From 14a6deb011baf84281264cd055ea08de7f9d348c Mon Sep 17 00:00:00 2001 From: Cameron Kaiser Date: Thu, 14 Jun 2018 20:09:00 -0700 Subject: [PATCH] #500: M1458270 M1452576 M1459162 M1450688 M1456975 M1459693 M1464784 --- dom/base/StructuredCloneHolder.cpp | 18 +++++++++--------- dom/base/nsINode.cpp | 20 ++++++++++---------- dom/canvas/CanvasRenderingContext2D.cpp | 14 +++++++++----- dom/canvas/CanvasRenderingContext2D.h | 5 ++++- dom/html/HTMLInputElement.cpp | 3 ++- dom/xbl/nsXBLBinding.cpp | 12 +++++++++++- image/decoders/icon/nsIconURI.cpp | 10 ++++++++++ widget/GfxInfoBase.cpp | 18 ++++++++++++++++-- widget/GfxInfoBase.h | 1 + widget/cocoa/GfxInfo.mm | 4 ++++ 10 files changed, 76 insertions(+), 29 deletions(-) diff --git a/dom/base/StructuredCloneHolder.cpp b/dom/base/StructuredCloneHolder.cpp index b4bea9514..78481a3ea 100644 --- a/dom/base/StructuredCloneHolder.cpp +++ b/dom/base/StructuredCloneHolder.cpp @@ -968,9 +968,9 @@ StructuredCloneHolder::CustomReadHandler(JSContext* aCx, return ReadFormData(aCx, aReader, aIndex, this); } - if (aTag == SCTAG_DOM_IMAGEBITMAP) { - MOZ_ASSERT(mSupportedContext == SameProcessSameThread || - mSupportedContext == SameProcessDifferentThread); + if (aTag == SCTAG_DOM_IMAGEBITMAP && + (mSupportedContext == SameProcessSameThread || + mSupportedContext == SameProcessDifferentThread)) { // Get the current global object. // This can be null. @@ -1067,9 +1067,9 @@ StructuredCloneHolder::CustomReadTransferHandler(JSContext* aCx, return true; } - if (aTag == SCTAG_DOM_CANVAS) { - MOZ_ASSERT(mSupportedContext == SameProcessSameThread || - mSupportedContext == SameProcessDifferentThread); + if (aTag == SCTAG_DOM_CANVAS && + (mSupportedContext == SameProcessSameThread || + mSupportedContext == SameProcessDifferentThread)) { MOZ_ASSERT(aContent); OffscreenCanvasCloneData* data = static_cast(aContent); @@ -1155,9 +1155,9 @@ StructuredCloneHolder::CustomFreeTransferHandler(uint32_t aTag, return; } - if (aTag == SCTAG_DOM_CANVAS) { - MOZ_ASSERT(mSupportedContext == SameProcessSameThread || - mSupportedContext == SameProcessDifferentThread); + if (aTag == SCTAG_DOM_CANVAS && + (mSupportedContext == SameProcessSameThread || + mSupportedContext == SameProcessDifferentThread)) { MOZ_ASSERT(aContent); OffscreenCanvasCloneData* data = static_cast(aContent); diff --git a/dom/base/nsINode.cpp b/dom/base/nsINode.cpp index c6982976c..f17b89ec0 100644 --- a/dom/base/nsINode.cpp +++ b/dom/base/nsINode.cpp @@ -1756,8 +1756,8 @@ nsINode::Before(const Sequence& aNodes, nsCOMPtr viablePreviousSibling = FindViablePreviousSibling(*this, aNodes); - nsCOMPtr node = - ConvertNodesOrStringsIntoNode(aNodes, OwnerDoc(), aRv); + nsCOMPtr doc = OwnerDoc(); + nsCOMPtr node = ConvertNodesOrStringsIntoNode(aNodes, doc, aRv); if (aRv.Failed()) { return; } @@ -1779,8 +1779,8 @@ nsINode::After(const Sequence& aNodes, nsCOMPtr viableNextSibling = FindViableNextSibling(*this, aNodes); - nsCOMPtr node = - ConvertNodesOrStringsIntoNode(aNodes, OwnerDoc(), aRv); + nsCOMPtr doc = OwnerDoc(); + nsCOMPtr node = ConvertNodesOrStringsIntoNode(aNodes, doc, aRv); if (aRv.Failed()) { return; } @@ -1799,8 +1799,8 @@ nsINode::ReplaceWith(const Sequence& aNodes, nsCOMPtr viableNextSibling = FindViableNextSibling(*this, aNodes); - nsCOMPtr node = - ConvertNodesOrStringsIntoNode(aNodes, OwnerDoc(), aRv); + nsCOMPtr doc = OwnerDoc(); + nsCOMPtr node = ConvertNodesOrStringsIntoNode(aNodes, doc, aRv); if (aRv.Failed()) { return; } @@ -1859,8 +1859,8 @@ void nsINode::Prepend(const Sequence& aNodes, ErrorResult& aRv) { - nsCOMPtr node = - ConvertNodesOrStringsIntoNode(aNodes, OwnerDoc(), aRv); + nsCOMPtr doc = OwnerDoc(); + nsCOMPtr node = ConvertNodesOrStringsIntoNode(aNodes, doc, aRv); if (aRv.Failed()) { return; } @@ -1873,8 +1873,8 @@ void nsINode::Append(const Sequence& aNodes, ErrorResult& aRv) { - nsCOMPtr node = - ConvertNodesOrStringsIntoNode(aNodes, OwnerDoc(), aRv); + nsCOMPtr doc = OwnerDoc(); + nsCOMPtr node = ConvertNodesOrStringsIntoNode(aNodes, doc, aRv); if (aRv.Failed()) { return; } diff --git a/dom/canvas/CanvasRenderingContext2D.cpp b/dom/canvas/CanvasRenderingContext2D.cpp index dd70cbb8d..5339c8d68 100644 --- a/dom/canvas/CanvasRenderingContext2D.cpp +++ b/dom/canvas/CanvasRenderingContext2D.cpp @@ -1515,8 +1515,6 @@ CanvasRenderingContext2D::GetHeight() const NS_IMETHODIMP CanvasRenderingContext2D::SetDimensions(int32_t width, int32_t height) { - ClearTarget(); - // Zero sized surfaces can cause problems. mZero = false; if (height == 0) { @@ -1527,14 +1525,14 @@ CanvasRenderingContext2D::SetDimensions(int32_t width, int32_t height) width = 1; mZero = true; } - mWidth = width; - mHeight = height; + + ClearTarget(width, height); return NS_OK; } void -CanvasRenderingContext2D::ClearTarget() +CanvasRenderingContext2D::ClearTarget(int32_t aWidth, int32_t aHeight) { Reset(); @@ -1553,6 +1551,12 @@ CanvasRenderingContext2D::ClearTarget() state->colorStyles[Style::STROKE] = NS_RGB(0,0,0); state->shadowColor = NS_RGBA(0,0,0,0); + // Update dimensions only if new (strictly positive) values were passed. + if (aWidth > 0 && aHeight > 0) { + mWidth = aWidth; + mHeight = aHeight; + } + // For vertical writing-mode, unless text-orientation is sideways, // we'll modify the initial value of textBaseline to 'middle'. RefPtr canvasStyle; diff --git a/dom/canvas/CanvasRenderingContext2D.h b/dom/canvas/CanvasRenderingContext2D.h index 5ff594a50..23d991d1a 100644 --- a/dom/canvas/CanvasRenderingContext2D.h +++ b/dom/canvas/CanvasRenderingContext2D.h @@ -649,8 +649,11 @@ protected: /** * Disposes an old target and prepares to lazily create a new target. + * + * Parameters are the new dimensions to be used, or if either is negative, + * existing dimensions will be left unchanged. */ - void ClearTarget(); + void ClearTarget(int32_t aWidth = -1, int32_t aHeight = -1); /* * Returns the target to the buffer provider. i.e. this will queue a frame for diff --git a/dom/html/HTMLInputElement.cpp b/dom/html/HTMLInputElement.cpp index f1aeef003..afdcceba9 100644 --- a/dom/html/HTMLInputElement.cpp +++ b/dom/html/HTMLInputElement.cpp @@ -2918,7 +2918,8 @@ HTMLInputElement::Focus(ErrorResult& aError) nsNumberControlFrame* numberControlFrame = do_QueryFrame(GetPrimaryFrame()); if (numberControlFrame) { - HTMLInputElement* textControl = numberControlFrame->GetAnonTextControl(); + RefPtr textControl = + numberControlFrame->GetAnonTextControl(); if (textControl) { textControl->Focus(aError); return; diff --git a/dom/xbl/nsXBLBinding.cpp b/dom/xbl/nsXBLBinding.cpp index 757f82046..849214ceb 100644 --- a/dom/xbl/nsXBLBinding.cpp +++ b/dom/xbl/nsXBLBinding.cpp @@ -977,7 +977,17 @@ nsXBLBinding::DoInitJSClass(JSContext *cx, NS_ENSURE_TRUE(xblScope, NS_ERROR_UNEXPECTED); JS::Rooted parent_proto(cx); - if (!JS_GetPrototype(cx, obj, &parent_proto)) { + { + JS::RootedObject wrapped(cx, obj); + JSAutoCompartment ac(cx, xblScope); + if (!JS_WrapObject(cx, &wrapped)) { + return NS_ERROR_FAILURE; + } + if (!JS_GetPrototype(cx, wrapped, &parent_proto)) { + return NS_ERROR_FAILURE; + } + } + if (!JS_WrapObject(cx, &parent_proto)) { return NS_ERROR_FAILURE; } diff --git a/image/decoders/icon/nsIconURI.cpp b/image/decoders/icon/nsIconURI.cpp index e778a4473..ca266d043 100644 --- a/image/decoders/icon/nsIconURI.cpp +++ b/image/decoders/icon/nsIconURI.cpp @@ -643,7 +643,17 @@ nsMozIconURI::Deserialize(const URIParams& aParams) mContentType = params.contentType(); mFileName = params.fileName(); mStockIcon = params.stockIcon(); + + if (params.iconSize() < -1 || + params.iconSize() >= (int32_t) ArrayLength(kSizeStrings)) { + return false; + } mIconSize = params.iconSize(); + + if (params.iconState() < -1 || + params.iconState() >= (int32_t) ArrayLength(kStateStrings)) { + return false; + } mIconState = params.iconState(); return true; diff --git a/widget/GfxInfoBase.cpp b/widget/GfxInfoBase.cpp index f92c5db83..3729c42db 100644 --- a/widget/GfxInfoBase.cpp +++ b/widget/GfxInfoBase.cpp @@ -45,6 +45,7 @@ using mozilla::MutexAutoLock; nsTArray* GfxInfoBase::mDriverInfo; bool GfxInfoBase::mDriverInfoObserverInitialized; +bool GfxInfoBase::mShutdownOccurred; // Observes for shutdown so that the child GfxDriverInfo list is freed. class ShutdownObserver : public nsIObserver @@ -64,11 +65,17 @@ public: delete GfxInfoBase::mDriverInfo; GfxInfoBase::mDriverInfo = nullptr; - for (uint32_t i = 0; i < DeviceFamilyMax; i++) + for (uint32_t i = 0; i < DeviceFamilyMax; i++) { delete GfxDriverInfo::mDeviceFamilies[i]; + GfxDriverInfo::mDeviceFamilies[i] = nullptr; + } - for (uint32_t i = 0; i < DeviceVendorMax; i++) + for (uint32_t i = 0; i < DeviceVendorMax; i++) { delete GfxDriverInfo::mDeviceVendors[i]; + GfxDriverInfo::mDeviceVendors[i] = nullptr; + } + + GfxInfoBase::mShutdownOccurred = true; return NS_OK; } @@ -911,6 +918,13 @@ GfxInfoBase::GetFeatureStatusImpl(int32_t aFeature, return NS_OK; } + if (mShutdownOccurred) { + // This is futile; we've already commenced shutdown and our blocklists have + // been deleted. We may want to look into resurrecting the blocklist instead + // but for now, just don't even go there. + return NS_OK; + } + // Shortcut this logic for TenFourFox: we don't support *anything* // right now. *aStatus = nsIGfxInfo::FEATURE_BLOCKED_OS_VERSION; diff --git a/widget/GfxInfoBase.h b/widget/GfxInfoBase.h index 7f112db47..b818c211a 100644 --- a/widget/GfxInfoBase.h +++ b/widget/GfxInfoBase.h @@ -72,6 +72,7 @@ public: static nsTArray* mDriverInfo; static bool mDriverInfoObserverInitialized; + static bool mShutdownOccurred; virtual nsString Model() { return EmptyString(); } virtual nsString Hardware() { return EmptyString(); } diff --git a/widget/cocoa/GfxInfo.mm b/widget/cocoa/GfxInfo.mm index 271f7a2e7..54864f371 100644 --- a/widget/cocoa/GfxInfo.mm +++ b/widget/cocoa/GfxInfo.mm @@ -336,6 +336,10 @@ GfxInfo::GetFeatureStatusImpl(int32_t aFeature, if (aOS) *aOS = os; + if (mShutdownOccurred) { + return NS_OK; + } + // Don't evaluate special cases when we're evaluating the downloaded blocklist. if (!aDriverInfo.Length()) { if (aFeature == nsIGfxInfo::FEATURE_WEBGL_MSAA) {