-headers.patch tests-increase-timeout.patch ia64-support.patch -Bug-1687417-MIPS32-nojit-silence-an-assert.patch Fix-math_private.h-for-i386-FTBFS.patch tests-Add-the-ability-to-skip-tests-according-to-dpkg-arc.patch tests-Expect-some-floating-point-tests-to-fail-on-i386.patch @@ -26,3 +25,4 @@ system-ICU/tests-Adapt-subtags-test-to-debian-ICU-computed-values.patch system-ICU/tests-Disable-failing-DateTimeFormat-tests-with-system-IC.patch system-ICU/DateTimeFormat-Use-normal-parenthesis-instead-of-ICU.patch +system-ICU/tests-Skip-comparison-of-tzdata-version-number.patch diff -Nru mozjs91-91.7.0/debian/patches/system-ICU/tests-Skip-comparison-of-tzdata-version-number.patch mozjs91-91.10.0/debian/patches/system-ICU/tests-Skip-comparison-of-tzdata-version-number.patch --- mozjs91-91.7.0/debian/patches/system-ICU/tests-Skip-comparison-of-tzdata-version-number.patch 1969-12-31 19:00:00.000000000 -0500 +++ mozjs91-91.10.0/debian/patches/system-ICU/tests-Skip-comparison-of-tzdata-version-number.patch 2022-06-16 10:11:50.000000000 -0400 @@ -0,0 +1,24 @@ +From: Simon McVittie +Date: Mon, 21 Mar 2022 19:06:29 +0000 +Subject: tests: Skip comparison of tzdata version number + +The test expects the timezone database version number to be reported as +2021a3, but it's actually reported as 2021a. +--- + js/src/tests/jstests.list | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/js/src/tests/jstests.list b/js/src/tests/jstests.list +index 2cdd969..aef1b36 100644 +--- a/js/src/tests/jstests.list ++++ b/js/src/tests/jstests.list +@@ -757,6 +757,9 @@ skip script test262/built-ins/RegExp/property-escapes/generated/General_Category + skip script test262/built-ins/RegExp/property-escapes/generated/Script_-_Ethiopic.js + skip script test262/built-ins/RegExp/property-escapes/generated/Script_Extensions_-_Ethiopic.js + ++# This test fails with Debian/Ubuntu's reported tzdata version ++skip script non262/Intl/DateTimeFormat/timeZone_version.js ++ + ########################################################### + # Tests disabled due to issues in test262 importer script # + ########################################################### diff -Nru mozjs91-91.7.0/js/src/builtin/Array.cpp mozjs91-91.10.0/js/src/builtin/Array.cpp --- mozjs91-91.7.0/js/src/builtin/Array.cpp 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/js/src/builtin/Array.cpp 2022-06-01 08:35:30.000000000 -0400 @@ -4243,3 +4243,35 @@ return SetLengthProperty(cx, obj, length); } + +bool js::intrinsic_newList(JSContext* cx, unsigned argc, js::Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + MOZ_ASSERT(args.length() == 0); + + size_t length = 0; + gc::AllocKind allocKind = GuessArrayGCKind(length); + MOZ_ASSERT(CanChangeToBackgroundAllocKind(allocKind, &ArrayObject::class_)); + allocKind = ForegroundToBackgroundAllocKind(allocKind); + + /* + * Get a shape with zero fixed slots, regardless of the size class. + * See JSObject::createArray. + */ + RootedShape shape( + cx, SharedShape::getInitialShape(cx, &ArrayObject::class_, cx->realm(), + TaggedProto(), gc::AllocKind::OBJECT0)); + if (!shape) { + return false; + } + + gc::InitialHeap heap = gc::InitialHeap::DefaultHeap; + AutoSetNewObjectMetadata metadata(cx); + RootedArrayObject list(cx, ArrayObject::createArray(cx, allocKind, heap, + shape, length, metadata)); + if (!list || !AddLengthProperty(cx, list)) { + return false; + } + + args.rval().setObject(*list); + return true; +} diff -Nru mozjs91-91.7.0/js/src/builtin/Array.h mozjs91-91.10.0/js/src/builtin/Array.h --- mozjs91-91.7.0/js/src/builtin/Array.h 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/js/src/builtin/Array.h 2022-06-01 08:35:30.000000000 -0400 @@ -116,6 +116,8 @@ extern JSObject* ArraySliceDense(JSContext* cx, HandleObject obj, int32_t begin, int32_t end, HandleObject result); +extern bool intrinsic_newList(JSContext* cx, unsigned argc, js::Value* vp); + /* * Append the given (non-hole) value to the end of an array. The array must be * a newborn array -- that is, one which has not been exposed to script for diff -Nru mozjs91-91.7.0/js/src/builtin/Module.js mozjs91-91.10.0/js/src/builtin/Module.js --- mozjs91-91.7.0/js/src/builtin/Module.js 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/js/src/builtin/Module.js 2022-06-01 08:35:30.000000000 -0400 @@ -14,7 +14,7 @@ // https://tc39.es/ecma262/#sec-getexportednames // ES2020 15.2.1.17.2 GetExportedNames -function ModuleGetExportedNames(exportStarSet = []) +function ModuleGetExportedNames(exportStarSet = new_List()) { if (!IsObject(this) || !IsModule(this)) { return callFunction(CallModuleMethodIfWrapped, this, exportStarSet, @@ -26,13 +26,13 @@ // Step 4 if (callFunction(ArrayIncludes, exportStarSet, module)) - return []; + return new_List(); // Step 5 DefineDataProperty(exportStarSet, exportStarSet.length, module); // Step 6 - let exportedNames = []; + let exportedNames = new_List(); let namesCount = 0; // Step 7 @@ -99,7 +99,7 @@ // - If the request is found to be ambiguous, the string `"ambiguous"` is // returned. // -function ModuleResolveExport(exportName, resolveSet = []) +function ModuleResolveExport(exportName, resolveSet = new_List()) { assert(typeof exportName === "string", "ModuleResolveExport"); @@ -206,7 +206,7 @@ // Step 4 if (typeof namespace === "undefined") { let exportedNames = callFunction(module.getExportedNames, module); - let unambiguousNames = []; + let unambiguousNames = new_List(); for (let i = 0; i < exportedNames.length; i++) { let name = exportedNames[i]; let resolution = callFunction(module.resolveExport, module, name); @@ -312,7 +312,7 @@ } // Step 3 - let stack = []; + let stack = new_List(); // Steps 4-5 try { @@ -606,7 +606,7 @@ } // Step 4 - let stack = []; + let stack = new_List(); // Steps 5-6 try { @@ -769,7 +769,7 @@ } // https://tc39.es/proposal-top-level-await/#sec-gather-async-parent-completions -function GatherAsyncParentCompletions(module, execList = []) { +function GatherAsyncParentCompletions(module, execList = new_List()) { assert(module.status == MODULE_STATUS_EVALUATED, "bad status for async module"); // Step 5. @@ -809,4 +809,3 @@ ExecuteModule(module); } - diff -Nru mozjs91-91.7.0/js/src/builtin/RegExp.js mozjs91-91.10.0/js/src/builtin/RegExp.js --- mozjs91-91.7.0/js/src/builtin/RegExp.js 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/js/src/builtin/RegExp.js 2022-06-01 08:35:30.000000000 -0400 @@ -349,7 +349,7 @@ } // Step 9. - var results = []; + var results = new_List(); var nResults = 0; // Step 11. @@ -456,7 +456,7 @@ functionalReplace, firstDollarIndex) { // Step 14.h. - var captures = []; + var captures = new_List(); var capturesLength = 0; // Step 14.k.i (reordered). @@ -546,7 +546,7 @@ } // Steps 14.g-i, 14.k.i-ii. - var captures = []; + var captures = new_List(); for (var n = 0; n <= nCaptures; n++) { assert(typeof result[n] === "string" || result[n] === undefined, "RegExpMatcher returns only strings and undefined"); diff -Nru mozjs91-91.7.0/js/src/builtin/Utilities.js mozjs91-91.10.0/js/src/builtin/Utilities.js --- mozjs91-91.7.0/js/src/builtin/Utilities.js 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/js/src/builtin/Utilities.js 2022-06-01 08:35:30.000000000 -0400 @@ -27,16 +27,7 @@ // code are installed via the std_functions JSFunctionSpec[] in // SelfHosting.cpp. -/********** List / Record specification types **********/ - -// A "List" is an internal type used in the ECMAScript spec to define a simple -// ordered list of values. It is never exposed to user script, but we use a -// simple Object (with null prototype) as a convenient implementation. -// -// NOTE: This does not track a `length` field. -function new_List() { - return std_Object_create(null); -} +/********** Specification types **********/ // A "Record" is an internal type used in the ECMAScript spec to define a struct diff -Nru mozjs91-91.7.0/js/src/ds/InlineTable.h mozjs91-91.10.0/js/src/ds/InlineTable.h --- mozjs91-91.7.0/js/src/ds/InlineTable.h 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/js/src/ds/InlineTable.h 2022-06-01 08:35:30.000000000 -0400 @@ -94,7 +94,7 @@ [[nodiscard]] bool switchToTable() { MOZ_ASSERT(inlNext_ == InlineEntries); - table_.clear(); + table_.clearAndCompact(); InlineEntry* end = inlineEnd(); for (InlineEntry* it = inlineStart(); it != end; ++it) { diff -Nru mozjs91-91.7.0/js/src/jit/arm64/CodeGenerator-arm64.cpp mozjs91-91.10.0/js/src/jit/arm64/CodeGenerator-arm64.cpp --- mozjs91-91.7.0/js/src/jit/arm64/CodeGenerator-arm64.cpp 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/js/src/jit/arm64/CodeGenerator-arm64.cpp 2022-06-01 08:35:30.000000000 -0400 @@ -2489,7 +2489,14 @@ } // Act on flag. - Assembler::Condition cond = JSOpToCondition(ins->compareType(), ins->jsop()); + Assembler::Condition cond; + if (compTy == MCompare::Compare_Float32 || + compTy == MCompare::Compare_Double) { + cond = Assembler::ConditionFromDoubleCondition( + JSOpToDoubleCondition(ins->jsop())); + } else { + cond = JSOpToCondition(compTy, ins->jsop()); + } MIRType insTy = ins->mir()->type(); if (insTy == MIRType::Int32) { Register outReg = ToRegister(ins->output()); diff -Nru mozjs91-91.7.0/js/src/jit/arm64/Lowering-arm64.cpp mozjs91-91.10.0/js/src/jit/arm64/Lowering-arm64.cpp --- mozjs91-91.7.0/js/src/jit/arm64/Lowering-arm64.cpp 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/js/src/jit/arm64/Lowering-arm64.cpp 2022-06-01 08:35:30.000000000 -0400 @@ -960,8 +960,12 @@ } lir->setOperand(0, useRegisterAtStart(lhs)); - lir->setOperand(1, useRegisterAtStart(rhs)); - define(lir, ins); + lir->setOperand(1, willHaveDifferentLIRNodes(lhs, rhs) + ? useRegister(rhs) + : useRegisterAtStart(rhs)); + // The copySignDouble and copySignFloat32 are optimized for lhs == output. + // It also prevents rhs == output when lhs != output, avoids clobbering. + defineReuseInput(lir, ins, 0); } void LIRGenerator::visitExtendInt32ToInt64(MExtendInt32ToInt64* ins) { diff -Nru mozjs91-91.7.0/js/src/jit/JitFrames.cpp mozjs91-91.10.0/js/src/jit/JitFrames.cpp --- mozjs91-91.7.0/js/src/jit/JitFrames.cpp 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/js/src/jit/JitFrames.cpp 2022-06-01 08:35:30.000000000 -0400 @@ -1030,13 +1030,15 @@ TraceRoot(trc, layout->stubCode(), "ion-ic-call-code"); } -#ifdef JS_CODEGEN_MIPS32 +#if defined(JS_CODEGEN_ARM64) || defined(JS_CODEGEN_MIPS32) uint8_t* alignDoubleSpill(uint8_t* pointer) { uintptr_t address = reinterpret_cast(pointer); - address &= ~(ABIStackAlignment - 1); + address &= ~(uintptr_t(ABIStackAlignment) - 1); return reinterpret_cast(address); } +#endif +#ifdef JS_CODEGEN_MIPS32 static void TraceJitExitFrameCopiedArguments(JSTracer* trc, const VMFunctionData* f, ExitFooterFrame* footer) { diff -Nru mozjs91-91.7.0/js/src/jit/JitFrames.h mozjs91-91.10.0/js/src/jit/JitFrames.h --- mozjs91-91.7.0/js/src/jit/JitFrames.h 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/js/src/jit/JitFrames.h 2022-06-01 08:35:30.000000000 -0400 @@ -196,11 +196,11 @@ // Returns the JSScript associated with the topmost JIT frame. JSScript* GetTopJitJSScript(JSContext* cx); -#ifdef JS_CODEGEN_MIPS32 +#if defined(JS_CODEGEN_MIPS32) || defined(JS_CODEGEN_ARM64) uint8_t* alignDoubleSpill(uint8_t* pointer); #else inline uint8_t* alignDoubleSpill(uint8_t* pointer) { - // This is NO-OP on non-MIPS platforms. + // This is a no-op on most platforms. return pointer; } #endif diff -Nru mozjs91-91.7.0/js/src/jit/MIR.h mozjs91-91.10.0/js/src/jit/MIR.h --- mozjs91-91.7.0/js/src/jit/MIR.h 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/js/src/jit/MIR.h 2022-06-01 08:35:30.000000000 -0400 @@ -6896,7 +6896,8 @@ return congruentIfOperandsEqual(other); } AliasSet getAliasSet() const override { - return AliasSet::Load(AliasSet::UnboxedElement); + return AliasSet::Load(AliasSet::UnboxedElement | AliasSet::ObjectFields | + AliasSet::ArrayBufferViewLengthOrOffset); } bool canProduceFloat32() const override { return arrayType_ == Scalar::Float32; diff -Nru mozjs91-91.7.0/js/src/jit-test/tests/wasm/binop-arm64-ion-codegen.js mozjs91-91.10.0/js/src/jit-test/tests/wasm/binop-arm64-ion-codegen.js --- mozjs91-91.7.0/js/src/jit-test/tests/wasm/binop-arm64-ion-codegen.js 2022-03-08 14:05:03.000000000 -0500 +++ mozjs91-91.10.0/js/src/jit-test/tests/wasm/binop-arm64-ion-codegen.js 2022-06-01 08:35:30.000000000 -0400 @@ -300,7 +300,7 @@ 'f', `9e6703e0 fmov d0, xzr 1e622000 fcmp d0, d2 - 1e63bc20 fcsel d0, d1, d3, lt`) + 1e633c20 fcsel d0, d1, d3, lo`) // FP ABS should not tie its input to its output. diff -Nru mozjs91-91.7.0/js/src/jit-test/tests/wasm/regress/bug1761850.js mozjs91-91.10.0/js/src/jit-test/tests/wasm/regress/bug1761850.js --- mozjs91-91.7.0/js/src/jit-test/tests/wasm/regress/bug1761850.js 1969-12-31 19:00:00.000000000 -0500 +++ mozjs91-91.10.0/js/src/jit-test/tests/wasm/regress/bug1761850.js 2022-06-01 08:35:30.000000000 -0400 @@ -0,0 +1,96 @@ +// Testing runtime execution of select + comparison operations. +// Normally they are folded into shorter/faster sequence than select alone. + +function cross(xs) { + let results = []; + for ( let x of xs ) + for ( let y of xs ) + results.push([x,y]); + return results; +} + +const floatOps = { + lt(a, b) { return a < b ? 0 : 1; }, + le(a, b) { return a <= b ? 0 : 1; }, + gt(a, b) { return a > b ? 0 : 1; }, + ge(a, b) { return a >= b ? 0 : 1; }, + eq(a, b) { return a === b ? 0 : 1; }, + ne(a, b) { return a !== b ? 0 : 1; }, +} + +for (let ty of ['f32', 'f64']) { + for (let op of ['lt', 'le', 'gt', 'ge', 'eq', 'ne']) { + const module = new WebAssembly.Module(wasmTextToBinary(`(module + (memory (export "memory") 1 1) + (func (export "test") (result i32) + i32.const 128 + i32.load8_u + i32.const 129 + i32.load8_u + i32.const 0 + ${ty}.load + i32.const ${ty == 'f32' ? 4 : 8} + ${ty}.load + ${ty}.${op} + select + ) + (data (i32.const 128) "\\00\\01"))`)); + const instance = new WebAssembly.Instance(module); + const arr = new (ty == 'f32' ? Float32Array : Float64Array)(instance.exports.memory.buffer); + for (let [a, b] of cross( + [0, 1, -1e100, Infinity, -Infinity, 1e100, -1e-10, 1/-Infinity, NaN] + )) { + arr[0] = a; arr[1] = b; + assertEq(instance.exports.test(), floatOps[op](arr[0], arr[1])) + } + } +} + +const intOps = { + lt(a, b) { return a < b ? 0 : 1; }, + le(a, b) { return a <= b ? 0 : 1; }, + gt(a, b) { return a > b ? 0 : 1; }, + ge(a, b) { return a >= b ? 0 : 1; }, + eq(a, b) { return a === b ? 0 : 1; }, + ne(a, b) { return a !== b ? 0 : 1; }, +} + +for (let [ty, signed] of [['i32', true], ['i32', false], ['i64', true], ['i64', false]]) { + for (let op of ['lt', 'le', 'gt', 'ge', 'eq', 'ne']) { + const module = new WebAssembly.Module(wasmTextToBinary(`(module + (memory (export "memory") 1 1) + (func (export "test") (result i32) + i32.const 128 + i32.load8_u + i32.const 129 + i32.load8_u + i32.const 0 + ${ty}.load + i32.const ${ty == 'i32' ? 4 : 8} + ${ty}.load + ${ty}.${op}${op[0] == 'l' || op[0] == 'g' ? (signed ? '_s' : '_u') : ''} + select + ) + (data (i32.const 128) "\\00\\01"))`)); + const instance = new WebAssembly.Instance(module); + const arr = new (ty == 'i32' ? (signed ? Int32Array : Uint32Array) : + (signed ? BigInt64Array : BigUint64Array)) + (instance.exports.memory.buffer); + const c = ty == 'i32' ? (a => a|0) : BigInt; + for (let [a, b] of cross( + [c(0), ~c(0), c(1), ~c(1), c(1) << c(8), ~c(1) << c(12)] + )) { + arr[0] = a; arr[1] = b; + assertEq(instance.exports.test(), intOps[op](arr[0], arr[1])) + } + } +} + + +function cross(xs) { + let results = []; + for ( let x of xs ) + for ( let y of xs ) + results.push([x,y]); + return results; +} diff -Nru mozjs91-91.7.0/js/src/jit-test/tests/wasm/regress/bug1762899.js mozjs91-91.10.0/js/src/jit-test/tests/wasm/regress/bug1762899.js --- mozjs91-91.7.0/js/src/jit-test/tests/wasm/regress/bug1762899.js 1969-12-31 19:00:00.000000000 -0500 +++ mozjs91-91.10.0/js/src/jit-test/tests/wasm/regress/bug1762899.js 2022-06-01 08:35:30.000000000 -0400 @@ -0,0 +1,34 @@ +var ins = wasmEvalText(` +(module + (func (export "copysign_f64") (param f64 f64) (result f64) + f64.const 0x1.921fb54442d18p+0 (;=1.5708;) + local.get 0 + f64.copysign + ) + (func (export "copysign_f32") (param f32 f32) (result f32) + f32.const 0x1.921fb54442d18p+0 (;=1.5708;) + local.get 0 + f32.copysign + ) + (func (export "copysign_f64_2") (param f64 f64) (result f64) + local.get 1 + f64.const 0x1.921fb54442d18p+0 (;=1.5708;) + f64.copysign + ) + (func (export "copysign_f32_2") (param f32 f32) (result f32) + local.get 1 + f32.const -0x1.921fb54442d18p+0 (;=1.5708;) + f32.copysign + ) + +) +`); + +assertEq(ins.exports.copysign_f64(1, 0), 1.5707963267948966); +assertEq(ins.exports.copysign_f64(-1, 0), -1.5707963267948966); +assertEq(ins.exports.copysign_f32(1, 0), 1.5707963705062866); +assertEq(ins.exports.copysign_f32(-1, 0), -1.5707963705062866); +assertEq(ins.exports.copysign_f64_2(0, 1), 1); +assertEq(ins.exports.copysign_f64_2(0, -1), 1); +assertEq(ins.exports.copysign_f32_2(0, 1), -1); +assertEq(ins.exports.copysign_f32_2(0, -1), -1); diff -Nru mozjs91-91.7.0/js/src/vm/SelfHosting.cpp mozjs91-91.10.0/js/src/vm/SelfHosting.cpp --- mozjs91-91.7.0/js/src/vm/SelfHosting.cpp 2022-03-08 14:05:05.000000000 -0500 +++ mozjs91-91.10.0/js/src/vm/SelfHosting.cpp 2022-06-01 08:35:32.000000000 -0400 @@ -2386,7 +2386,7 @@ JS_INLINABLE_FN("UnsafeSetReservedSlot", intrinsic_UnsafeSetReservedSlot, 3, 0, IntrinsicUnsafeSetReservedSlot), - // Intrinsics and standard functions used by Intl API implementation. +// Intrinsics and standard functions used by Intl API implementation. #ifdef JS_HAS_INTL_API JS_FN("intl_BestAvailableLocale", intl_BestAvailableLocale, 3, 0), JS_FN("intl_CallCollatorMethodIfWrapped", @@ -2476,6 +2476,7 @@ #endif // JS_HAS_INTL_API // Standard builtins used by self-hosting. + JS_FN("new_List", intrinsic_newList, 0, 0), JS_INLINABLE_FN("std_Array", array_construct, 1, 0, Array), JS_INLINABLE_FN("std_Array_pop", array_pop, 0, 0, ArrayPop), JS_INLINABLE_FN("std_Array_push", array_push, 1, 0, ArrayPush), diff -Nru mozjs91-91.7.0/js/src/wasm/WasmFrame.cpp mozjs91-91.10.0/js/src/wasm/WasmFrame.cpp --- mozjs91-91.7.0/js/src/wasm/WasmFrame.cpp 2022-03-08 14:05:05.000000000 -0500 +++ mozjs91-91.10.0/js/src/wasm/WasmFrame.cpp 2022-06-01 08:35:32.000000000 -0400 @@ -54,8 +54,10 @@ static_assert(WasmStackAlignment >= Alignment, "Aligned by ABI before pushing DebugFrame"); +#ifndef JS_CODEGEN_NONE static_assert((offsetof(DebugFrame, frame_) + sizeof(Frame)) % Alignment == 0, "Aligned after pushing DebugFrame"); +#endif #ifdef JS_CODEGEN_ARM64 // This constraint may or may not be necessary. If you hit this because // you've changed the frame size then feel free to remove it, but be extra diff -Nru mozjs91-91.7.0/modules/zlib/src/ChangeLog.moz mozjs91-91.10.0/modules/zlib/src/ChangeLog.moz --- mozjs91-91.7.0/modules/zlib/src/ChangeLog.moz 2022-03-08 14:05:05.000000000 -0500 +++ mozjs91-91.10.0/modules/zlib/src/ChangeLog.moz 2022-06-01 08:35:32.000000000 -0400 @@ -71,3 +71,7 @@ - 28 May 2021 Add because of the error: implicit declaration of function {lseek, read, write} is invalid in C99. See bug #1701197 + +- 28 March 2022 + Backport upstream fix for CVE-2018-25032 + See bug #1761799 diff -Nru mozjs91-91.7.0/modules/zlib/src/deflate.c mozjs91-91.10.0/modules/zlib/src/deflate.c --- mozjs91-91.7.0/modules/zlib/src/deflate.c 2022-03-08 14:05:05.000000000 -0500 +++ mozjs91-91.10.0/modules/zlib/src/deflate.c 2022-06-01 08:35:32.000000000 -0400 @@ -252,11 +252,6 @@ int wrap = 1; static const char my_version[] = ZLIB_VERSION; - ushf *overlay; - /* We overlay pending_buf and d_buf+l_buf. This works since the average - * output size for (length,distance) codes is <= 24 bits. - */ - if (version == Z_NULL || version[0] != my_version[0] || stream_size != sizeof(z_stream)) { return Z_VERSION_ERROR; @@ -326,9 +321,47 @@ s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ - overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); - s->pending_buf = (uchf *) overlay; - s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L); + /* We overlay pending_buf and sym_buf. This works since the average size + * for length/distance pairs over any compressed block is assured to be 31 + * bits or less. + * + * Analysis: The longest fixed codes are a length code of 8 bits plus 5 + * extra bits, for lengths 131 to 257. The longest fixed distance codes are + * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest + * possible fixed-codes length/distance pair is then 31 bits total. + * + * sym_buf starts one-fourth of the way into pending_buf. So there are + * three bytes in sym_buf for every four bytes in pending_buf. Each symbol + * in sym_buf is three bytes -- two for the distance and one for the + * literal/length. As each symbol is consumed, the pointer to the next + * sym_buf value to read moves forward three bytes. From that symbol, up to + * 31 bits are written to pending_buf. The closest the written pending_buf + * bits gets to the next sym_buf symbol to read is just before the last + * code is written. At that time, 31*(n-2) bits have been written, just + * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at + * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1 + * symbols are written.) The closest the writing gets to what is unread is + * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and + * can range from 128 to 32768. + * + * Therefore, at a minimum, there are 142 bits of space between what is + * written and what is read in the overlain buffers, so the symbols cannot + * be overwritten by the compressed data. That space is actually 139 bits, + * due to the three-bit fixed-code block header. + * + * That covers the case where either Z_FIXED is specified, forcing fixed + * codes, or when the use of fixed codes is chosen, because that choice + * results in a smaller compressed block than dynamic codes. That latter + * condition then assures that the above analysis also covers all dynamic + * blocks. A dynamic-code block will only be chosen to be emitted if it has + * fewer bits than a fixed-code block would for the same set of symbols. + * Therefore its average symbol length is assured to be less than 31. So + * the compressed data for a dynamic block also cannot overwrite the + * symbols from which it is being constructed. + */ + + s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4); + s->pending_buf_size = (ulg)s->lit_bufsize * 4; if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || s->pending_buf == Z_NULL) { @@ -337,8 +370,12 @@ deflateEnd (strm); return Z_MEM_ERROR; } - s->d_buf = overlay + s->lit_bufsize/sizeof(ush); - s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; + s->sym_buf = s->pending_buf + s->lit_bufsize; + s->sym_end = (s->lit_bufsize - 1) * 3; + /* We avoid equality with lit_bufsize*3 because of wraparound at 64K + * on 16 bit machines and because stored blocks are restricted to + * 64K-1 bytes. + */ s->level = level; s->strategy = strategy; @@ -549,7 +586,7 @@ if (deflateStateCheck(strm)) return Z_STREAM_ERROR; s = strm->state; - if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3)) + if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3)) return Z_BUF_ERROR; do { put = Buf_size - s->bi_valid; @@ -1108,7 +1145,6 @@ #else deflate_state *ds; deflate_state *ss; - ushf *overlay; if (deflateStateCheck(source) || dest == Z_NULL) { @@ -1128,8 +1164,7 @@ ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte)); ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos)); ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos)); - overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2); - ds->pending_buf = (uchf *) overlay; + ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4); if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL || ds->pending_buf == Z_NULL) { @@ -1143,8 +1178,7 @@ zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); - ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush); - ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize; + ds->sym_buf = ds->pending_buf + ds->lit_bufsize; ds->l_desc.dyn_tree = ds->dyn_ltree; ds->d_desc.dyn_tree = ds->dyn_dtree; @@ -1912,7 +1946,7 @@ FLUSH_BLOCK(s, 1); return finish_done; } - if (s->last_lit) + if (s->sym_next) FLUSH_BLOCK(s, 0); return block_done; } @@ -2043,7 +2077,7 @@ FLUSH_BLOCK(s, 1); return finish_done; } - if (s->last_lit) + if (s->sym_next) FLUSH_BLOCK(s, 0); return block_done; } @@ -2118,7 +2152,7 @@ FLUSH_BLOCK(s, 1); return finish_done; } - if (s->last_lit) + if (s->sym_next) FLUSH_BLOCK(s, 0); return block_done; } @@ -2157,7 +2191,7 @@ FLUSH_BLOCK(s, 1); return finish_done; } - if (s->last_lit) + if (s->sym_next) FLUSH_BLOCK(s, 0); return block_done; } diff -Nru mozjs91-91.7.0/modules/zlib/src/deflate.h mozjs91-91.10.0/modules/zlib/src/deflate.h --- mozjs91-91.7.0/modules/zlib/src/deflate.h 2022-03-08 14:05:05.000000000 -0500 +++ mozjs91-91.10.0/modules/zlib/src/deflate.h 2022-06-01 08:35:32.000000000 -0400 @@ -217,7 +217,7 @@ /* Depth of each subtree used as tie breaker for trees of equal frequency */ - uchf *l_buf; /* buffer for literals or lengths */ + uchf *sym_buf; /* buffer for distances and literals/lengths */ uInt lit_bufsize; /* Size of match buffer for literals/lengths. There are 4 reasons for @@ -239,13 +239,8 @@ * - I can't count above 4 */ - uInt last_lit; /* running index in l_buf */ - - ushf *d_buf; - /* Buffer for distances. To simplify the code, d_buf and l_buf have - * the same number of elements. To use different lengths, an extra flag - * array would be necessary. - */ + uInt sym_next; /* running index in sym_buf */ + uInt sym_end; /* symbol table full when sym_next reaches this */ ulg opt_len; /* bit length of current block with optimal trees */ ulg static_len; /* bit length of current block with static trees */ @@ -325,20 +320,22 @@ # define _tr_tally_lit(s, c, flush) \ { uch cc = (c); \ - s->d_buf[s->last_lit] = 0; \ - s->l_buf[s->last_lit++] = cc; \ + s->sym_buf[s->sym_next++] = 0; \ + s->sym_buf[s->sym_next++] = 0; \ + s->sym_buf[s->sym_next++] = cc; \ s->dyn_ltree[cc].Freq++; \ - flush = (s->last_lit == s->lit_bufsize-1); \ + flush = (s->sym_next == s->sym_end); \ } # define _tr_tally_dist(s, distance, length, flush) \ { uch len = (uch)(length); \ ush dist = (ush)(distance); \ - s->d_buf[s->last_lit] = dist; \ - s->l_buf[s->last_lit++] = len; \ + s->sym_buf[s->sym_next++] = dist; \ + s->sym_buf[s->sym_next++] = dist >> 8; \ + s->sym_buf[s->sym_next++] = len; \ dist--; \ s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \ s->dyn_dtree[d_code(dist)].Freq++; \ - flush = (s->last_lit == s->lit_bufsize-1); \ + flush = (s->sym_next == s->sym_end); \ } #else # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c) diff -Nru mozjs91-91.7.0/modules/zlib/src/trees.c mozjs91-91.10.0/modules/zlib/src/trees.c --- mozjs91-91.7.0/modules/zlib/src/trees.c 2022-03-08 14:05:05.000000000 -0500 +++ mozjs91-91.10.0/modules/zlib/src/trees.c 2022-06-01 08:35:32.000000000 -0400 @@ -416,7 +416,7 @@ s->dyn_ltree[END_BLOCK].Freq = 1; s->opt_len = s->static_len = 0L; - s->last_lit = s->matches = 0; + s->sym_next = s->matches = 0; } #define SMALLEST 1 @@ -947,7 +947,7 @@ Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, - s->last_lit)); + s->sym_next / 3)); if (static_lenb <= opt_lenb) opt_lenb = static_lenb; @@ -1016,8 +1016,9 @@ unsigned dist; /* distance of matched string */ unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ { - s->d_buf[s->last_lit] = (ush)dist; - s->l_buf[s->last_lit++] = (uch)lc; + s->sym_buf[s->sym_next++] = dist; + s->sym_buf[s->sym_next++] = dist >> 8; + s->sym_buf[s->sym_next++] = lc; if (dist == 0) { /* lc is the unmatched char */ s->dyn_ltree[lc].Freq++; @@ -1032,30 +1033,7 @@ s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++; s->dyn_dtree[d_code(dist)].Freq++; } - -#ifdef TRUNCATE_BLOCK - /* Try to guess if it is profitable to stop the current block here */ - if ((s->last_lit & 0x1fff) == 0 && s->level > 2) { - /* Compute an upper bound for the compressed length */ - ulg out_length = (ulg)s->last_lit*8L; - ulg in_length = (ulg)((long)s->strstart - s->block_start); - int dcode; - for (dcode = 0; dcode < D_CODES; dcode++) { - out_length += (ulg)s->dyn_dtree[dcode].Freq * - (5L+extra_dbits[dcode]); - } - out_length >>= 3; - Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", - s->last_lit, in_length, out_length, - 100L - out_length*100L/in_length)); - if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1; - } -#endif - return (s->last_lit == s->lit_bufsize-1); - /* We avoid equality with lit_bufsize because of wraparound at 64K - * on 16 bit machines and because stored blocks are restricted to - * 64K-1 bytes. - */ + return (s->sym_next == s->sym_end); } /* =========================================================================== @@ -1068,13 +1046,14 @@ { unsigned dist; /* distance of matched string */ int lc; /* match length or unmatched char (if dist == 0) */ - unsigned lx = 0; /* running index in l_buf */ + unsigned sx = 0; /* running index in sym_buf */ unsigned code; /* the code to send */ int extra; /* number of extra bits to send */ - if (s->last_lit != 0) do { - dist = s->d_buf[lx]; - lc = s->l_buf[lx++]; + if (s->sym_next != 0) do { + dist = s->sym_buf[sx++] & 0xff; + dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8; + lc = s->sym_buf[sx++]; if (dist == 0) { send_code(s, lc, ltree); /* send a literal byte */ Tracecv(isgraph(lc), (stderr," '%c' ", lc)); @@ -1099,11 +1078,10 @@ } } /* literal or match pair ? */ - /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ - Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx, - "pendingBuf overflow"); + /* Check that the overlay between pending_buf and sym_buf is ok: */ + Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow"); - } while (lx < s->last_lit); + } while (sx < s->sym_next); send_code(s, END_BLOCK, ltree); } diff -Nru mozjs91-91.7.0/python/mozbuild/mozbuild/action/dumpsymbols.py mozjs91-91.10.0/python/mozbuild/mozbuild/action/dumpsymbols.py --- mozjs91-91.7.0/python/mozbuild/mozbuild/action/dumpsymbols.py 2022-03-08 14:05:05.000000000 -0500 +++ mozjs91-91.10.0/python/mozbuild/mozbuild/action/dumpsymbols.py 2022-06-01 08:35:32.000000000 -0400 @@ -57,6 +57,9 @@ if objcopy: os.environ["OBJCOPY"] = objcopy + if buildconfig.substs.get("MOZ_THUNDERBIRD"): + sym_store_args.extend(["-s", os.path.join(buildconfig.topsrcdir, "comm")]) + args = ( [ sys.executable, diff -Nru mozjs91-91.7.0/third_party/rust/regex/.cargo-checksum.json mozjs91-91.10.0/third_party/rust/regex/.cargo-checksum.json --- mozjs91-91.7.0/third_party/rust/regex/.cargo-checksum.json 2022-03-08 14:05:06.000000000 -0500 +++ mozjs91-91.10.0/third_party/rust/regex/.cargo-checksum.json 2022-06-01 08:35:32.000000000 -0400 @@ -1 +1 @@ -{"files":{"CHANGELOG.md":"dc37d7389aa7f626a2a76f565b379378a63a043004674735e2b5859202b255ea","Cargo.lock":"b74b289188546209fb8b9024eb5cf7c43dc24b199cf2aaf2b11601ee24d9575d","Cargo.toml":"d5bf863bcab85700dc82190169003b7781f7985e51f7ba67a757fc2ba069ee6e","HACKING.md":"17818f7a17723608f6bdbe6388ad0a913d4f96f76a16649aaf4e274b1fa0ea97","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"6485b8ed310d3f0340bf1ad1f47645069ce4069dcc6bb46c7d5c6faf41de1fdb","PERFORMANCE.md":"0d5ef3866386918dfdefb1aa9a28cfe33cb3c8ceeb79f3f8ba5b88253dd95991","README.md":"c53b7bc36b660ca5fbd45a78e860107fa4deeaa35d23404e2ed37e5079a5352c","UNICODE.md":"a8a8399540eed000d19420135a527f400247a04572e44d124c786b870f518776","examples/regexdna-input.txt":"156a49710bb3e1ed4bc2bbb0af0f383b747b3d0281453cfff39c296124c598f8","examples/regexdna-output.txt":"35e85b19b70a893d752fd43e54e1e9da08bac43559191cea85b33387c24c4cc1","examples/shootout-regex-dna-bytes.rs":"fa2daedb4e0a05f64f33f4af62fbb0176db998e3676f8637ab684b725367a7b4","examples/shootout-regex-dna-cheat.rs":"1f871a6eaaf8372299fa3c762051112fa89a14235b03f734fc50ebd51ecaee72","examples/shootout-regex-dna-replace.rs":"32ffdf13ac6c4ce3fc32116a048e9cc682aa34cdb8e5beaf565a22addbdcd9ab","examples/shootout-regex-dna-single-cheat.rs":"809f75bf1e1917a53623eb6f1a3ce3b7d2ed98a6a1dbc0bd4853bec49a0c6f94","examples/shootout-regex-dna-single.rs":"1ab14f5703cd4be2e75a2e792e0ba1d322b9e4b14535d396805a4316d577f5bb","examples/shootout-regex-dna.rs":"20ea46ab63f91e3ac6a64e997eadd436a9cbc2f1bdade28e4512052f0e25bc34","rustfmt.toml":"1ca600239a27401c4a43f363cf3f38183a212affc1f31bff3ae93234bbaec228","src/backtrack.rs":"9018950f86564184a5dafd869a6c2cb3c4538ff302adbeccac33015f6e88f904","src/compile.rs":"84251b11081db43b712a887d424b79bdcd4738865e7df4d8667250cec553bac3","src/dfa.rs":"380580f54b0cee80c1a26caee3b4b76ad06ac63afdf8a8d351368a458454517d","src/error.rs":"71c85db839514f26ee024a689061743ea94a34eb7a3291e6c2b69b45a9682d09","src/exec.rs":"88b49098761db539e717c2965d2f56908c81aa10d91873d29a08484be7a11218","src/expand.rs":"ccba4798bd48ce40c34e91318f12258f46d8382e178a2c2b31c0d03b1ab51c5b","src/find_byte.rs":"b387247b77e3269f057c3399aefe5a815032c3af918c876f80eb4b282e4eb95e","src/freqs.rs":"255555f3d95b08a5bb3bc2f38d5a06cc100a39c0f0127fe4f50c33afa1cadc65","src/input.rs":"69595d1ea8d35351f5065ffdbf5965427d2e3fb5160a37008fa7e21d0eaa7720","src/lib.rs":"20bc28509e1853faea9581d43b21bc3ab144bb776e47fda4560082c4673854a6","src/literal/imp.rs":"5f73e0bcbee70c11041deca5ae84a8d30995963f452b29dd2fe5ab46d4978c12","src/literal/mod.rs":"533f1d68af088e9485170145e27518368e541a0337fdb44f63249ebf97310300","src/pattern.rs":"6f5909315f4542a989d9b1cee0bb3bc5b6749a665d73e32ec1c8ec4d71b78fac","src/pikevm.rs":"83423e5a94ea36e99dc6f69891ab200c1d0dadd3389ee296a816ec8d68bf556f","src/pool.rs":"942e991ae31ef349bd76efd78b2a712c01166dec965bf93742977ed0870d5a10","src/prog.rs":"78a02dcc1fc7b1d4f37a4a4eeb075eb5cc84aea1736e4de3a2cc7449a9ce5103","src/re_builder.rs":"943344bf6e2fc90902ee04b11b741c32418ac6814b21b7982cc0a3a817713f3e","src/re_bytes.rs":"c19bf2df00024e91f6f2b68be2d8971e847d6f16d7b949a04d2569736b1cdadb","src/re_set.rs":"a0cb76fafe7e33ea8c7b65aae53fa3432fc1651be186218b2284cb3c002ea966","src/re_trait.rs":"1c209fe30392b957f1bdcacdb900f222fc761a2e1634ab1c3f4ee97f315a0c22","src/re_unicode.rs":"1b25aa974065211a269e70b3636aef91e31f9ad7e395150c22e30317172169f8","src/sparse.rs":"0da3ddb7972109869248a764dbb10254555f4bb51c375e89fb3fab9cafa47320","src/testdata/LICENSE":"58cf078acc03da3e280a938c2bd9943f554fc9b6ced89ad93ba35ca436872899","src/testdata/README":"45f869e37f798905c773bfbe0ef19a5fb7e585cbf0b7c21b5b5a784e8cec3c14","src/testdata/basic.dat":"b5b33aa89d48a61cd67cb1fbfd8f70e62c83e30b86256f9f915a5190dd38ff06","src/testdata/nullsubexpr.dat":"496ac0278eec3b6d9170faace14554569032dd3d909618364d9326156de39ecf","src/testdata/repetition.dat":"1f7959063015b284b18a4a2c1c8b416d438a2d6c4b1a362da43406b865f50e69","src/utf8.rs":"708615a4859110cc9766b342a9c1da6c5c4a8a04ad239046b2725385db977efe","test":"0d62fdca7da12fc19ea5306b5de1d83e68d9365a029c043d524334da138b0304","tests/api.rs":"7b2a0ef75e99b9776094967bd66e9cdeaa8e11359f5f0a12bd08ef0e8d0c11fc","tests/api_str.rs":"2ae38c04e7e8fac008b609a820d0b1561ba75f39b0edc0987d6d3d06132da77f","tests/bytes.rs":"edc50f526c5fee43df89d639ef18b237e4eb91e9d533bfc43f3cbab7417d38ba","tests/consistent.rs":"d69435154c09478076497216e43081a835ac65147181a4fbddad7bff469605b2","tests/crates_regex.rs":"91a59d470e0700b4bcb3ff735d06799f3107b8ef4875a2e9904607b164be0326","tests/crazy.rs":"c0d56380dff19bdd5d7a3eb731d0e2dc564e169a1b73c81e1879b1e87f5f5f77","tests/flags.rs":"05caace2c81a99d2168037f3a38035d4dffe9f85ef3ebd7ef18b1bc6612f1ea8","tests/fowler.rs":"d78cf914de40b1e125cc92b65ccb444d462586bd07b5e05de4e4a1b5de16aa76","tests/macros.rs":"6db70c16fc90df13e6b30d2b606f8b6dd4dc976697967f6ee001b15aab6d0b19","tests/macros_bytes.rs":"a049f528a93173a1bb176cd46932dce1880679f4a1752e099be920f0e4546fd0","tests/macros_str.rs":"e585b1461374c45a2eca44ca045bc3c1fe984b2b4212e432b0c695b420e708b7","tests/misc.rs":"395f52793fa022e4cdda78675b6a6fba1a3106b4b99c834c39f7801574054bd1","tests/multiline.rs":"1b1a3326ed976437c1357f01d81833ece7ea244f38826246eab55cacd5d0862a","tests/noparse.rs":"12b6be0eff3d80779d33c6459396c74c0f6ebf4ddc9f1d33c3e747ea9e3bf268","tests/regression.rs":"4d4aecf57ce5accf73fe8818267e8d45c9a15896d40093a5b5e1a09007a121a1","tests/regression_fuzz.rs":"a504ec563e0d23bd2039493b7b1767fe1f831d7d668f6f4b2ecd124fc7899bcd","tests/replace.rs":"0efa042c0d531911e8ac41ce98a6b60236cbf40954102c59f9f6dea78d9d74dd","tests/searcher.rs":"ce35e47b0a276a7e8c9060c6a0b225ffba163aebc61fbc15555a6897fa0e552c","tests/set.rs":"f1e2af6baeeaed3cc99ed347ff516fe7b2eb0027ef64b891502e1486598eaf8a","tests/shortest_match.rs":"a2c94390c0d61bc24796b4c1288c924e90c8c9c6156fdebb858175177a194a42","tests/suffix_reverse.rs":"b95f89397404871227d9efe6df23b9ded147f183db81597e608f693955c668b5","tests/test_backtrack.rs":"b70c5e5f1241efd76dd9f9dd4a4df8a7b38113bd407d1f5f56867f1176177a59","tests/test_backtrack_bytes.rs":"b8a111d4b4109c8bba7e2afb650572c495a14d357fb1f743c1076fb001f704b5","tests/test_backtrack_utf8bytes.rs":"c0c279785d18beac2b4e178e7bf6c14ed235d65f00ca467cfd9c333d79487649","tests/test_crates_regex.rs":"fd9525c2eef0e2f8cb7f787bc2b721bcd0b5d84f3bca49adfe48d657a99c721a","tests/test_default.rs":"9dadd426a991683e601d3e52b1f6a551d531a23408ea791e5446eae83a3e8b6c","tests/test_default_bytes.rs":"831d3e6bfb882feb15f700e30304bd34328f888fb4c15c7169371e25024ce9a7","tests/test_nfa.rs":"f119fc43a018249c39c813d57096b0654ff69f337345f2bbd9b0e61cc9137285","tests/test_nfa_bytes.rs":"89eae3bef6a1d0bcea6b5de5be35ad72f613f2ceb8b58fe82a6c6ef2ccdc07d0","tests/test_nfa_utf8bytes.rs":"7d830b4aa401887d7cf098b62fed4cd8017ef8b61f625c7c9a2159a6b4cfeb71","tests/unicode.rs":"4bf85f5c3d547fa8b5623194a09b6413067499dfbe7c1d29d8b50bf1cddacf6b","tests/word_boundary.rs":"7081317ddcec1e82dd4a2090a571c6abf2ff4bbfa8cd10395e1eb3f386157fae","tests/word_boundary_ascii.rs":"cd0be5b5b485de0ba7994b42e2864585556c3d2d8bf5eab05b58931d9aaf4b87","tests/word_boundary_unicode.rs":"75dbcc35d3abc0f9795c2ea99e216dc227b0a5b58e9ca5eef767815ff0513921"},"package":"d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461"} \ No newline at end of file +{"files":{"CHANGELOG.md":"dc37d7389aa7f626a2a76f565b379378a63a043004674735e2b5859202b255ea","Cargo.lock":"68805a2737aad9b6520868b2f85dbe638c4efb9f4aef759226a129edb5940434","Cargo.toml":"5678757a6bafcac57c7a3b51655ef978901112eb0629976a402560db5f948f56","HACKING.md":"17818f7a17723608f6bdbe6388ad0a913d4f96f76a16649aaf4e274b1fa0ea97","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"6485b8ed310d3f0340bf1ad1f47645069ce4069dcc6bb46c7d5c6faf41de1fdb","PERFORMANCE.md":"0d5ef3866386918dfdefb1aa9a28cfe33cb3c8ceeb79f3f8ba5b88253dd95991","README.md":"6125b1c70b9b560412529c54dc6aacdfd39cc82f69b5ad7776fa86e4cb720347","UNICODE.md":"a8a8399540eed000d19420135a527f400247a04572e44d124c786b870f518776","examples/regexdna-input.txt":"156a49710bb3e1ed4bc2bbb0af0f383b747b3d0281453cfff39c296124c598f8","examples/regexdna-output.txt":"35e85b19b70a893d752fd43e54e1e9da08bac43559191cea85b33387c24c4cc1","examples/shootout-regex-dna-bytes.rs":"fa2daedb4e0a05f64f33f4af62fbb0176db998e3676f8637ab684b725367a7b4","examples/shootout-regex-dna-cheat.rs":"1f871a6eaaf8372299fa3c762051112fa89a14235b03f734fc50ebd51ecaee72","examples/shootout-regex-dna-replace.rs":"32ffdf13ac6c4ce3fc32116a048e9cc682aa34cdb8e5beaf565a22addbdcd9ab","examples/shootout-regex-dna-single-cheat.rs":"809f75bf1e1917a53623eb6f1a3ce3b7d2ed98a6a1dbc0bd4853bec49a0c6f94","examples/shootout-regex-dna-single.rs":"1ab14f5703cd4be2e75a2e792e0ba1d322b9e4b14535d396805a4316d577f5bb","examples/shootout-regex-dna.rs":"20ea46ab63f91e3ac6a64e997eadd436a9cbc2f1bdade28e4512052f0e25bc34","rustfmt.toml":"1ca600239a27401c4a43f363cf3f38183a212affc1f31bff3ae93234bbaec228","src/backtrack.rs":"9018950f86564184a5dafd869a6c2cb3c4538ff302adbeccac33015f6e88f904","src/compile.rs":"5c834c2125abc10d0de3c377e34b1f2e2c10b837809631b1c688d3b536368cfd","src/dfa.rs":"2dfed56e1bd3506d328a3d2031aaa15dd87a7561f92f1a9fc1946a14cfbb64ae","src/error.rs":"71c85db839514f26ee024a689061743ea94a34eb7a3291e6c2b69b45a9682d09","src/exec.rs":"88b49098761db539e717c2965d2f56908c81aa10d91873d29a08484be7a11218","src/expand.rs":"ccba4798bd48ce40c34e91318f12258f46d8382e178a2c2b31c0d03b1ab51c5b","src/find_byte.rs":"b387247b77e3269f057c3399aefe5a815032c3af918c876f80eb4b282e4eb95e","src/freqs.rs":"255555f3d95b08a5bb3bc2f38d5a06cc100a39c0f0127fe4f50c33afa1cadc65","src/input.rs":"69595d1ea8d35351f5065ffdbf5965427d2e3fb5160a37008fa7e21d0eaa7720","src/lib.rs":"20bc28509e1853faea9581d43b21bc3ab144bb776e47fda4560082c4673854a6","src/literal/imp.rs":"5f73e0bcbee70c11041deca5ae84a8d30995963f452b29dd2fe5ab46d4978c12","src/literal/mod.rs":"533f1d68af088e9485170145e27518368e541a0337fdb44f63249ebf97310300","src/pattern.rs":"6f5909315f4542a989d9b1cee0bb3bc5b6749a665d73e32ec1c8ec4d71b78fac","src/pikevm.rs":"83423e5a94ea36e99dc6f69891ab200c1d0dadd3389ee296a816ec8d68bf556f","src/pool.rs":"942e991ae31ef349bd76efd78b2a712c01166dec965bf93742977ed0870d5a10","src/prog.rs":"78a02dcc1fc7b1d4f37a4a4eeb075eb5cc84aea1736e4de3a2cc7449a9ce5103","src/re_builder.rs":"943344bf6e2fc90902ee04b11b741c32418ac6814b21b7982cc0a3a817713f3e","src/re_bytes.rs":"c19bf2df00024e91f6f2b68be2d8971e847d6f16d7b949a04d2569736b1cdadb","src/re_set.rs":"a0cb76fafe7e33ea8c7b65aae53fa3432fc1651be186218b2284cb3c002ea966","src/re_trait.rs":"1c209fe30392b957f1bdcacdb900f222fc761a2e1634ab1c3f4ee97f315a0c22","src/re_unicode.rs":"122df2eecd8727a4169fe7efb0925a1767fdfa2e290d9b90ca0beaa137b5abfa","src/sparse.rs":"0da3ddb7972109869248a764dbb10254555f4bb51c375e89fb3fab9cafa47320","src/testdata/LICENSE":"58cf078acc03da3e280a938c2bd9943f554fc9b6ced89ad93ba35ca436872899","src/testdata/README":"45f869e37f798905c773bfbe0ef19a5fb7e585cbf0b7c21b5b5a784e8cec3c14","src/testdata/basic.dat":"b5b33aa89d48a61cd67cb1fbfd8f70e62c83e30b86256f9f915a5190dd38ff06","src/testdata/nullsubexpr.dat":"496ac0278eec3b6d9170faace14554569032dd3d909618364d9326156de39ecf","src/testdata/repetition.dat":"1f7959063015b284b18a4a2c1c8b416d438a2d6c4b1a362da43406b865f50e69","src/utf8.rs":"708615a4859110cc9766b342a9c1da6c5c4a8a04ad239046b2725385db977efe","test":"0d62fdca7da12fc19ea5306b5de1d83e68d9365a029c043d524334da138b0304","tests/api.rs":"7b2a0ef75e99b9776094967bd66e9cdeaa8e11359f5f0a12bd08ef0e8d0c11fc","tests/api_str.rs":"2ae38c04e7e8fac008b609a820d0b1561ba75f39b0edc0987d6d3d06132da77f","tests/bytes.rs":"edc50f526c5fee43df89d639ef18b237e4eb91e9d533bfc43f3cbab7417d38ba","tests/consistent.rs":"d69435154c09478076497216e43081a835ac65147181a4fbddad7bff469605b2","tests/crates_regex.rs":"91a59d470e0700b4bcb3ff735d06799f3107b8ef4875a2e9904607b164be0326","tests/crazy.rs":"c0d56380dff19bdd5d7a3eb731d0e2dc564e169a1b73c81e1879b1e87f5f5f77","tests/flags.rs":"05caace2c81a99d2168037f3a38035d4dffe9f85ef3ebd7ef18b1bc6612f1ea8","tests/fowler.rs":"d78cf914de40b1e125cc92b65ccb444d462586bd07b5e05de4e4a1b5de16aa76","tests/macros.rs":"6db70c16fc90df13e6b30d2b606f8b6dd4dc976697967f6ee001b15aab6d0b19","tests/macros_bytes.rs":"a049f528a93173a1bb176cd46932dce1880679f4a1752e099be920f0e4546fd0","tests/macros_str.rs":"e585b1461374c45a2eca44ca045bc3c1fe984b2b4212e432b0c695b420e708b7","tests/misc.rs":"395f52793fa022e4cdda78675b6a6fba1a3106b4b99c834c39f7801574054bd1","tests/multiline.rs":"1b1a3326ed976437c1357f01d81833ece7ea244f38826246eab55cacd5d0862a","tests/noparse.rs":"12b6be0eff3d80779d33c6459396c74c0f6ebf4ddc9f1d33c3e747ea9e3bf268","tests/regression.rs":"4d4aecf57ce5accf73fe8818267e8d45c9a15896d40093a5b5e1a09007a121a1","tests/regression_fuzz.rs":"a504ec563e0d23bd2039493b7b1767fe1f831d7d668f6f4b2ecd124fc7899bcd","tests/replace.rs":"0efa042c0d531911e8ac41ce98a6b60236cbf40954102c59f9f6dea78d9d74dd","tests/searcher.rs":"ce35e47b0a276a7e8c9060c6a0b225ffba163aebc61fbc15555a6897fa0e552c","tests/set.rs":"f1e2af6baeeaed3cc99ed347ff516fe7b2eb0027ef64b891502e1486598eaf8a","tests/shortest_match.rs":"a2c94390c0d61bc24796b4c1288c924e90c8c9c6156fdebb858175177a194a42","tests/suffix_reverse.rs":"b95f89397404871227d9efe6df23b9ded147f183db81597e608f693955c668b5","tests/test_backtrack.rs":"b70c5e5f1241efd76dd9f9dd4a4df8a7b38113bd407d1f5f56867f1176177a59","tests/test_backtrack_bytes.rs":"b8a111d4b4109c8bba7e2afb650572c495a14d357fb1f743c1076fb001f704b5","tests/test_backtrack_utf8bytes.rs":"c0c279785d18beac2b4e178e7bf6c14ed235d65f00ca467cfd9c333d79487649","tests/test_crates_regex.rs":"fd9525c2eef0e2f8cb7f787bc2b721bcd0b5d84f3bca49adfe48d657a99c721a","tests/test_default.rs":"c2dfa0298896f86f1be2abf6b0c347a7ca12f95aeac92bf614dc3b86bdfff269","tests/test_default_bytes.rs":"831d3e6bfb882feb15f700e30304bd34328f888fb4c15c7169371e25024ce9a7","tests/test_nfa.rs":"f119fc43a018249c39c813d57096b0654ff69f337345f2bbd9b0e61cc9137285","tests/test_nfa_bytes.rs":"89eae3bef6a1d0bcea6b5de5be35ad72f613f2ceb8b58fe82a6c6ef2ccdc07d0","tests/test_nfa_utf8bytes.rs":"7d830b4aa401887d7cf098b62fed4cd8017ef8b61f625c7c9a2159a6b4cfeb71","tests/unicode.rs":"4bf85f5c3d547fa8b5623194a09b6413067499dfbe7c1d29d8b50bf1cddacf6b","tests/word_boundary.rs":"7081317ddcec1e82dd4a2090a571c6abf2ff4bbfa8cd10395e1eb3f386157fae","tests/word_boundary_ascii.rs":"cd0be5b5b485de0ba7994b42e2864585556c3d2d8bf5eab05b58931d9aaf4b87","tests/word_boundary_unicode.rs":"75dbcc35d3abc0f9795c2ea99e216dc227b0a5b58e9ca5eef767815ff0513921"},"package":"1a11647b6b25ff05a515cb92c365cec08801e83423a235b51e231e1808747286"} \ No newline at end of file diff -Nru mozjs91-91.7.0/third_party/rust/regex/Cargo.lock mozjs91-91.10.0/third_party/rust/regex/Cargo.lock --- mozjs91-91.7.0/third_party/rust/regex/Cargo.lock 2022-03-08 14:05:06.000000000 -0500 +++ mozjs91-91.10.0/third_party/rust/regex/Cargo.lock 2022-06-01 08:35:32.000000000 -0400 @@ -36,9 +36,9 @@ [[package]] name = "libc" -version = "0.2.80" +version = "0.2.94" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d58d1b70b004888f764dfbf6a26a3b0342a1632d33968e4a179d8011c760614" +checksum = "18794a8ad5b29321f790b55d93dfba91e125cb1a9edbd4f8e3150acc771c1a5e" [[package]] name = "memchr" @@ -75,7 +75,7 @@ [[package]] name = "regex" -version = "1.5.4" +version = "1.5.5" dependencies = [ "aho-corasick", "lazy_static", diff -Nru mozjs91-91.7.0/third_party/rust/regex/Cargo.toml mozjs91-91.10.0/third_party/rust/regex/Cargo.toml --- mozjs91-91.7.0/third_party/rust/regex/Cargo.toml 2022-03-08 14:05:06.000000000 -0500 +++ mozjs91-91.10.0/third_party/rust/regex/Cargo.toml 2022-06-01 08:35:32.000000000 -0400 @@ -3,27 +3,33 @@ # When uploading crates to the registry Cargo will automatically # "normalize" Cargo.toml files for maximal compatibility # with all versions of Cargo and also rewrite `path` dependencies -# to registry (e.g., crates.io) dependencies +# to registry (e.g., crates.io) dependencies. # -# If you believe there's an error in this file please file an -# issue against the rust-lang/cargo repository. If you're -# editing this file be aware that the upstream Cargo.toml -# will likely look very different (and much more reasonable) +# If you are reading this file be aware that the original Cargo.toml +# will likely look very different (and much more reasonable). +# See Cargo.toml.orig for the original contents. [package] edition = "2018" name = "regex" -version = "1.5.4" +version = "1.5.5" authors = ["The Rust Project Developers"] -exclude = ["/scripts/*", "/.github/*"] +exclude = [ + "/scripts/*", + "/.github/*", +] autotests = false -description = "An implementation of regular expressions for Rust. This implementation uses\nfinite automata and guarantees linear time matching on all inputs.\n" +description = """ +An implementation of regular expressions for Rust. This implementation uses +finite automata and guarantees linear time matching on all inputs. +""" homepage = "https://github.com/rust-lang/regex" documentation = "https://docs.rs/regex" readme = "README.md" categories = ["text-processing"] license = "MIT OR Apache-2.0" repository = "https://github.com/rust-lang/regex" + [profile.bench] debug = true @@ -72,6 +78,7 @@ [[test]] name = "crates-regex" path = "tests/test_crates_regex.rs" + [dependencies.aho-corasick] version = "0.7.18" optional = true @@ -83,6 +90,7 @@ [dependencies.regex-syntax] version = "0.6.25" default-features = false + [dev-dependencies.lazy_static] version = "1" @@ -92,19 +100,44 @@ [dev-dependencies.rand] version = "0.8.3" -features = ["getrandom", "small_rng"] +features = [ + "getrandom", + "small_rng", +] default-features = false [features] -default = ["std", "perf", "unicode", "regex-syntax/default"] +default = [ + "std", + "perf", + "unicode", + "regex-syntax/default", +] pattern = [] -perf = ["perf-cache", "perf-dfa", "perf-inline", "perf-literal"] +perf = [ + "perf-cache", + "perf-dfa", + "perf-inline", + "perf-literal", +] perf-cache = [] perf-dfa = [] perf-inline = [] -perf-literal = ["aho-corasick", "memchr"] +perf-literal = [ + "aho-corasick", + "memchr", +] std = [] -unicode = ["unicode-age", "unicode-bool", "unicode-case", "unicode-gencat", "unicode-perl", "unicode-script", "unicode-segment", "regex-syntax/unicode"] +unicode = [ + "unicode-age", + "unicode-bool", + "unicode-case", + "unicode-gencat", + "unicode-perl", + "unicode-script", + "unicode-segment", + "regex-syntax/unicode", +] unicode-age = ["regex-syntax/unicode-age"] unicode-bool = ["regex-syntax/unicode-bool"] unicode-case = ["regex-syntax/unicode-case"] diff -Nru mozjs91-91.7.0/third_party/rust/regex/README.md mozjs91-91.10.0/third_party/rust/regex/README.md --- mozjs91-91.7.0/third_party/rust/regex/README.md 2022-03-08 14:05:06.000000000 -0500 +++ mozjs91-91.10.0/third_party/rust/regex/README.md 2022-06-01 08:35:32.000000000 -0400 @@ -8,7 +8,7 @@ by [RE2](https://github.com/google/re2). [![Build status](https://github.com/rust-lang/regex/workflows/ci/badge.svg)](https://github.com/rust-lang/regex/actions) -[![](https://meritbadge.herokuapp.com/regex)](https://crates.io/crates/regex) +[![Crates.io](https://img.shields.io/crates/v/regex.svg)](https://crates.io/crates/regex) [![Rust](https://img.shields.io/badge/rust-1.41.1%2B-blue.svg?maxAge=3600)](https://github.com/rust-lang/regex) ### Documentation diff -Nru mozjs91-91.7.0/third_party/rust/regex/src/compile.rs mozjs91-91.10.0/third_party/rust/regex/src/compile.rs --- mozjs91-91.7.0/third_party/rust/regex/src/compile.rs 2022-03-08 14:05:06.000000000 -0500 +++ mozjs91-91.10.0/third_party/rust/regex/src/compile.rs 2022-06-01 08:35:32.000000000 -0400 @@ -38,6 +38,16 @@ suffix_cache: SuffixCache, utf8_seqs: Option, byte_classes: ByteClassSet, + // This keeps track of extra bytes allocated while compiling the regex + // program. Currently, this corresponds to two things. First is the heap + // memory allocated by Unicode character classes ('InstRanges'). Second is + // a "fake" amount of memory used by empty sub-expressions, so that enough + // empty sub-expressions will ultimately trigger the compiler to bail + // because of a size limit restriction. (That empty sub-expressions don't + // add to heap memory usage is more-or-less an implementation detail.) In + // the second case, if we don't bail, then an excessively large repetition + // on an empty sub-expression can result in the compiler using a very large + // amount of CPU time. extra_inst_bytes: usize, } @@ -260,7 +270,7 @@ self.check_size()?; match *expr.kind() { - Empty => Ok(None), + Empty => self.c_empty(), Literal(hir::Literal::Unicode(c)) => self.c_char(c), Literal(hir::Literal::Byte(b)) => { assert!(self.compiled.uses_bytes()); @@ -378,6 +388,19 @@ } } + fn c_empty(&mut self) -> ResultOrEmpty { + // See: https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8 + // See: CVE-2022-24713 + // + // Since 'empty' sub-expressions don't increase the size of + // the actual compiled object, we "fake" an increase in its + // size so that our 'check_size_limit' routine will eventually + // stop compilation if there are too many empty sub-expressions + // (e.g., via a large repetition). + self.extra_inst_bytes += std::mem::size_of::(); + Ok(None) + } + fn c_capture(&mut self, first_slot: usize, expr: &Hir) -> ResultOrEmpty { if self.num_exprs > 1 || self.compiled.is_dfa { // Don't ever compile Save instructions for regex sets because @@ -496,7 +519,7 @@ let mut exprs = exprs.into_iter(); let Patch { mut hole, entry } = loop { match exprs.next() { - None => return Ok(None), + None => return self.c_empty(), Some(e) => { if let Some(p) = self.c(e)? { break p; diff -Nru mozjs91-91.7.0/third_party/rust/regex/src/dfa.rs mozjs91-91.10.0/third_party/rust/regex/src/dfa.rs --- mozjs91-91.7.0/third_party/rust/regex/src/dfa.rs 2022-03-08 14:05:06.000000000 -0500 +++ mozjs91-91.10.0/third_party/rust/regex/src/dfa.rs 2022-06-01 08:35:32.000000000 -0400 @@ -1353,7 +1353,6 @@ match self.cache.trans.next(si, self.byte_class(b)) { STATE_UNKNOWN => self.exec_byte(qcur, qnext, si, b), STATE_QUIT => None, - STATE_DEAD => Some(STATE_DEAD), nsi => Some(nsi), } } @@ -1387,7 +1386,6 @@ }; match self.cache.start_states[flagi] { STATE_UNKNOWN => {} - STATE_DEAD => return Some(STATE_DEAD), si => return Some(si), } q.clear(); diff -Nru mozjs91-91.7.0/third_party/rust/regex/src/re_unicode.rs mozjs91-91.10.0/third_party/rust/regex/src/re_unicode.rs --- mozjs91-91.7.0/third_party/rust/regex/src/re_unicode.rs 2022-03-08 14:05:06.000000000 -0500 +++ mozjs91-91.10.0/third_party/rust/regex/src/re_unicode.rs 2022-06-01 08:35:32.000000000 -0400 @@ -538,7 +538,7 @@ mut rep: R, ) -> Cow<'t, str> { // If we know that the replacement doesn't have any capture expansions, - // then we can fast path. The fast path can make a tremendous + // then we can use the fast path. The fast path can make a tremendous // difference: // // 1) We use `find_iter` instead of `captures_iter`. Not asking for diff -Nru mozjs91-91.7.0/third_party/rust/regex/tests/test_default.rs mozjs91-91.10.0/third_party/rust/regex/tests/test_default.rs --- mozjs91-91.7.0/third_party/rust/regex/tests/test_default.rs 2022-03-08 14:05:06.000000000 -0500 +++ mozjs91-91.10.0/third_party/rust/regex/tests/test_default.rs 2022-06-01 08:35:32.000000000 -0400 @@ -150,3 +150,73 @@ assert_eq!(16, size_of::()); assert_eq!(16, size_of::()); } + +// See: https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8 +// See: CVE-2022-24713 +// +// We test that our regex compiler will correctly return a "too big" error when +// we try to use a very large repetition on an *empty* sub-expression. +// +// At the time this test was written, the regex compiler does not represent +// empty sub-expressions with any bytecode instructions. In effect, it's an +// "optimization" to leave them out, since they would otherwise correspond +// to an unconditional JUMP in the regex bytecode (i.e., an unconditional +// epsilon transition in the NFA graph). Therefore, an empty sub-expression +// represents an interesting case for the compiler's size limits. Since it +// doesn't actually contribute any additional memory to the compiled regex +// instructions, the size limit machinery never detects it. Instead, it just +// dumbly tries to compile the empty sub-expression N times, where N is the +// repetition size. +// +// When N is very large, this will cause the compiler to essentially spin and +// do nothing for a decently large amount of time. It causes the regex to take +// quite a bit of time to compile, despite the concrete syntax of the regex +// being quite small. +// +// The degree to which this is actually a problem is somewhat of a judgment +// call. Some regexes simply take a long time to compile. But in general, you +// should be able to reasonably control this by setting lower or higher size +// limits on the compiled object size. But this mitigation doesn't work at all +// for this case. +// +// This particular test is somewhat narrow. It merely checks that regex +// compilation will, at some point, return a "too big" error. Before the +// fix landed, this test would eventually fail because the regex would be +// successfully compiled (after enough time elapsed). So while this test +// doesn't check that we exit in a reasonable amount of time, it does at least +// check that we are properly returning an error at some point. +#[test] +fn big_empty_regex_fails() { + use regex::Regex; + + let result = Regex::new("(?:){4294967295}"); + assert!(result.is_err()); +} + +// Below is a "billion laughs" variant of the previous test case. +#[test] +fn big_empty_reps_chain_regex_fails() { + use regex::Regex; + + let result = Regex::new("(?:){64}{64}{64}{64}{64}{64}"); + assert!(result.is_err()); +} + +// Below is another situation where a zero-length sub-expression can be +// introduced. +#[test] +fn big_zero_reps_regex_fails() { + use regex::Regex; + + let result = Regex::new(r"x{0}{4294967295}"); + assert!(result.is_err()); +} + +// Testing another case for completeness. +#[test] +fn empty_alt_regex_fails() { + use regex::Regex; + + let result = Regex::new(r"(?:|){4294967295}"); + assert!(result.is_err()); +}