[webkitgtk3/f20] Fix for RH bug #1035764 - Crashes with certain Google Drive documents

[Tomas Popela]

commit 11fb1f0df21ef4c9c731ac0d5697d66a47edb929
Author: Tomas Popela <tpopela at redhat.com>
Date:   Thu Nov 28 13:34:21 2013 +0100

    Fix for RH bug #1035764 - Crashes with certain Google Drive documents

 webkitgtk-2.2.2-get_by_val.patch |   21 +++++++++++++++++++++
 webkitgtk3.spec                  |    9 ++++++++-
 2 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/webkitgtk-2.2.2-get_by_val.patch b/webkitgtk-2.2.2-get_by_val.patch
new file mode 100644
index 0000000..c4e2f1b
--- /dev/null
+++ b/webkitgtk-2.2.2-get_by_val.patch
@@ -0,0 +1,21 @@
+--- webkitgtk-2.2.2/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp	(revision 158679)
++++ webkitgtk-2.2.2/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp	(working copy)
+@@ -2023,17 +2023,9 @@ void SpeculativeJIT::compileGetByValOnSt
+     // 8 bit string values don't need the isASCII check.
+     cont8Bit.link(&m_jit);
+ 
+-#if CPU(X86)
+-    // Don't have enough register, construct our own indexed address and load.
+-    m_jit.lshift32(MacroAssembler::TrustedImm32(2), scratchReg);
++    m_jit.lshift32(MacroAssembler::TrustedImm32(sizeof(void*) == 4 ? 2 : 3), scratchReg);
+     m_jit.addPtr(MacroAssembler::TrustedImmPtr(m_jit.vm()->smallStrings.singleCharacterStrings()), scratchReg);
+     m_jit.loadPtr(scratchReg, scratchReg);
+-#else
+-    GPRTemporary smallStrings(this);
+-    GPRReg smallStringsReg = smallStrings.gpr();
+-    m_jit.move(MacroAssembler::TrustedImmPtr(m_jit.vm()->smallStrings.singleCharacterStrings()), smallStringsReg);
+-    m_jit.loadPtr(MacroAssembler::BaseIndex(smallStringsReg, scratchReg, MacroAssembler::ScalePtr, 0), scratchReg);
+-#endif
+ 
+     addSlowPathGenerator(
+         slowPathCall(
diff --git a/webkitgtk3.spec b/webkitgtk3.spec
index 552c7d7..eeefbf0 100644
--- a/webkitgtk3.spec
+++ b/webkitgtk3.spec
@@ -7,7 +7,7 @@
 
 Name:           webkitgtk3
 Version:        2.2.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        GTK+ Web content engine library
 
 Group:          Development/Libraries
@@ -22,6 +22,9 @@ Patch0:         webkit-1.1.14-nspluginwrapper.patch
 Patch1:         webkitgtk-2.1.1-yarr.patch
 # https://bugs.webkit.org/show_bug.cgi?id=103128
 Patch4:         webkit-2.1.90-double2intsPPC32.patch
+# https://bugs.webkit.org/show_bug.cgi?id=123816
+# Remove when 2.2.3 will be out
+Patch5:         webkitgtk-2.2.2-get_by_val.patch
 
 BuildRequires:  at-spi2-core-devel
 BuildRequires:  bison
@@ -96,6 +99,7 @@ This package contains developer documentation for %{name}.
 %ifarch ppc s390
 %patch4 -p1 -b .double2intsPPC32
 %endif
+%patch5 -p1
 
 %build
 # Use linker flags to reduce memory consumption
@@ -211,6 +215,9 @@ find $RPM_BUILD_ROOT%{_libdir} -name "*.la" -delete
 
 
 %changelog
+* Thu Nov 28 2013 Tomas Popela <tpopela at redhat.com> - 2.2.2-2
+- Fix for RH bug #1035764 - Crashes with certain Google Drive documents
+
 * Mon Nov 11 2013 Tomas Popela <tpopela at redhat.com> - 2.2.2-1
 - Update to 2.2.2