diff options
24 files changed, 154 insertions, 83 deletions
diff --git a/dom/canvas/WebGLBuffer.cpp b/dom/canvas/WebGLBuffer.cpp index 1eaf37ac4..02a8f649f 100644 --- a/dom/canvas/WebGLBuffer.cpp +++ b/dom/canvas/WebGLBuffer.cpp @@ -134,6 +134,7 @@ WebGLBuffer::BufferData(GLenum target, size_t size, const void* data, GLenum usa if (error) { MOZ_ASSERT(error == LOCAL_GL_OUT_OF_MEMORY); mContext->ErrorOutOfMemory("%s: Error from driver: 0x%04x", funcName, error); + mByteLength = 0; return; } } else { diff --git a/dom/canvas/WebGLContext.h b/dom/canvas/WebGLContext.h index 8a20237ff..0510e6898 100644 --- a/dom/canvas/WebGLContext.h +++ b/dom/canvas/WebGLContext.h @@ -20,6 +20,7 @@ #include "mozilla/gfx/2D.h" #include "mozilla/LinkedList.h" #include "mozilla/UniquePtr.h" +#include "mozilla/WeakPtr.h" #include "nsCycleCollectionNoteChild.h" #include "nsICanvasRenderingContextInternal.h" #include "nsLayoutUtils.h" @@ -299,6 +300,7 @@ class WebGLContext , public WebGLContextUnchecked , public WebGLRectangleObject , public nsWrapperCache + , public SupportsWeakPtr<WebGLContext> { friend class ScopedDrawHelper; friend class ScopedDrawWithTransformFeedback; @@ -342,6 +344,7 @@ public: NS_DECL_CYCLE_COLLECTION_SCRIPT_HOLDER_CLASS_AMBIGUOUS(WebGLContext, nsIDOMWebGLRenderingContext) + MOZ_DECLARE_WEAKREFERENCE_TYPENAME(WebGLContext) virtual JSObject* WrapObject(JSContext* cx, JS::Handle<JSObject*> givenProto) override = 0; diff --git a/dom/canvas/WebGLExtensionDebugShaders.cpp b/dom/canvas/WebGLExtensionDebugShaders.cpp index 75880465e..8399aeb95 100644 --- a/dom/canvas/WebGLExtensionDebugShaders.cpp +++ b/dom/canvas/WebGLExtensionDebugShaders.cpp @@ -29,15 +29,10 @@ WebGLExtensionDebugShaders::GetTranslatedShaderSource(const WebGLShader& shader, { retval.SetIsVoid(true); - if (mIsLost) { - mContext->ErrorInvalidOperation("%s: Extension is lost.", - "getTranslatedShaderSource"); + if (mIsLost || !mContext) { return; } - if (mContext->IsContextLost()) - return; - if (!mContext->ValidateObject("getShaderTranslatedSource: shader", shader)) return; diff --git a/dom/canvas/WebGLExtensionDisjointTimerQuery.cpp b/dom/canvas/WebGLExtensionDisjointTimerQuery.cpp index e2e34f14e..da76eeb2d 100644 --- a/dom/canvas/WebGLExtensionDisjointTimerQuery.cpp +++ b/dom/canvas/WebGLExtensionDisjointTimerQuery.cpp @@ -40,8 +40,10 @@ void WebGLExtensionDisjointTimerQuery::DeleteQueryEXT(WebGLQuery* query) const { const char funcName[] = "deleteQueryEXT"; - if (mIsLost) - return; + + if (mIsLost || !mContext) { + return; + } mContext->DeleteQuery(query, funcName); } @@ -50,8 +52,10 @@ bool WebGLExtensionDisjointTimerQuery::IsQueryEXT(const WebGLQuery* query) const { const char funcName[] = "isQueryEXT"; - if (mIsLost) - return false; + + if (mIsLost || !mContext) { + return false; + } return mContext->IsQuery(query, funcName); } @@ -60,8 +64,10 @@ void WebGLExtensionDisjointTimerQuery::BeginQueryEXT(GLenum target, WebGLQuery& query) const { const char funcName[] = "beginQueryEXT"; - if (mIsLost) - return; + + if (mIsLost || !mContext) { + return; + } mContext->BeginQuery(target, query, funcName); } @@ -70,8 +76,10 @@ void WebGLExtensionDisjointTimerQuery::EndQueryEXT(GLenum target) const { const char funcName[] = "endQueryEXT"; - if (mIsLost) - return; + + if (mIsLost || !mContext) { + return; + } mContext->EndQuery(target, funcName); } @@ -80,8 +88,10 @@ void WebGLExtensionDisjointTimerQuery::QueryCounterEXT(WebGLQuery& query, GLenum target) const { const char funcName[] = "queryCounterEXT"; - if (mIsLost) - return; + + if (mIsLost || !mContext) { + return; + } if (!mContext->ValidateObject(funcName, query)) return; @@ -95,8 +105,10 @@ WebGLExtensionDisjointTimerQuery::GetQueryEXT(JSContext* cx, GLenum target, GLen { const char funcName[] = "getQueryEXT"; retval.setNull(); - if (mIsLost) - return; + + if (mIsLost || !mContext) { + return; + } mContext->GetQuery(cx, target, pname, retval, funcName); } @@ -108,8 +120,10 @@ WebGLExtensionDisjointTimerQuery::GetQueryObjectEXT(JSContext* cx, { const char funcName[] = "getQueryObjectEXT"; retval.setNull(); - if (mIsLost) - return; + + if (mIsLost || !mContext) { + return; + } mContext->GetQueryParameter(cx, query, pname, retval, funcName); } diff --git a/dom/canvas/WebGLExtensionDrawBuffers.cpp b/dom/canvas/WebGLExtensionDrawBuffers.cpp index 27aa76cc7..6f386621f 100644 --- a/dom/canvas/WebGLExtensionDrawBuffers.cpp +++ b/dom/canvas/WebGLExtensionDrawBuffers.cpp @@ -36,7 +36,9 @@ void WebGLExtensionDrawBuffers::DrawBuffersWEBGL(const dom::Sequence<GLenum>& buffers) { if (mIsLost) { - mContext->ErrorInvalidOperation("drawBuffersWEBGL: Extension is lost."); + if (mContext) { + mContext->ErrorInvalidOperation("drawBuffersWEBGL: Extension is lost."); + } return; } diff --git a/dom/canvas/WebGLExtensionInstancedArrays.cpp b/dom/canvas/WebGLExtensionInstancedArrays.cpp index 10d0533fe..22b3ec12c 100644 --- a/dom/canvas/WebGLExtensionInstancedArrays.cpp +++ b/dom/canvas/WebGLExtensionInstancedArrays.cpp @@ -28,8 +28,10 @@ WebGLExtensionInstancedArrays::DrawArraysInstancedANGLE(GLenum mode, GLsizei primcount) { if (mIsLost) { - mContext->ErrorInvalidOperation("%s: Extension is lost.", - "drawArraysInstancedANGLE"); + if (mContext) { + mContext->ErrorInvalidOperation("%s: Extension is lost.", + "drawArraysInstancedANGLE"); + } return; } @@ -44,8 +46,10 @@ WebGLExtensionInstancedArrays::DrawElementsInstancedANGLE(GLenum mode, GLsizei primcount) { if (mIsLost) { - mContext->ErrorInvalidOperation("%s: Extension is lost.", - "drawElementsInstancedANGLE"); + if (mContext) { + mContext->ErrorInvalidOperation("%s: Extension is lost.", + "drawElementsInstancedANGLE"); + } return; } @@ -57,8 +61,10 @@ WebGLExtensionInstancedArrays::VertexAttribDivisorANGLE(GLuint index, GLuint divisor) { if (mIsLost) { - mContext->ErrorInvalidOperation("%s: Extension is lost.", - "vertexAttribDivisorANGLE"); + if (mContext) { + mContext->ErrorInvalidOperation("%s: Extension is lost.", + "vertexAttribDivisorANGLE"); + } return; } diff --git a/dom/canvas/WebGLExtensionLoseContext.cpp b/dom/canvas/WebGLExtensionLoseContext.cpp index 020731e63..41f1633d8 100644 --- a/dom/canvas/WebGLExtensionLoseContext.cpp +++ b/dom/canvas/WebGLExtensionLoseContext.cpp @@ -22,12 +22,14 @@ WebGLExtensionLoseContext::~WebGLExtensionLoseContext() void WebGLExtensionLoseContext::LoseContext() { + if (!mContext) return; mContext->LoseContext(); } void WebGLExtensionLoseContext::RestoreContext() { + if (!mContext) return; mContext->RestoreContext(); } diff --git a/dom/canvas/WebGLExtensionVertexArray.cpp b/dom/canvas/WebGLExtensionVertexArray.cpp index 0984582f5..39aa96801 100644 --- a/dom/canvas/WebGLExtensionVertexArray.cpp +++ b/dom/canvas/WebGLExtensionVertexArray.cpp @@ -25,7 +25,7 @@ WebGLExtensionVertexArray::~WebGLExtensionVertexArray() already_AddRefed<WebGLVertexArray> WebGLExtensionVertexArray::CreateVertexArrayOES() { - if (mIsLost) + if (mIsLost || !mContext) return nullptr; return mContext->CreateVertexArray(); @@ -34,7 +34,7 @@ WebGLExtensionVertexArray::CreateVertexArrayOES() void WebGLExtensionVertexArray::DeleteVertexArrayOES(WebGLVertexArray* array) { - if (mIsLost) + if (mIsLost || !mContext) return; mContext->DeleteVertexArray(array); @@ -43,7 +43,7 @@ WebGLExtensionVertexArray::DeleteVertexArrayOES(WebGLVertexArray* array) bool WebGLExtensionVertexArray::IsVertexArrayOES(const WebGLVertexArray* array) { - if (mIsLost) + if (mIsLost || !mContext) return false; return mContext->IsVertexArray(array); @@ -52,7 +52,7 @@ WebGLExtensionVertexArray::IsVertexArrayOES(const WebGLVertexArray* array) void WebGLExtensionVertexArray::BindVertexArrayOES(WebGLVertexArray* array) { - if (mIsLost) + if (mIsLost || !mContext) return; mContext->BindVertexArray(array); diff --git a/dom/canvas/WebGLObjectModel.h b/dom/canvas/WebGLObjectModel.h index b18b790c0..6371c7b03 100644 --- a/dom/canvas/WebGLObjectModel.h +++ b/dom/canvas/WebGLObjectModel.h @@ -6,8 +6,8 @@ #ifndef WEBGLOBJECTMODEL_H_ #define WEBGLOBJECTMODEL_H_ +#include "mozilla/WeakPtr.h" #include "nsCycleCollectionNoteChild.h" - #include "WebGLTypes.h" namespace mozilla { @@ -24,7 +24,7 @@ class WebGLContext; class WebGLContextBoundObject { public: - WebGLContext* const mContext; + const WeakPtr<WebGLContext> mContext; private: const uint32_t mContextGeneration; diff --git a/dom/canvas/WebGLRenderbuffer.cpp b/dom/canvas/WebGLRenderbuffer.cpp index ec076fdbb..32397dd1a 100644 --- a/dom/canvas/WebGLRenderbuffer.cpp +++ b/dom/canvas/WebGLRenderbuffer.cpp @@ -215,6 +215,16 @@ WebGLRenderbuffer::RenderbufferStorage(const char* funcName, uint32_t samples, if (error) { const char* errorName = mContext->ErrorName(error); mContext->GenerateWarning("%s generated error %s", funcName, errorName); + if (error == LOCAL_GL_OUT_OF_MEMORY) { + // Truncate. + mSamples = 0; + mFormat = nullptr; + mWidth = 0; + mHeight = 0; + mImageDataStatus = WebGLImageDataStatus::NoImageData; + + InvalidateStatusOfAttachedFBs(); + } return; } diff --git a/dom/canvas/WebGLTexture.cpp b/dom/canvas/WebGLTexture.cpp index 767ff610a..65bb71153 100644 --- a/dom/canvas/WebGLTexture.cpp +++ b/dom/canvas/WebGLTexture.cpp @@ -51,8 +51,6 @@ WebGLTexture::ImageInfo::Clear() WebGLTexture::ImageInfo& WebGLTexture::ImageInfo::operator =(const ImageInfo& a) { - MOZ_ASSERT(a.IsDefined()); - Mutable(mFormat) = a.mFormat; Mutable(mWidth) = a.mWidth; Mutable(mHeight) = a.mHeight; @@ -1216,6 +1214,12 @@ WebGLTexture::TexParameter(TexTarget texTarget, GLenum pname, const FloatOrInt& mContext->gl->fTexParameterf(texTarget.get(), pname, clamped.f); } +void WebGLTexture::Truncate() { + for (auto& cur : mImageInfoArr) { + SetImageInfo(&cur, ImageInfo()); + } +} + //////////////////////////////////////////////////////////////////////////////// NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE_0(WebGLTexture) diff --git a/dom/canvas/WebGLTexture.h b/dom/canvas/WebGLTexture.h index 66e781f23..8d3024590 100644 --- a/dom/canvas/WebGLTexture.h +++ b/dom/canvas/WebGLTexture.h @@ -386,6 +386,7 @@ public: bool* const out_initFailed); bool IsMipmapCubeComplete() const; + void Truncate(); bool IsCubeMap() const { return (mTarget == LOCAL_GL_TEXTURE_CUBE_MAP); } diff --git a/dom/canvas/WebGLTextureUpload.cpp b/dom/canvas/WebGLTextureUpload.cpp index 3839b5d5e..ae60d2a2b 100644 --- a/dom/canvas/WebGLTextureUpload.cpp +++ b/dom/canvas/WebGLTextureUpload.cpp @@ -1178,6 +1178,7 @@ WebGLTexture::TexStorage(const char* funcName, TexTarget target, GLsizei levels, if (error == LOCAL_GL_OUT_OF_MEMORY) { mContext->ErrorOutOfMemory("%s: Ran out of memory during texture allocation.", funcName); + Truncate(); return; } if (error) { @@ -1310,6 +1311,7 @@ WebGLTexture::TexImage(const char* funcName, TexImageTarget target, GLint level, if (glError == LOCAL_GL_OUT_OF_MEMORY) { mContext->ErrorOutOfMemory("%s: Driver ran out of memory during upload.", funcName); + Truncate(); return; } @@ -1398,6 +1400,7 @@ WebGLTexture::TexSubImage(const char* funcName, TexImageTarget target, GLint lev if (glError == LOCAL_GL_OUT_OF_MEMORY) { mContext->ErrorOutOfMemory("%s: Driver ran out of memory during upload.", funcName); + Truncate(); return; } @@ -1514,6 +1517,7 @@ WebGLTexture::CompressedTexImage(const char* funcName, TexImageTarget target, GL blob->mAvailBytes, blob->mPtr); if (error == LOCAL_GL_OUT_OF_MEMORY) { mContext->ErrorOutOfMemory("%s: Ran out of memory during upload.", funcName); + Truncate(); return; } if (error) { @@ -1664,6 +1668,7 @@ WebGLTexture::CompressedTexSubImage(const char* funcName, TexImageTarget target, blob->mAvailBytes, blob->mPtr); if (error == LOCAL_GL_OUT_OF_MEMORY) { mContext->ErrorOutOfMemory("%s: Ran out of memory during upload.", funcName); + Truncate(); return; } if (error) { @@ -1992,7 +1997,7 @@ WebGLTexture::ValidateCopyTexImageForFeedback(const char* funcName, uint32_t lev static bool DoCopyTexOrSubImage(WebGLContext* webgl, const char* funcName, bool isSubImage, - const WebGLTexture* tex, TexImageTarget target, GLint level, + WebGLTexture* tex, TexImageTarget target, GLint level, GLint xWithinSrc, GLint yWithinSrc, uint32_t srcTotalWidth, uint32_t srcTotalHeight, const webgl::FormatUsageInfo* srcUsage, @@ -2069,6 +2074,7 @@ DoCopyTexOrSubImage(WebGLContext* webgl, const char* funcName, bool isSubImage, if (error == LOCAL_GL_OUT_OF_MEMORY) { webgl->ErrorOutOfMemory("%s: Ran out of memory during texture copy.", funcName); + tex->Truncate(); return false; } diff --git a/dom/indexedDB/ActorsChild.cpp b/dom/indexedDB/ActorsChild.cpp index c4fcceb90..30dc9b6da 100644 --- a/dom/indexedDB/ActorsChild.cpp +++ b/dom/indexedDB/ActorsChild.cpp @@ -2385,9 +2385,14 @@ BackgroundVersionChangeTransactionChild::RecvComplete(const nsresult& aResult) database->Close(); } + RefPtr<IDBOpenDBRequest> request = mOpenDBRequest; + MOZ_ASSERT(request); + mTransaction->FireCompleteOrAbortEvents(aResult); - mOpenDBRequest->SetTransaction(nullptr); + request->SetTransaction(nullptr); + request = nullptr; + mOpenDBRequest = nullptr; NoteComplete(); diff --git a/dom/plugins/base/nsPluginStreamListenerPeer.cpp b/dom/plugins/base/nsPluginStreamListenerPeer.cpp index 665e11ec1..0476315d5 100644 --- a/dom/plugins/base/nsPluginStreamListenerPeer.cpp +++ b/dom/plugins/base/nsPluginStreamListenerPeer.cpp @@ -1381,7 +1381,7 @@ nsPluginStreamListenerPeer::AsyncOnChannelRedirect(nsIChannel *oldChannel, nsICh return NS_ERROR_FAILURE; } - // Don't allow cross-origin 307 POST redirects. + // Don't allow cross-origin 307/308 POST redirects. nsCOMPtr<nsIHttpChannel> oldHttpChannel(do_QueryInterface(oldChannel)); if (oldHttpChannel) { uint32_t responseStatus; @@ -1389,7 +1389,7 @@ nsPluginStreamListenerPeer::AsyncOnChannelRedirect(nsIChannel *oldChannel, nsICh if (NS_FAILED(rv)) { return rv; } - if (responseStatus == 307) { + if (responseStatus == 307 || responseStatus == 308) { nsAutoCString method; rv = oldHttpChannel->GetRequestMethod(method); if (NS_FAILED(rv)) { diff --git a/js/src/jit/arm64/Architecture-arm64.h b/js/src/jit/arm64/Architecture-arm64.h index e74340f13..bee212db7 100644 --- a/js/src/jit/arm64/Architecture-arm64.h +++ b/js/src/jit/arm64/Architecture-arm64.h @@ -299,10 +299,12 @@ static const uint32_t ION_FRAME_SLACK_SIZE = 24; static const uint32_t ShadowStackSpace = 0; -// TODO: -// This constant needs to be updated to account for whatever near/far branching -// strategy is used by ARM64. -static const uint32_t JumpImmediateRange = UINT32_MAX; +// When our only strategy for far jumps is to encode the offset directly, and +// not insert any jump islands during assembly for even further jumps, then the +// architecture restricts us to -2^27 .. 2^27-4, to fit into a signed 28-bit +// value. We further reduce this range to allow the far-jump inserting code to +// have some breathing room. +static const uint32_t JumpImmediateRange = ((1 << 27) - (20 * 1024 * 1024)); static const uint32_t ABIStackAlignment = 16; static const uint32_t CodeAlignment = 16; diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index 38c3ced91..cd4284a9e 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -1331,6 +1331,10 @@ pref("image.animation_mode", "normal"); // Same-origin policy for file URIs, "false" is traditional pref("security.fileuri.strict_origin_policy", true); +// Treat all file URIs as having a unique origin. +// Only has an effect if strict origin policy is true. +pref("security.fileuri.unique_origin", true); + // If this pref is true, prefs in the logging.config branch will be cleared on // startup. This is done so that setting a log-file and log-modules at runtime // doesn't persist across restarts leading to huge logfile and low disk space. diff --git a/netwerk/base/nsNetUtil.cpp b/netwerk/base/nsNetUtil.cpp index 653a9003e..2974e26b0 100644 --- a/netwerk/base/nsNetUtil.cpp +++ b/netwerk/base/nsNetUtil.cpp @@ -10,6 +10,7 @@ #include "mozilla/LoadContext.h" #include "mozilla/LoadInfo.h" #include "mozilla/BasePrincipal.h" +#include "mozilla/Preferences.h" #include "mozilla/Telemetry.h" #include "nsNetUtil.h" #include "nsNetUtilInlines.h" @@ -1821,33 +1822,40 @@ NS_RelaxStrictFileOriginPolicy(nsIURI *aTargetURI, return false; } - // - // If the file to be loaded is in a subdirectory of the source - // (or same-dir if source is not a directory) then it will - // inherit its source principal and be scriptable by that source. - // - bool sourceIsDir; - bool allowed = false; - nsresult rv = sourceFile->IsDirectory(&sourceIsDir); - if (NS_SUCCEEDED(rv) && sourceIsDir) { - rv = sourceFile->Contains(targetFile, &allowed); - } else { - nsCOMPtr<nsIFile> sourceParent; - rv = sourceFile->GetParent(getter_AddRefs(sourceParent)); - if (NS_SUCCEEDED(rv) && sourceParent) { - rv = sourceParent->Equals(targetFile, &allowed); - if (NS_FAILED(rv) || !allowed) { - rv = sourceParent->Contains(targetFile, &allowed); - } else { - MOZ_ASSERT(aAllowDirectoryTarget, - "sourceFile->Parent == targetFile, but targetFile " - "should've been disallowed if it is a directory"); + bool uniqueOrigin = true; + uniqueOrigin = Preferences::GetBool("security.fileuri.unique_origin"); + + // If treating all files as unique origins, we can skip this because + // it should always be refused. + if (!uniqueOrigin) { + // + // If the file to be loaded is in a subdirectory of the source + // (or same-dir if source is not a directory) then it will + // inherit its source principal and be scriptable by that source. + // + bool sourceIsDir; + bool allowed = false; + nsresult rv = sourceFile->IsDirectory(&sourceIsDir); + if (NS_SUCCEEDED(rv) && sourceIsDir) { + rv = sourceFile->Contains(targetFile, &allowed); + } else { + nsCOMPtr<nsIFile> sourceParent; + rv = sourceFile->GetParent(getter_AddRefs(sourceParent)); + if (NS_SUCCEEDED(rv) && sourceParent) { + rv = sourceParent->Equals(targetFile, &allowed); + if (NS_FAILED(rv) || !allowed) { + rv = sourceParent->Contains(targetFile, &allowed); + } else { + MOZ_ASSERT(aAllowDirectoryTarget, + "sourceFile->Parent == targetFile, but targetFile " + "should've been disallowed if it is a directory"); + } } } - } - if (NS_SUCCEEDED(rv) && allowed) { - return true; + if (NS_SUCCEEDED(rv) && allowed) { + return true; + } } return false; diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp index dff4ecbc0..7317240c2 100644 --- a/netwerk/base/nsStandardURL.cpp +++ b/netwerk/base/nsStandardURL.cpp @@ -575,7 +575,7 @@ nsStandardURL::ValidIPv6orHostname(const char *host, uint32_t length) } const char *end = host + length; - if (end != net_FindCharInSet(host, end, CONTROL_CHARACTERS " #/:?@[\\]*<>|\"")) { + if (end != net_FindCharInSet(host, end, CONTROL_CHARACTERS " #/:?@[\\]*<>|\"^")) { // We still allow % because it is in the ID of addons. // Any percent encoded ASCII characters that are not allowed in the // hostname are not percent decoded, and will be parsed just fine. diff --git a/netwerk/protocol/http/AlternateServices.cpp b/netwerk/protocol/http/AlternateServices.cpp index ee2fa9331..10bd61928 100644 --- a/netwerk/protocol/http/AlternateServices.cpp +++ b/netwerk/protocol/http/AlternateServices.cpp @@ -121,6 +121,11 @@ AltSvcMapping::ProcessHeader(const nsCString &buf, const nsCString &originScheme continue; } + if (NS_FAILED(NS_CheckPortSafety(portno, originScheme.get()))) { + LOG(("Alt Svc does not allow port %d, ignoring request", portno)); + continue; + } + // unescape modifies a c string in place, so afterwards // update nsCString length nsUnescape(npnToken.BeginWriting()); diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp index 28df405ad..d402b4104 100644 --- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp +++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp @@ -373,8 +373,12 @@ nsHttpConnectionMgr::VerifyTraffic() nsresult nsHttpConnectionMgr::DoShiftReloadConnectionCleanup(nsHttpConnectionInfo *aCI) { + RefPtr<nsHttpConnectionInfo> ci; + if (aCI) { + ci = aCI->Clone(); + } return PostEvent(&nsHttpConnectionMgr::OnMsgDoShiftReloadConnectionCleanup, - 0, aCI); + 0, ci); } class SpeculativeConnectArgs : public ARefBase @@ -504,9 +508,13 @@ nsHttpConnectionMgr::UpdateParam(nsParamName name, uint16_t value) } nsresult -nsHttpConnectionMgr::ProcessPendingQ(nsHttpConnectionInfo *ci) +nsHttpConnectionMgr::ProcessPendingQ(nsHttpConnectionInfo* aCI) { - LOG(("nsHttpConnectionMgr::ProcessPendingQ [ci=%s]\n", ci->HashKey().get())); + LOG(("nsHttpConnectionMgr::ProcessPendingQ [ci=%s]\n", aCI->HashKey().get())); + RefPtr<nsHttpConnectionInfo> ci; + if (aCI) { + ci = aCI->Clone(); + } return PostEvent(&nsHttpConnectionMgr::OnMsgProcessPendingQ, 0, ci); } diff --git a/netwerk/protocol/http/nsHttpHandler.h b/netwerk/protocol/http/nsHttpHandler.h index 67b9ebe0e..402147577 100644 --- a/netwerk/protocol/http/nsHttpHandler.h +++ b/netwerk/protocol/http/nsHttpHandler.h @@ -246,7 +246,8 @@ public: uint32_t caps = 0) { TickleWifi(callbacks); - return mConnMgr->SpeculativeConnect(ci, callbacks, caps); + RefPtr<nsHttpConnectionInfo> clone = ci->Clone(); + return mConnMgr->SpeculativeConnect(clone, callbacks, caps); } // Alternate Services Maps are main thread only diff --git a/parser/html/javasrc/Tokenizer.java b/parser/html/javasrc/Tokenizer.java index d9eaafeb3..70e1df75c 100644 --- a/parser/html/javasrc/Tokenizer.java +++ b/parser/html/javasrc/Tokenizer.java @@ -3850,12 +3850,9 @@ public class Tokenizer implements Locator { tokenHandler.characters( Tokenizer.LT_SOLIDUS, 0, 2); emitStrBuf(); - if (c == '\u0000') { - emitReplacementCharacter(buf, pos); - } else { - cstart = pos; // don't drop the - // character - } + cstart = pos; // don't drop the + // character + reconsume = true; state = transition(state, returnState, reconsume, pos); continue stateloop; } diff --git a/parser/html/nsHtml5Tokenizer.cpp b/parser/html/nsHtml5Tokenizer.cpp index a9db8d0c1..e70c081bf 100644 --- a/parser/html/nsHtml5Tokenizer.cpp +++ b/parser/html/nsHtml5Tokenizer.cpp @@ -2093,11 +2093,8 @@ nsHtml5Tokenizer::stateLoop(int32_t state, char16_t c, int32_t pos, char16_t* bu default: { tokenHandler->characters(nsHtml5Tokenizer::LT_SOLIDUS, 0, 2); emitStrBuf(); - if (c == '\0') { - emitReplacementCharacter(buf, pos); - } else { - cstart = pos; - } + cstart = pos; + reconsume = true; state = P::transition(mViewSource, returnState, reconsume, pos); NS_HTML5_CONTINUE(stateloop); } |