1From a8bbe99b671e5f751201e3eae8a114d87c2f08b2 Mon Sep 17 00:00:00 2001
2From: Martin Jansa <Martin.Jansa@gmail.com>
3Date: Thu, 2 Sep 2021 14:59:03 +0200
4Subject: [PATCH] security: Fix build with glibc-2.34
5
6From https://bugzilla.redhat.com/attachment.cgi?id=1803524&action=diff
7
8Fixes:
90:03.15 In file included from /OE/build/test-oe-build-time/poky/build/tmp/work/core2-64-poky-linux/firefox/68.9.0esr-r0/firefox-68.9.0/firefox-build-dir/security/sandbox/linux/launch/Unified_cpp_linux_launch0.cpp:11:
10 0:03.15 /OE/build/test-oe-build-time/poky/build/tmp/work/core2-64-poky-linux/firefox/68.9.0esr-r0/firefox-68.9.0/security/sandbox/linux/launch/SandboxLaunch.cpp:415:20: error: no matching function for call to 'ArrayEnd'
11 0:03.15   void* stackPtr = ArrayEnd(miniStack);
12 0:03.15                    ^~~~~~~~
13
14Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
15---
16 security/sandbox/linux/launch/SandboxLaunch.cpp | 12 +++++++++---
17 1 file changed, 9 insertions(+), 3 deletions(-)
18
19diff --git a/security/sandbox/linux/launch/SandboxLaunch.cpp b/security/sandbox/linux/launch/SandboxLaunch.cpp
20index 2c179c0659..ee3bbad747 100644
21--- a/security/sandbox/linux/launch/SandboxLaunch.cpp
22+++ b/security/sandbox/linux/launch/SandboxLaunch.cpp
23@@ -408,7 +408,7 @@ static int CloneCallee(void* aPtr) {
24 // we don't currently support sandboxing under valgrind.
25 MOZ_NEVER_INLINE MOZ_ASAN_BLACKLIST static pid_t DoClone(int aFlags,
26                                                          jmp_buf* aCtx) {
27-  uint8_t miniStack[PTHREAD_STACK_MIN];
28+  uint8_t miniStack[4096];
29 #ifdef __hppa__
30   void* stackPtr = miniStack;
31 #else
32@@ -429,13 +429,19 @@ static pid_t ForkWithFlags(int aFlags) {
33                                CLONE_CHILD_CLEARTID;
34   MOZ_RELEASE_ASSERT((aFlags & kBadFlags) == 0);
35
36+  // Block signals due to small stack in DoClone.
37+  sigset_t oldSigs;
38+  BlockAllSignals(&oldSigs);
39+
40+  int ret = 0;
41   jmp_buf ctx;
42   if (setjmp(ctx) == 0) {
43     // In the parent and just called setjmp:
44-    return DoClone(aFlags | SIGCHLD, &ctx);
45+    ret = DoClone(aFlags | SIGCHLD, &ctx);
46   }
47+  RestoreSignals(&oldSigs);
48   // In the child and have longjmp'ed:
49-  return 0;
50+  return ret;
51 }
52
53 static bool WriteStringToFile(const char* aPath, const char* aStr,
54