Apply a patch from Mozilla to prevent an integer overflow in expat.

Apply a patch to prevent an integer overflow in expat.

See https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/ for Mozilla's advisory. Patch taken from https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c

BUG=492052
Committed: https://crrev.com/84ee0ec84f9de080e7d0e84dae6399d12c519d72
Cr-Commit-Position: refs/heads/master@{#332964}

[Martin Barbella, 2015-06-04 20:17:28]

mbarbella@chromium.org changed reviewers:
+ brettw@chromium.org

[Martin Barbella, 2015-06-04 20:17:29]

PTAL

[brettw, 2015-06-04 20:33:56]

LGTM. We've done our own analysis of the problem and verified that this approach
is correct, right?

Also, see question below:

https://codereview.chromium.org/1151263010/diff/20001/third_party/expat/READM...
File third_party/expat/README.chromium (right):

https://codereview.chromium.org/1151263010/diff/20001/third_party/expat/READM...
third_party/expat/README.chromium:7: Security Critical: no
If libjingle uses it, I assume we're processing web content, which would make it
security critical, right?

[Martin Barbella, 2015-06-04 20:38:54]

I'll take a closer look at the patch before committing. I only briefly looked
over it.

https://codereview.chromium.org/1151263010/diff/20001/third_party/expat/READM...
File third_party/expat/README.chromium (right):

https://codereview.chromium.org/1151263010/diff/20001/third_party/expat/READM...
third_party/expat/README.chromium:7: Security Critical: no
On 2015/06/04 20:33:55, brettw wrote:
> If libjingle uses it, I assume we're processing web content, which would make
it
> security critical, right?

I discussed this with jschuh@ offline and he plans on doing some cleanup here.
Justin, should I just flip this now?

[jschuh, 2015-06-04 20:52:06]

On 2015/06/04 20:38:54, mbarbella wrote:
> I'll take a closer look at the patch before committing. I only briefly looked
> over it.
> 
>
https://codereview.chromium.org/1151263010/diff/20001/third_party/expat/READM...
> File third_party/expat/README.chromium (right):
> 
>
https://codereview.chromium.org/1151263010/diff/20001/third_party/expat/READM...
> third_party/expat/README.chromium:7: Security Critical: no
> On 2015/06/04 20:33:55, brettw wrote:
> > If libjingle uses it, I assume we're processing web content, which would
make
> it
> > security critical, right?
> 
> I discussed this with jschuh@ offline and he plans on doing some cleanup here.
> Justin, should I just flip this now?

Yeah, I'd flip it.

[Martin Barbella, 2015-06-04 22:47:08]

The CQ bit was checked by mbarbella@chromium.org

[Martin Barbella, 2015-06-04 22:47:08]

The patchset sent to the CQ was uploaded after l-g-t-m from brettw@chromium.org
Link to the patchset: https://codereview.chromium.org/1151263010/#ps60001
(title: "Use the more common case for capitilization")

[Martin Barbella, 2015-06-04 22:47:46]

On 2015/06/04 20:52:06, jschuh wrote:
> On 2015/06/04 20:38:54, mbarbella wrote:
> > I'll take a closer look at the patch before committing. I only briefly
looked
> > over it.
> > 
> >
>
https://codereview.chromium.org/1151263010/diff/20001/third_party/expat/READM...
> > File third_party/expat/README.chromium (right):
> > 
> >
>
https://codereview.chromium.org/1151263010/diff/20001/third_party/expat/READM...
> > third_party/expat/README.chromium:7: Security Critical: no
> > On 2015/06/04 20:33:55, brettw wrote:
> > > If libjingle uses it, I assume we're processing web content, which would
> make
> > it
> > > security critical, right?
> > 
> > I discussed this with jschuh@ offline and he plans on doing some cleanup
here.
> > Justin, should I just flip this now?
> 
> Yeah, I'd flip it.

Done.

[commit-bot: I haz the power, 2015-06-04 22:48:25]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1151263010/60001

[commit-bot: I haz the power, 2015-06-04 23:49:12]

Committed patchset #4 (id:60001)

[commit-bot: I haz the power, 2015-06-04 23:50:15]

Patchset 4 (id:??) landed as
https://crrev.com/84ee0ec84f9de080e7d0e84dae6399d12c519d72
Cr-Commit-Position: refs/heads/master@{#332964}