summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--dom/media/systemservices/CamerasChild.cpp15
-rw-r--r--dom/media/systemservices/CamerasChild.h11
-rw-r--r--gfx/skia/skia/src/core/SkMask.cpp7
-rw-r--r--gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp5
-rw-r--r--gfx/skia/skia/src/gpu/batches/GrAAHairLinePathRenderer.cpp9
-rw-r--r--uriloader/exthandler/win/nsMIMEInfoWin.cpp3
6 files changed, 41 insertions, 9 deletions
diff --git a/dom/media/systemservices/CamerasChild.cpp b/dom/media/systemservices/CamerasChild.cpp
index 0f7d1c1df..a3fbec850 100644
--- a/dom/media/systemservices/CamerasChild.cpp
+++ b/dom/media/systemservices/CamerasChild.cpp
@@ -35,7 +35,9 @@ CamerasSingleton::CamerasSingleton()
: mCamerasMutex("CamerasSingleton::mCamerasMutex"),
mCameras(nullptr),
mCamerasChildThread(nullptr),
- mFakeDeviceChangeEventThread(nullptr) {
+ mFakeDeviceChangeEventThread(nullptr),
+ mInShutdown(false)
+{
LOG(("CamerasSingleton: %p", this));
}
@@ -285,6 +287,7 @@ CamerasChild::NumberOfCapabilities(CaptureEngine aCapEngine,
LOG((__PRETTY_FUNCTION__));
LOG(("NumberOfCapabilities for %s", deviceUniqueIdUTF8));
nsCString unique_id(deviceUniqueIdUTF8);
+ RefPtr<CamerasChild> deathGrip = this;
nsCOMPtr<nsIRunnable> runnable =
mozilla::NewNonOwningRunnableMethod<CaptureEngine, nsCString>
(this, &CamerasChild::SendNumberOfCapabilities, aCapEngine, unique_id);
@@ -321,6 +324,7 @@ int
CamerasChild::EnsureInitialized(CaptureEngine aCapEngine)
{
LOG((__PRETTY_FUNCTION__));
+ RefPtr<CamerasChild> deathGrip = this;
nsCOMPtr<nsIRunnable> runnable =
mozilla::NewNonOwningRunnableMethod<CaptureEngine>
(this, &CamerasChild::SendEnsureInitialized, aCapEngine);
@@ -336,6 +340,7 @@ CamerasChild::GetCaptureCapability(CaptureEngine aCapEngine,
webrtc::CaptureCapability& capability)
{
LOG(("GetCaptureCapability: %s %d", unique_idUTF8, capability_number));
+ RefPtr<CamerasChild> deathGrip = this;
nsCString unique_id(unique_idUTF8);
nsCOMPtr<nsIRunnable> runnable =
mozilla::NewNonOwningRunnableMethod<CaptureEngine, nsCString, unsigned int>
@@ -374,6 +379,7 @@ CamerasChild::GetCaptureDevice(CaptureEngine aCapEngine,
bool* scary)
{
LOG((__PRETTY_FUNCTION__));
+ RefPtr<CamerasChild> deathGrip = this;
nsCOMPtr<nsIRunnable> runnable =
mozilla::NewNonOwningRunnableMethod<CaptureEngine, unsigned int>
(this, &CamerasChild::SendGetCaptureDevice, aCapEngine, list_number);
@@ -413,6 +419,7 @@ CamerasChild::AllocateCaptureDevice(CaptureEngine aCapEngine,
const nsACString& aOrigin)
{
LOG((__PRETTY_FUNCTION__));
+ RefPtr<CamerasChild> deathGrip = this;
nsCString unique_id(unique_idUTF8);
nsCString origin(aOrigin);
nsCOMPtr<nsIRunnable> runnable =
@@ -444,6 +451,7 @@ CamerasChild::ReleaseCaptureDevice(CaptureEngine aCapEngine,
const int capture_id)
{
LOG((__PRETTY_FUNCTION__));
+ RefPtr<CamerasChild> deathGrip = this;
nsCOMPtr<nsIRunnable> runnable =
mozilla::NewNonOwningRunnableMethod<CaptureEngine, int>
(this, &CamerasChild::SendReleaseCaptureDevice, aCapEngine, capture_id);
@@ -491,6 +499,7 @@ CamerasChild::StartCapture(CaptureEngine aCapEngine,
webrtcCaps.rawType,
webrtcCaps.codecType,
webrtcCaps.interlaced);
+ RefPtr<CamerasChild> deathGrip = this;
nsCOMPtr<nsIRunnable> runnable =
mozilla::NewNonOwningRunnableMethod<CaptureEngine, int, CaptureCapability>
(this, &CamerasChild::SendStartCapture, aCapEngine, capture_id, capCap);
@@ -502,6 +511,7 @@ int
CamerasChild::StopCapture(CaptureEngine aCapEngine, const int capture_id)
{
LOG((__PRETTY_FUNCTION__));
+ RefPtr<CamerasChild> deathGrip = this;
nsCOMPtr<nsIRunnable> runnable =
mozilla::NewNonOwningRunnableMethod<CaptureEngine, int>
(this, &CamerasChild::SendStopCapture, aCapEngine, capture_id);
@@ -567,6 +577,7 @@ CamerasChild::ShutdownParent()
// Delete the parent actor.
// CamerasChild (this) will remain alive and is only deleted by the
// IPC layer when SendAllDone returns.
+ RefPtr<CamerasChild> deathGrip = this;
nsCOMPtr<nsIRunnable> deleteRunnable =
mozilla::NewNonOwningRunnableMethod(this, &CamerasChild::SendAllDone);
CamerasSingleton::Thread()->Dispatch(deleteRunnable, NS_DISPATCH_NORMAL);
@@ -695,7 +706,7 @@ CamerasChild::~CamerasChild()
{
LOG(("~CamerasChild: %p", this));
- {
+ if (!CamerasSingleton::InShutdown()) {
OffTheBooksMutexAutoLock lock(CamerasSingleton::Mutex());
// In normal circumstances we've already shut down and the
// following does nothing. But on fatal IPC errors we will
diff --git a/dom/media/systemservices/CamerasChild.h b/dom/media/systemservices/CamerasChild.h
index 1530714e9..9ca125cfd 100644
--- a/dom/media/systemservices/CamerasChild.h
+++ b/dom/media/systemservices/CamerasChild.h
@@ -89,6 +89,14 @@ public:
return gTheInstance.get()->mFakeDeviceChangeEventThread;
}
+ static bool InShutdown() {
+ return gTheInstance.get()->mInShutdown;
+ }
+
+ static void StartShutdown() {
+ gTheInstance.get()->mInShutdown = true;
+ }
+
private:
static Singleton<CamerasSingleton> gTheInstance;
@@ -106,6 +114,7 @@ private:
CamerasChild* mCameras;
nsCOMPtr<nsIThread> mCamerasChildThread;
nsCOMPtr<nsIThread> mFakeDeviceChangeEventThread;
+ Atomic<bool> mInShutdown;
};
// Get a pointer to a CamerasChild object we can use to do IPC with.
@@ -145,7 +154,7 @@ class CamerasChild final : public PCamerasChild
public:
// We are owned by the PBackground thread only. CamerasSingleton
// takes a non-owning reference.
- NS_INLINE_DECL_REFCOUNTING(CamerasChild)
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(CamerasChild)
// IPC messages recevied, received on the PBackground thread
// these are the actual callbacks with data
diff --git a/gfx/skia/skia/src/core/SkMask.cpp b/gfx/skia/skia/src/core/SkMask.cpp
index 111508074..b40b94974 100644
--- a/gfx/skia/skia/src/core/SkMask.cpp
+++ b/gfx/skia/skia/src/core/SkMask.cpp
@@ -43,7 +43,12 @@ uint8_t* SkMask::AllocImage(size_t size) {
#ifdef TRACK_SKMASK_LIFETIME
SkDebugf("SkMask::AllocImage %d\n", gCounter++);
#endif
- return (uint8_t*)sk_malloc_throw(SkAlign4(size));
+ size_t aligned_size = std::numeric_limits<size_t>::max();
+ size_t adjustment = 3;
+ if (size + adjustment > size) {
+ aligned_size = (size + adjustment) & ~adjustment;
+ }
+ return static_cast<uint8_t*>(sk_malloc_throw(aligned_size));
}
/** We explicitly use this allocator for SkBimap pixels, so that we can
diff --git a/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp b/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp
index e3f30b0c1..993e1c59d 100644
--- a/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp
+++ b/gfx/skia/skia/src/gpu/GrBufferAllocPool.cpp
@@ -14,6 +14,7 @@
#include "GrResourceProvider.h"
#include "GrTypes.h"
+#include "SkSafeMath.h"
#include "SkTraceEvent.h"
#ifdef SK_DEBUG
@@ -335,7 +336,7 @@ void* GrVertexBufferAllocPool::makeSpace(size_t vertexSize,
SkASSERT(startVertex);
size_t offset = 0; // assign to suppress warning
- void* ptr = INHERITED::makeSpace(vertexSize * vertexCount,
+ void* ptr = INHERITED::makeSpace(SkSafeMath::Mul(vertexSize, vertexCount),
vertexSize,
buffer,
&offset);
@@ -360,7 +361,7 @@ void* GrIndexBufferAllocPool::makeSpace(int indexCount,
SkASSERT(startIndex);
size_t offset = 0; // assign to suppress warning
- void* ptr = INHERITED::makeSpace(indexCount * sizeof(uint16_t),
+ void* ptr = INHERITED::makeSpace(SkSafeMath::Mul(indexCount, sizeof(uint16_t)),
sizeof(uint16_t),
buffer,
&offset);
diff --git a/gfx/skia/skia/src/gpu/batches/GrAAHairLinePathRenderer.cpp b/gfx/skia/skia/src/gpu/batches/GrAAHairLinePathRenderer.cpp
index 9d73cf4f1..ec6c99c6e 100644
--- a/gfx/skia/skia/src/gpu/batches/GrAAHairLinePathRenderer.cpp
+++ b/gfx/skia/skia/src/gpu/batches/GrAAHairLinePathRenderer.cpp
@@ -828,6 +828,13 @@ void AAHairlineBatch::onPrepareDraws(Target* target) const {
int lineCount = lines.count() / 2;
int conicCount = conics.count() / 3;
+ int quadAndConicCount = conicCount + quadCount;
+
+ static constexpr int kMaxLines = SK_MaxS32 / kLineSegNumVertices;
+ static constexpr int kMaxQuadsAndConics = SK_MaxS32 / kQuadNumVertices;
+ if (lineCount > kMaxLines || quadAndConicCount > kMaxQuadsAndConics) {
+ return;
+ }
// do lines first
if (lineCount) {
@@ -899,7 +906,7 @@ void AAHairlineBatch::onPrepareDraws(Target* target) const {
ref_quads_index_buffer(target->resourceProvider()));
size_t vertexStride = sizeof(BezierVertex);
- int vertexCount = kQuadNumVertices * quadCount + kQuadNumVertices * conicCount;
+ int vertexCount = kQuadNumVertices * quadAndConicCount;
void *vertices = target->makeVertexSpace(vertexStride, vertexCount,
&vertexBuffer, &firstVertex);
diff --git a/uriloader/exthandler/win/nsMIMEInfoWin.cpp b/uriloader/exthandler/win/nsMIMEInfoWin.cpp
index 2c7171c87..6ead8f4c3 100644
--- a/uriloader/exthandler/win/nsMIMEInfoWin.cpp
+++ b/uriloader/exthandler/win/nsMIMEInfoWin.cpp
@@ -243,8 +243,7 @@ nsMIMEInfoWin::LoadUriInternal(nsIURI * aURL)
SHELLEXECUTEINFOW sinfo;
memset(&sinfo, 0, sizeof(sinfo));
sinfo.cbSize = sizeof(sinfo);
- sinfo.fMask = SEE_MASK_FLAG_DDEWAIT |
- SEE_MASK_FLAG_NO_UI;
+ sinfo.fMask = SEE_MASK_FLAG_DDEWAIT;
sinfo.hwnd = nullptr;
sinfo.lpVerb = (LPWSTR)&cmdVerb;
sinfo.nShow = SW_SHOWNORMAL;