Overview

File mozjs115-CVE-2025-62813.patch of Package mozjs115

From f64efec011c058bd70348576438abac222fe6c82 Mon Sep 17 00:00:00 2001
From: louislafosse <louis.lafosse@epitech.eu>
Date: Mon, 31 Mar 2025 20:48:52 +0200
Subject: [PATCH] fix(null) : improve error handlings when passing a null
 pointer to some functions from lz4frame

---
diff -urp firefox-128.14.0.orig/mfbt/lz4/lz4frame.c firefox-128.14.0/mfbt/lz4/lz4frame.c
--- firefox-128.14.0.orig/mfbt/lz4/lz4frame.c	2025-08-11 12:07:22.000000000 -0500
+++ firefox-128.14.0/mfbt/lz4/lz4frame.c	2025-10-28 16:01:27.109234208 -0500
@@ -530,9 +530,16 @@ LZ4F_CDict*
 LZ4F_createCDict_advanced(LZ4F_CustomMem cmem, const void* dictBuffer, size_t dictSize)
 {
     const char* dictStart = (const char*)dictBuffer;
-    LZ4F_CDict* const cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem);
+    LZ4F_CDict* cdict = NULL;
+
     DEBUGLOG(4, "LZ4F_createCDict_advanced");
-    if (!cdict) return NULL;
+
+    if (!dictStart)
+        return NULL;
+    cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem);
+    if (!cdict)
+        return NULL;
+
     cdict->cmem = cmem;
     if (dictSize > 64 KB) {
         dictStart += dictSize - 64 KB;
@@ -1429,6 +1436,10 @@ LZ4F_errorCode_t LZ4F_getFrameInfo(LZ4F_
                                    LZ4F_frameInfo_t* frameInfoPtr,
                              const void* srcBuffer, size_t* srcSizePtr)
 {
+    assert(dctx != NULL);
+    RETURN_ERROR_IF(frameInfoPtr == NULL, parameter_null);
+    RETURN_ERROR_IF(srcSizePtr == NULL, parameter_null);
+
     LZ4F_STATIC_ASSERT(dstage_getFrameHeader < dstage_storeFrameHeader);
     if (dctx->dStage > dstage_storeFrameHeader) {
         /* frameInfo already decoded */
openSUSE Build Service is sponsored by
Places