From b8621b8f5787aa82f933a52c21e9b5567145dbeb Mon Sep 17 00:00:00 2001
From: lvfei <lvfei@kylinos.cn>
Date: Wed, 28 Aug 2024 10:07:46 +0800
Subject: [PATCH] Fix CVE-2024-0745

(cherry picked from commit 92eb53e62c8bf05a108b892c7d702825e629a98a)
---
 CVE-2024-0745.patch | 34 ++++++++++++++++++++++++++++++++++
 firefox.spec        | 11 ++++++++---
 2 files changed, 42 insertions(+), 3 deletions(-)
 create mode 100644 CVE-2024-0745.patch

diff --git a/CVE-2024-0745.patch b/CVE-2024-0745.patch
new file mode 100644
index 0000000..2dba56f
--- /dev/null
+++ b/CVE-2024-0745.patch
@@ -0,0 +1,34 @@
+From ac6bc755e84784d3bea75eb63b9156c49e95019c Mon Sep 17 00:00:00 2001
+From: Karl Tomlinson <karlt+@karlt.net>
+Date: Sun, 07 Jan 2024 23:24:05 +0000 (7 months ago)
+Subject: [PATCH] CVE-2024-0745
+
+---
+ dom/media/webaudio/OscillatorNode.cpp | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/dom/media/webaudio/OscillatorNode.cpp b/dom/media/webaudio/OscillatorNode.cpp
+index 2089ce170c..1427f9ece0 100644
+--- a/dom/media/webaudio/OscillatorNode.cpp
++++ b/dom/media/webaudio/OscillatorNode.cpp
+@@ -293,7 +293,8 @@ class OscillatorNodeEngine final : public AudioNodeEngine {
+       return;
+     }
+ 
+-    if (ticks + WEBAUDIO_BLOCK_SIZE <= mStart || ticks >= mStop) {
++    if (ticks + WEBAUDIO_BLOCK_SIZE <= mStart || ticks >= mStop ||
++         mStop <= mStart) {
+       ComputeSilence(aOutput);
+ 
+     } else {
+@@ -302,6 +303,7 @@ class OscillatorNodeEngine final : public AudioNodeEngine {
+ 
+       uint32_t start, end;
+       FillBounds(output, ticks, start, end);
++      MOZ_ASSERT(start < end);
+ 
+       // Synthesize the correct waveform.
+       switch (mType) {
+-- 
+2.33.0
+
diff --git a/firefox.spec b/firefox.spec
index 338ed90..de6c258 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -148,7 +148,7 @@
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
 Version:        102.15.0
-Release:        6
+Release:        7
 URL:            https://www.mozilla.org/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 
@@ -246,6 +246,7 @@ Patch429:        CVE-2023-5217.patch
 Patch430:        CVE-2023-7104.patch
 Patch431:        CVE-2022-3479.patch
 Patch432:        CVE-2023-44488.patch
+Patch433:        CVE-2024-0745.patch
 
 # PGO/LTO patches
 Patch600:        pgo.patch
@@ -545,6 +546,7 @@ to run Firefox explicitly on X11.
 %patch430 -p1
 %patch431 -p1
 %patch432 -p1
+%patch433 -p1
 
 # PGO patches
 %if %{build_with_pgo}
@@ -1139,6 +1141,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif
 
 %changelog
+* Tue Aug 27 2024 lvfei <lvfei@kylinos.cn> - 102.15.0-7
+- Fix CVE-2024-0745
+
 * Tue Apr 23 2024 wangkai <13474090681@163.com> - 102.15.0-6
 - Fix CVE-2023-44488
 
@@ -1213,7 +1218,7 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 - Fix CVE-2020-15664 CVE-2020-15665 CVE-2020-15666 CVE-2020-15667
   CVE-2020-15668 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678
 
-* Thu Nov 28 2020 Jeffery.Gao <gaojianxing@huawei.com> - 79.0-3
+* Sat Nov 28 2020 Jeffery.Gao <gaojianxing@huawei.com> - 79.0-3
 - Fix firefox downgrade error
 
 * Mon Oct 26 2020 lingsheng <lingsheng@huawei.com> - 79.0-2
@@ -1234,5 +1239,5 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 * Mon May 25 2020 Captain Wei<captain.a.wei@gmail.com> - 62.0.3-5
 - fix unstable_name_collisions problem when compile
 
-* Wen Feb 26 2020 xuxijian<xuxijian@huawei.com> - 62.0.3-4
+* Wed Feb 26 2020 xuxijian<xuxijian@huawei.com> - 62.0.3-4
 - Package init
-- 
Gitee