From 0e550f2fb90ada0b608bc1e1982b100291651806 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Wed, 2 May 2018 11:07:35 -0700 Subject: Refactor structured clone JSAPI to prevent mismatched scopes. Roll-up of bugs 1442722, 1455071, 1433642, 1456604 and 1458320. --- dom/base/nsFrameMessageManager.cpp | 5 +++-- dom/base/nsStructuredCloneContainer.cpp | 2 +- dom/broadcastchannel/BroadcastChannel.cpp | 4 ++-- dom/indexedDB/ActorsParent.cpp | 35 ++++++++++++------------------- dom/indexedDB/IDBObjectStore.cpp | 8 +++---- dom/indexedDB/IndexedDatabase.h | 4 ++++ dom/indexedDB/IndexedDatabaseInlines.h | 11 ++++++++-- dom/ipc/StructuredCloneData.cpp | 4 ++-- dom/ipc/StructuredCloneData.h | 23 ++++++++++---------- 9 files changed, 50 insertions(+), 46 deletions(-) (limited to 'dom') diff --git a/dom/base/nsFrameMessageManager.cpp b/dom/base/nsFrameMessageManager.cpp index 049bc0a1a..6fffd376b 100644 --- a/dom/base/nsFrameMessageManager.cpp +++ b/dom/base/nsFrameMessageManager.cpp @@ -271,10 +271,10 @@ BuildClonedMessageData(typename BlobTraits::ConcreteContentManagerType* ClonedMessageData& aClonedData) { SerializedStructuredCloneBuffer& buffer = aClonedData.data(); - auto iter = aData.Data().Iter(); + auto iter = aData.Data().Start(); size_t size = aData.Data().Size(); bool success; - buffer.data = aData.Data().Borrow(iter, size, &success); + buffer.data = aData.Data().Borrow(iter, size, &success); if (NS_WARN_IF(!success)) { return false; } @@ -1286,6 +1286,7 @@ nsFrameMessageManager::ReceiveMessage(nsISupports* aTarget, if (aRetVal) { ErrorResult rv; StructuredCloneData* data = aRetVal->AppendElement(); + data->InitScope(JS::StructuredCloneScope::DifferentProcess); data->Write(cx, rval, rv); if (NS_WARN_IF(rv.Failed())) { aRetVal->RemoveElementAt(aRetVal->Length() - 1); diff --git a/dom/base/nsStructuredCloneContainer.cpp b/dom/base/nsStructuredCloneContainer.cpp index 8c2cdc091..ea2d38bc8 100644 --- a/dom/base/nsStructuredCloneContainer.cpp +++ b/dom/base/nsStructuredCloneContainer.cpp @@ -137,7 +137,7 @@ nsStructuredCloneContainer::GetDataAsBase64(nsAString &aOut) return NS_ERROR_FAILURE; } - auto iter = Data().Iter(); + auto iter = Data().Start(); size_t size = Data().Size(); nsAutoCString binaryData; binaryData.SetLength(size); diff --git a/dom/broadcastchannel/BroadcastChannel.cpp b/dom/broadcastchannel/BroadcastChannel.cpp index c3c2d448b..874212db7 100644 --- a/dom/broadcastchannel/BroadcastChannel.cpp +++ b/dom/broadcastchannel/BroadcastChannel.cpp @@ -154,8 +154,8 @@ public: bool success; SerializedStructuredCloneBuffer& buffer = message.data(); - auto iter = mData->BufferData().Iter(); - buffer.data = mData->BufferData().Borrow(iter, mData->BufferData().Size(), &success); + auto iter = mData->BufferData().Start(); + buffer.data = mData->BufferData().Borrow(iter, mData->BufferData().Size(), &success); if (NS_WARN_IF(!success)) { return NS_OK; } diff --git a/dom/indexedDB/ActorsParent.cpp b/dom/indexedDB/ActorsParent.cpp index 4e1b9f7af..e6fe9e2a8 100644 --- a/dom/indexedDB/ActorsParent.cpp +++ b/dom/indexedDB/ActorsParent.cpp @@ -8440,12 +8440,12 @@ class ObjectStoreAddOrPutRequestOp::SCInputStream final : public nsIInputStream { const JSStructuredCloneData& mData; - JSStructuredCloneData::IterImpl mIter; + JSStructuredCloneData::Iterator mIter; public: explicit SCInputStream(const JSStructuredCloneData& aData) : mData(aData) - , mIter(aData.Iter()) + , mIter(aData.Start()) { } private: @@ -19687,7 +19687,7 @@ UpgradeFileIdsFunction::OnFunctionCall(mozIStorageValueArray* aArguments, return NS_ERROR_UNEXPECTED; } - StructuredCloneReadInfo cloneInfo; + StructuredCloneReadInfo cloneInfo(JS::StructuredCloneScope::DifferentProcess); DatabaseOperationBase::GetStructuredCloneReadInfoFromValueArray(aArguments, 1, 0, @@ -19892,7 +19892,7 @@ DatabaseOperationBase::GetStructuredCloneReadInfoFromBlob( return NS_ERROR_FILE_CORRUPTED; } - if (!aInfo->mData.WriteBytes(uncompressedBuffer, uncompressed.Length())) { + if (!aInfo->mData.AppendBytes(uncompressedBuffer, uncompressed.Length())) { return NS_ERROR_OUT_OF_MEMORY; } @@ -19978,7 +19978,7 @@ DatabaseOperationBase::GetStructuredCloneReadInfoFromExternalBlob( break; } - if (NS_WARN_IF(!aInfo->mData.WriteBytes(buffer, numRead))) { + if (NS_WARN_IF(!aInfo->mData.AppendBytes(buffer, numRead))) { rv = NS_ERROR_OUT_OF_MEMORY; break; } @@ -25337,7 +25337,7 @@ UpdateIndexDataValuesFunction::OnFunctionCall(mozIStorageValueArray* aValues, } #endif - StructuredCloneReadInfo cloneInfo; + StructuredCloneReadInfo cloneInfo(JS::StructuredCloneScope::DifferentProcess); nsresult rv = GetStructuredCloneReadInfoFromValueArray(aValues, /* aDataIndex */ 3, @@ -26546,18 +26546,9 @@ ObjectStoreAddOrPutRequestOp::DoDatabaseWork(DatabaseConnection* aConnection) char keyPropBuffer[keyPropSize]; LittleEndian::writeUint64(keyPropBuffer, keyPropValue); - auto iter = cloneData.Iter(); - DebugOnly result = - iter.AdvanceAcrossSegments(cloneData, cloneInfo.offsetToKeyProp()); - MOZ_ASSERT(result); - - for (uint32_t index = 0; index < keyPropSize; index++) { - char* keyPropPointer = iter.Data(); - *keyPropPointer = keyPropBuffer[index]; - - result = iter.AdvanceAcrossSegments(cloneData, 1); - MOZ_ASSERT(result); - } + auto iter = cloneData.Start(); + MOZ_ALWAYS_TRUE(cloneData.Advance(iter, cloneInfo.offsetToKeyProp())); + MOZ_ALWAYS_TRUE(cloneData.UpdateBytes(iter, keyPropBuffer, keyPropSize)); } } @@ -26583,7 +26574,7 @@ ObjectStoreAddOrPutRequestOp::DoDatabaseWork(DatabaseConnection* aConnection) } else { nsCString flatCloneData; flatCloneData.SetLength(cloneDataSize); - auto iter = cloneData.Iter(); + auto iter = cloneData.Start(); cloneData.ReadBytes(iter, flatCloneData.BeginWriting(), cloneDataSize); // Compress the bytes before adding into the database. @@ -26840,7 +26831,7 @@ SCInputStream::ReadSegments(nsWriteSegmentFun aWriter, *_retval += count; aCount -= count; - mIter.Advance(mData, count); + mData.Advance(mIter, count); } return NS_OK; @@ -28029,7 +28020,7 @@ CursorOpBase::PopulateResponseFromStatement( switch (mCursor->mType) { case OpenCursorParams::TObjectStoreOpenCursorParams: { - StructuredCloneReadInfo cloneInfo; + StructuredCloneReadInfo cloneInfo(JS::StructuredCloneScope::DifferentProcess); rv = GetStructuredCloneReadInfoFromStatement(aStmt, 2, 1, @@ -28077,7 +28068,7 @@ CursorOpBase::PopulateResponseFromStatement( return rv; } - StructuredCloneReadInfo cloneInfo; + StructuredCloneReadInfo cloneInfo(JS::StructuredCloneScope::DifferentProcess); rv = GetStructuredCloneReadInfoFromStatement(aStmt, 4, 3, diff --git a/dom/indexedDB/IDBObjectStore.cpp b/dom/indexedDB/IDBObjectStore.cpp index a6d6c5f06..8a0b292ad 100644 --- a/dom/indexedDB/IDBObjectStore.cpp +++ b/dom/indexedDB/IDBObjectStore.cpp @@ -67,7 +67,7 @@ struct IDBObjectStore::StructuredCloneWriteInfo uint64_t mOffsetToKeyProp; explicit StructuredCloneWriteInfo(IDBDatabase* aDatabase) - : mCloneBuffer(JS::StructuredCloneScope::SameProcessSameThread, nullptr, + : mCloneBuffer(JS::StructuredCloneScope::DifferentProcessForIndexedDB, nullptr, nullptr) , mDatabase(aDatabase) , mOffsetToKeyProp(0) @@ -1216,7 +1216,7 @@ IDBObjectStore::DeserializeValue(JSContext* aCx, // FIXME: Consider to use StructuredCloneHolder here and in other // deserializing methods. if (!JS_ReadStructuredClone(aCx, aCloneReadInfo.mData, JS_STRUCTURED_CLONE_VERSION, - JS::StructuredCloneScope::SameProcessSameThread, + JS::StructuredCloneScope::DifferentProcessForIndexedDB, aValue, &callbacks, &aCloneReadInfo)) { return false; } @@ -1249,7 +1249,7 @@ IDBObjectStore::DeserializeIndexValue(JSContext* aCx, }; if (!JS_ReadStructuredClone(aCx, aCloneReadInfo.mData, JS_STRUCTURED_CLONE_VERSION, - JS::StructuredCloneScope::SameProcessSameThread, + JS::StructuredCloneScope::DifferentProcessForIndexedDB, aValue, &callbacks, &aCloneReadInfo)) { return false; } @@ -1285,7 +1285,7 @@ IDBObjectStore::DeserializeUpgradeValue(JSContext* aCx, }; if (!JS_ReadStructuredClone(aCx, aCloneReadInfo.mData, JS_STRUCTURED_CLONE_VERSION, - JS::StructuredCloneScope::SameProcessSameThread, + JS::StructuredCloneScope::DifferentProcessForIndexedDB, aValue, &callbacks, &aCloneReadInfo)) { return false; } diff --git a/dom/indexedDB/IndexedDatabase.h b/dom/indexedDB/IndexedDatabase.h index b0c4cb877..b3c6ab725 100644 --- a/dom/indexedDB/IndexedDatabase.h +++ b/dom/indexedDB/IndexedDatabase.h @@ -64,6 +64,10 @@ struct StructuredCloneReadInfo IDBDatabase* mDatabase; bool mHasPreprocessInfo; + // In IndexedDatabaseInlines.h + inline explicit + StructuredCloneReadInfo(JS::StructuredCloneScope aScope); + // In IndexedDatabaseInlines.h inline StructuredCloneReadInfo(); diff --git a/dom/indexedDB/IndexedDatabaseInlines.h b/dom/indexedDB/IndexedDatabaseInlines.h index 830c2f110..8c34a81dd 100644 --- a/dom/indexedDB/IndexedDatabaseInlines.h +++ b/dom/indexedDB/IndexedDatabaseInlines.h @@ -45,13 +45,20 @@ StructuredCloneFile::operator==(const StructuredCloneFile& aOther) const } inline -StructuredCloneReadInfo::StructuredCloneReadInfo() - : mDatabase(nullptr) +StructuredCloneReadInfo::StructuredCloneReadInfo(JS::StructuredCloneScope aScope) + : mData(aScope) + , mDatabase(nullptr) , mHasPreprocessInfo(false) { MOZ_COUNT_CTOR(StructuredCloneReadInfo); } +inline +StructuredCloneReadInfo::StructuredCloneReadInfo() + : StructuredCloneReadInfo(JS::StructuredCloneScope::DifferentProcessForIndexedDB) +{ +} + inline StructuredCloneReadInfo::StructuredCloneReadInfo( StructuredCloneReadInfo&& aCloneReadInfo) diff --git a/dom/ipc/StructuredCloneData.cpp b/dom/ipc/StructuredCloneData.cpp index 98f56904f..2c1fff2ac 100644 --- a/dom/ipc/StructuredCloneData.cpp +++ b/dom/ipc/StructuredCloneData.cpp @@ -88,7 +88,7 @@ StructuredCloneData::Write(JSContext* aCx, return; } - JSStructuredCloneData data; + JSStructuredCloneData data(mBuffer->scope()); mBuffer->abandon(); mBuffer->steal(&data); mBuffer = nullptr; @@ -107,7 +107,7 @@ StructuredCloneData::ReadIPCParams(const IPC::Message* aMsg, PickleIterator* aIter) { MOZ_ASSERT(!mInitialized); - JSStructuredCloneData data; + JSStructuredCloneData data(JS::StructuredCloneScope::DifferentProcess); if (!ReadParam(aMsg, aIter, &data)) { return false; } diff --git a/dom/ipc/StructuredCloneData.h b/dom/ipc/StructuredCloneData.h index 9e427e938..64cfd1935 100644 --- a/dom/ipc/StructuredCloneData.h +++ b/dom/ipc/StructuredCloneData.h @@ -31,8 +31,8 @@ public: static already_AddRefed CreateFromExternalData(const char* aData, size_t aDataLength) { - JSStructuredCloneData buf; - buf.WriteBytes(aData, aDataLength); + JSStructuredCloneData buf(JS::StructuredCloneScope::DifferentProcess); + buf.AppendBytes(aData, aDataLength); RefPtr sharedData = new SharedJSAllocatedData(Move(buf)); return sharedData.forget(); @@ -41,12 +41,8 @@ public: static already_AddRefed CreateFromExternalData(const JSStructuredCloneData& aData) { - JSStructuredCloneData buf; - auto iter = aData.Iter(); - while (!iter.Done()) { - buf.WriteBytes(iter.Data(), iter.RemainingInSegment()); - iter.Advance(aData, iter.RemainingInSegment()); - } + JSStructuredCloneData buf(aData.scope()); + buf.Append(aData); RefPtr sharedData = new SharedJSAllocatedData(Move(buf)); return sharedData.forget(); @@ -70,6 +66,7 @@ public: : StructuredCloneHolder(StructuredCloneHolder::CloningSupported, StructuredCloneHolder::TransferringSupported, StructuredCloneHolder::StructuredCloneScope::DifferentProcess) + , mExternalData(StructuredCloneHolder::StructuredCloneScope::DifferentProcess) , mInitialized(false) {} @@ -113,10 +110,9 @@ public: bool UseExternalData(const JSStructuredCloneData& aData) { - auto iter = aData.Iter(); + auto iter = aData.Start(); bool success = false; - mExternalData = - aData.Borrow(iter, aData.Size(), &success); + mExternalData = aData.Borrow(iter, aData.Size(), &success); mInitialized = true; return success; } @@ -133,6 +129,11 @@ public: return mSharedData ? mSharedData->Data() : mExternalData; } + void InitScope(JS::StructuredCloneScope aScope) + { + Data().initScope(aScope); + } + size_t DataLength() const { return mSharedData ? mSharedData->DataLength() : mExternalData.Size(); -- cgit v1.2.3