guix-devel/gnu/packages/patches/icecat-CVE-2015-0818-pt1.patch

From 79dddb16aaa58f5b5cef49dac6d234f500af3baf Mon Sep 17 00:00:00 2001
From: Olli Pettay <Olli.Pettay@helsinki.fi>
Date: Thu, 19 Mar 2015 21:53:32 -0400
Subject: [PATCH] Bug 1144988 - Don't let other pages to load while doing
 scroll-to-anchor. r=bz, a=lmandel

---
 docshell/base/nsDocShell.cpp | 23 ++++++++++++++---------
 docshell/base/nsDocShell.h   |  1 +
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index 887c910..14ff3f2 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -4204,8 +4204,8 @@ nsDocShell::IsPrintingOrPP(bool aDisplayErrorDialog)
 bool
 nsDocShell::IsNavigationAllowed(bool aDisplayPrintErrorDialog)
 {
-  bool isAllowed = !IsPrintingOrPP(aDisplayPrintErrorDialog) && !mFiredUnloadEvent;
-  if (!isAllowed) {
+  bool isAllowed = !IsPrintingOrPP(aDisplayPrintErrorDialog) &&
+                   !mFiredUnloadEvent && !mBlockNavigation;  if (!isAllowed) {
     return false;
   }
   if (!mContentViewer) {
@@ -9321,13 +9321,18 @@ nsDocShell::InternalLoad(nsIURI * aURI,
             GetCurScrollPos(ScrollOrientation_X, &cx);
             GetCurScrollPos(ScrollOrientation_Y, &cy);
 
-            // ScrollToAnchor doesn't necessarily cause us to scroll the window;
-            // the function decides whether a scroll is appropriate based on the
-            // arguments it receives.  But even if we don't end up scrolling,
-            // ScrollToAnchor performs other important tasks, such as informing
-            // the presShell that we have a new hash.  See bug 680257.
-            rv = ScrollToAnchor(curHash, newHash, aLoadType);
-            NS_ENSURE_SUCCESS(rv, rv);
+            {
+                AutoRestore<bool> scrollingToAnchor(mBlockNavigation);
+                mBlockNavigation = true;
+
+                // ScrollToAnchor doesn't necessarily cause us to scroll the window;
+                // the function decides whether a scroll is appropriate based on the
+                // arguments it receives.  But even if we don't end up scrolling,
+                // ScrollToAnchor performs other important tasks, such as informing
+                // the presShell that we have a new hash.  See bug 680257.
+                rv = ScrollToAnchor(curHash, newHash, aLoadType);
+                NS_ENSURE_SUCCESS(rv, rv);
+            }
 
             // Reset mLoadType to its original value once we exit this block,
             // because this short-circuited load might have started after a
diff --git a/docshell/base/nsDocShell.h b/docshell/base/nsDocShell.h
index c191777..be353ee 100644
--- a/docshell/base/nsDocShell.h
+++ b/docshell/base/nsDocShell.h
@@ -835,6 +835,7 @@ protected:
     bool                       mInPrivateBrowsing;
     bool                       mUseRemoteTabs;
     bool                       mDeviceSizeIsPageSize;
+    bool                       mBlockNavigation;
 
     // Because scriptability depends on the mAllowJavascript values of our
     // ancestors, we cache the effective scriptability and recompute it when
-- 
2.2.1