Fix CVE-2022-34481

CVE-2022-34481.patch

@@ -0,0 +1,26 @@
+From a928758612e67c4496bd9acf48bf66259c809782 Mon Sep 17 00:00:00 2001
+From: Nika Layzell <nika@thelayzells.com>
+Date: Tue, 07 Jun 2022 17:06:41 +0000 (24 months ago)
+Subject: [PATCH] CVE-2022-34481
+
+---
+ xpcom/ds/nsTArray.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/xpcom/ds/nsTArray.h b/xpcom/ds/nsTArray.h
+index e368968359..61d7586233 100644
+--- a/xpcom/ds/nsTArray.h
++++ b/xpcom/ds/nsTArray.h
+@@ -2351,6 +2351,9 @@ auto nsTArray_Impl<E, Alloc>::ReplaceElementsAtInternal(index_type aStart,
+   if (MOZ_UNLIKELY(aStart > Length())) {
+     InvalidArrayIndex_CRASH(aStart, Length());
+   }
++  if (MOZ_UNLIKELY(aCount > Length() - aStart)) {
++    InvalidArrayIndex_CRASH(aStart + aCount, Length());
++  }
+ 
+   // Adjust memory allocation up-front to catch errors.
+   if (!ActualAlloc::Successful(this->template EnsureCapacity<ActualAlloc>(
+-- 
+2.27.0
+

mozjs78.spec

@@ -2,7 +2,7 @@
 
 Name:           mozjs%{major}
 Version:        78.4.0
-Release:        4
+Release:        5
 Summary:        SpiderMonkey JavaScript library
 License:        MPLv2.0 and MPLv1.1 and BSD and GPLv2+ and GPLv3+ and LGPLv2+ and AFL and ASL 2.0
 URL:            https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey
@@ -27,6 +27,7 @@ Patch11:        backport-CVE-2023-23599.patch
 Patch12:        backport-CVE-2023-23601.patch
 Patch13:        backport-CVE-2023-23602.patch
 Patch14:        CVE-2021-29946.patch
+Patch15:        CVE-2022-34481.patch
 
 BuildRequires:  autoconf213 cargo clang-devel gcc gcc-c++ perl-devel pkgconfig(libffi) pkgconfig(zlib) 
 BuildRequires:  python3-devel python3-six readline-devel zip nasm llvm llvm-devel icu rust
@@ -106,6 +107,9 @@ popd
 %doc js/src/README.html
 
 %changelog
+* Mon May 27 2024 lvfei <lvfei@kylinos.cn> - - 78.4.0-5
+- Fix CVE-2022-34481
+
 * Mon May 13 2024 lvfei <lvfei@kylinos.cn> - - 78.4.0-4
 - fix CVE-2021-29946