diff --git a/dom/bindings/FakeString.h b/dom/bindings/FakeString.h index 49a538c7390a..cb2db3dd61cd 100644 --- a/dom/bindings/FakeString.h +++ b/dom/bindings/FakeString.h @@ -23,7 +23,7 @@ namespace mozilla::dom::binding_detail { // or point at the buffer of an nsAString whose lifetime is longer than that of // the FakeString. template -struct FakeString { +struct MOZ_GSL_OWNER FakeString { using char_type = CharT; using string_type = nsTString; using size_type = typename string_type::size_type; diff --git a/mfbt/Array.h b/mfbt/Array.h index 677a6ba3259e..abdcf67fb586 100644 --- a/mfbt/Array.h +++ b/mfbt/Array.h @@ -22,7 +22,7 @@ namespace mozilla { template -class Array { +class MOZ_GSL_OWNER Array { T mArr[_Length]; public: @@ -39,14 +39,14 @@ class Array { "parameter Length"); } - constexpr T& operator[](size_t aIndex) { + constexpr T& operator[](size_t aIndex) MOZ_LIFETIME_BOUND { if (MOZ_UNLIKELY(aIndex >= Length)) { detail::InvalidArrayIndex_CRASH(aIndex, Length); } return mArr[aIndex]; } - constexpr const T& operator[](size_t aIndex) const { + constexpr const T& operator[](size_t aIndex) const MOZ_LIFETIME_BOUND { if (MOZ_UNLIKELY(aIndex >= Length)) { detail::InvalidArrayIndex_CRASH(aIndex, Length); } diff --git a/mfbt/Attributes.h b/mfbt/Attributes.h index 71fd8dc26626..a948a97d9646 100644 --- a/mfbt/Attributes.h +++ b/mfbt/Attributes.h @@ -451,6 +451,39 @@ # define MOZ_NO_STACK_PROTECTOR /* no support */ #endif +/** + * MOZ_GSL_OWNER indicates that objects of the type this annotation is attached + * to own some kind of resources, generally memory. + * + * See: https://clang.llvm.org/docs/AttributeReference.html#owner + */ +#if defined(__clang__) && defined(__has_cpp_attribute) +# if __has_cpp_attribute(gsl::Owner) +# define MOZ_GSL_OWNER [[gsl::Owner]] +# else +# define MOZ_GSL_OWNER /* nothing */ +# endif +#else +# define MOZ_GSL_OWNER /* nothing */ +#endif + +/** + * MOZ_GSL_POINTER indicates that objects of the type this annotation is + * attached to provide a non-owning view on some kind of resources, generally + * memory. + * + * See: https://clang.llvm.org/docs/AttributeReference.html#pointer + */ +#if defined(__clang__) && defined(__has_cpp_attribute) +# if __has_cpp_attribute(gsl::Pointer) +# define MOZ_GSL_POINTER [[gsl::Pointer]] +# else +# define MOZ_GSL_POINTER /* nothing */ +# endif +#else +# define MOZ_GSL_POINTER /* nothing */ +#endif + /** * MOZ_LIFETIME_BOUND indicates that objects that are referred to by that * parameter may also be referred to by the return value of the annotated diff --git a/mfbt/JSONWriter.h b/mfbt/JSONWriter.h index f779ee983789..7e37e3ce6ad1 100644 --- a/mfbt/JSONWriter.h +++ b/mfbt/JSONWriter.h @@ -250,8 +250,8 @@ class JSONWriter { static constexpr Span scTopObjectEndString = MakeStringSpan("}"); static constexpr Span scTrueString = MakeStringSpan("true"); - JSONWriteFunc& mWriter; const UniquePtr mMaybeOwnedWriter; + JSONWriteFunc& mWriter; Vector mNeedComma; // do we need a comma at depth N? Vector mNeedNewlines; // do we need newlines at depth N? size_t mDepth; // the current nesting depth @@ -352,8 +352,8 @@ class JSONWriter { explicit JSONWriter(UniquePtr aWriter, CollectionStyle aStyle = MultiLineStyle) - : mWriter(*aWriter), - mMaybeOwnedWriter(std::move(aWriter)), + : mMaybeOwnedWriter(std::move(aWriter)), + mWriter(*mMaybeOwnedWriter), mNeedComma(), mNeedNewlines(), mDepth(0) { @@ -365,7 +365,7 @@ class JSONWriter { // Returns the JSONWriteFunc passed in at creation, for temporary use. The // JSONWriter object still owns the JSONWriteFunc. - JSONWriteFunc& WriteFunc() const { return mWriter; } + JSONWriteFunc& WriteFunc() const MOZ_LIFETIME_BOUND { return mWriter; } // For all the following functions, the "Prints:" comment indicates what the // basic output looks like. However, it doesn't indicate the whitespace and diff --git a/mfbt/Maybe.h b/mfbt/Maybe.h index fa7107c7926a..c2c2b5df609b 100644 --- a/mfbt/Maybe.h +++ b/mfbt/Maybe.h @@ -360,7 +360,7 @@ constexpr Maybe Some(T&& aValue); * functions |Some()| and |Nothing()|. */ template -class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS Maybe +class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS MOZ_GSL_OWNER Maybe : private detail::MaybeStorage, public detail::Maybe_CopyMove_Enabler { template @@ -575,23 +575,24 @@ class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS Maybe constexpr const T* operator->() const; /* Returns the contents of this Maybe by ref. Unsafe unless |isSome()|. */ - constexpr T& ref() &; - constexpr const T& ref() const&; - constexpr T&& ref() &&; - constexpr const T&& ref() const&&; + constexpr T& ref() & MOZ_LIFETIME_BOUND; + constexpr const T& ref() const& MOZ_LIFETIME_BOUND; + constexpr T&& ref() && MOZ_LIFETIME_BOUND; + constexpr const T&& ref() const&& MOZ_LIFETIME_BOUND; /* * Returns the contents of this Maybe by ref. If |isNothing()|, returns * the default value provided. */ - constexpr T& refOr(T& aDefault) { + constexpr T& refOr(T& aDefault MOZ_LIFETIME_BOUND) MOZ_LIFETIME_BOUND { if (isSome()) { return ref(); } return aDefault; } - constexpr const T& refOr(const T& aDefault) const { + constexpr const T& refOr(const T& aDefault MOZ_LIFETIME_BOUND) const + MOZ_LIFETIME_BOUND { if (isSome()) { return ref(); } @@ -618,10 +619,10 @@ class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS Maybe return aFunc(); } - constexpr T& operator*() &; - constexpr const T& operator*() const&; - constexpr T&& operator*() &&; - constexpr const T&& operator*() const&&; + constexpr T& operator*() & MOZ_LIFETIME_BOUND; + constexpr const T& operator*() const& MOZ_LIFETIME_BOUND; + constexpr T&& operator*() && MOZ_LIFETIME_BOUND; + constexpr const T&& operator*() const&& MOZ_LIFETIME_BOUND; /* If |isSome()|, runs the provided function or functor on the contents of * this Maybe. */ diff --git a/mfbt/Span.h b/mfbt/Span.h index ca754f3810fd..132349bf7e46 100644 --- a/mfbt/Span.h +++ b/mfbt/Span.h @@ -365,7 +365,7 @@ class extent_type { * Subspan etc. */ template -class Span { +class MOZ_GSL_POINTER Span { public: // constants and types using element_type = ElementType; @@ -405,12 +405,14 @@ class Span { /** * Constructor for pointer and length. */ - constexpr Span(pointer aPtr, index_type aLength) : storage_(aPtr, aLength) {} + constexpr Span(pointer aPtr MOZ_LIFETIME_BOUND, index_type aLength) + : storage_(aPtr, aLength) {} /** * Constructor for start pointer and pointer past end. */ - constexpr Span(pointer aStartPtr, pointer aEndPtr) + constexpr Span(pointer aStartPtr MOZ_LIFETIME_BOUND, + pointer aEndPtr MOZ_LIFETIME_BOUND) : storage_(aStartPtr, std::distance(aStartPtr, aEndPtr)) {} /** @@ -438,7 +440,7 @@ class Span { * Constructor for C array. */ template - constexpr MOZ_IMPLICIT Span(element_type (&aArr)[N]) + constexpr MOZ_IMPLICIT Span(element_type (&aArr MOZ_LIFETIME_BOUND)[N]) : storage_(&aArr[0], span_details::extent_type()) {} // Implicit constructors for char* and char16_t* pointers are deleted in order @@ -463,7 +465,8 @@ class Span { */ template > - constexpr MOZ_IMPLICIT Span(std::array& aArr) + constexpr MOZ_IMPLICIT Span( + std::array& aArr MOZ_LIFETIME_BOUND) : storage_(&aArr[0], span_details::extent_type()) {} /** @@ -471,7 +474,8 @@ class Span { */ template constexpr MOZ_IMPLICIT Span( - const std::array, N>& aArr) + const std::array, N>& aArr + MOZ_LIFETIME_BOUND) : storage_(&aArr[0], span_details::extent_type()) {} /** @@ -479,7 +483,8 @@ class Span { */ template > - constexpr MOZ_IMPLICIT Span(mozilla::Array& aArr) + constexpr MOZ_IMPLICIT Span( + mozilla::Array& aArr MOZ_LIFETIME_BOUND) : storage_(&aArr[0], span_details::extent_type()) {} /** @@ -487,7 +492,8 @@ class Span { */ template constexpr MOZ_IMPLICIT Span( - const mozilla::Array, N>& aArr) + const mozilla::Array, N>& aArr + MOZ_LIFETIME_BOUND) : storage_(&aArr[0], span_details::extent_type()) {} /** @@ -496,15 +502,17 @@ class Span { template > constexpr MOZ_IMPLICIT Span( - mozilla::EnumeratedArray& aArr) + mozilla::EnumeratedArray& aArr + MOZ_LIFETIME_BOUND) : storage_(&aArr[Enum(0)], span_details::extent_type()) {} /** * Constructor for const mozilla::EnumeratedArray. */ template - constexpr MOZ_IMPLICIT Span(const mozilla::EnumeratedArray< - Enum, std::remove_const_t, N>& aArr) + constexpr MOZ_IMPLICIT Span( + const mozilla::EnumeratedArray, + N>& aArr MOZ_LIFETIME_BOUND) : storage_(&aArr[Enum(0)], span_details::extent_type()) {} /** @@ -512,7 +520,8 @@ class Span { */ template , class DeleterType> - constexpr Span(const mozilla::UniquePtr& aPtr, + constexpr Span(const mozilla::UniquePtr& aPtr + MOZ_LIFETIME_BOUND, index_type aLength) : storage_(aPtr.get(), aLength) {} diff --git a/mfbt/UniquePtr.h b/mfbt/UniquePtr.h index 9b51e58db318..b7b415203663 100644 --- a/mfbt/UniquePtr.h +++ b/mfbt/UniquePtr.h @@ -187,7 +187,7 @@ struct PointerType { * |UniquePtr&&| argument. */ template -class UniquePtr { +class MOZ_GSL_OWNER UniquePtr { public: typedef T ElementType; typedef D DeleterType; @@ -214,12 +214,13 @@ class UniquePtr { /** * Construct a UniquePtr containing |aPtr|. */ - explicit UniquePtr(Pointer aPtr) : mTuple(aPtr, DeleterType()) { + explicit UniquePtr(Pointer aPtr MOZ_LIFETIME_BOUND) + : mTuple(aPtr, DeleterType()) { static_assert(!std::is_pointer_v, "must provide a deleter instance"); static_assert(!std::is_reference_v, "must provide a deleter instance"); } - UniquePtr(Pointer aPtr, + UniquePtr(Pointer aPtr MOZ_LIFETIME_BOUND, std::conditional_t, D, const D&> aD1) : mTuple(aPtr, aD1) {} @@ -273,21 +274,21 @@ class UniquePtr { return *this; } - std::add_lvalue_reference_t operator*() const { + std::add_lvalue_reference_t operator*() const MOZ_LIFETIME_BOUND { MOZ_ASSERT(get(), "dereferencing a UniquePtr containing nullptr with *"); return *get(); } - Pointer operator->() const { + Pointer operator->() const MOZ_LIFETIME_BOUND { MOZ_ASSERT(get(), "dereferencing a UniquePtr containing nullptr with ->"); return get(); } explicit operator bool() const { return get() != nullptr; } - Pointer get() const { return ptr(); } + Pointer get() const MOZ_LIFETIME_BOUND { return ptr(); } - DeleterType& get_deleter() { return del(); } - const DeleterType& get_deleter() const { return del(); } + DeleterType& get_deleter() MOZ_LIFETIME_BOUND { return del(); } + const DeleterType& get_deleter() const MOZ_LIFETIME_BOUND { return del(); } [[nodiscard]] Pointer release() { Pointer p = ptr(); diff --git a/mfbt/Variant.h b/mfbt/Variant.h index d1db3a2cc925..848499f81d95 100644 --- a/mfbt/Variant.h +++ b/mfbt/Variant.h @@ -567,7 +567,8 @@ struct VariantIndex { * instead. */ template -class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS MOZ_NON_PARAM Variant { +class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS +MOZ_NON_PARAM MOZ_GSL_OWNER Variant { friend struct IPC::ParamTraits>; friend struct mozilla::ipc::IPDLParamTraits>; @@ -739,7 +740,7 @@ class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS MOZ_NON_PARAM Variant { /** Mutable lvalue-reference. */ template - T& as() & { + T& as() & MOZ_LIFETIME_BOUND { static_assert( detail::SelectVariantType::count == 1, "provided a type not uniquely found in this Variant's type list"); @@ -748,7 +749,7 @@ class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS MOZ_NON_PARAM Variant { } template - typename detail::Nth::Type& as() & { + typename detail::Nth::Type& as() & MOZ_LIFETIME_BOUND { static_assert(N < sizeof...(Ts), "provided an index outside of this Variant's type list"); MOZ_RELEASE_ASSERT(is()); @@ -757,7 +758,7 @@ class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS MOZ_NON_PARAM Variant { /** Immutable const lvalue-reference. */ template - const T& as() const& { + const T& as() const& MOZ_LIFETIME_BOUND { static_assert(detail::SelectVariantType::count == 1, "provided a type not found in this Variant's type list"); MOZ_RELEASE_ASSERT(is()); @@ -765,7 +766,7 @@ class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS MOZ_NON_PARAM Variant { } template - const typename detail::Nth::Type& as() const& { + const typename detail::Nth::Type& as() const& MOZ_LIFETIME_BOUND { static_assert(N < sizeof...(Ts), "provided an index outside of this Variant's type list"); MOZ_RELEASE_ASSERT(is()); @@ -774,7 +775,7 @@ class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS MOZ_NON_PARAM Variant { /** Mutable rvalue-reference. */ template - T&& as() && { + T&& as() && MOZ_LIFETIME_BOUND { static_assert( detail::SelectVariantType::count == 1, "provided a type not uniquely found in this Variant's type list"); @@ -783,7 +784,7 @@ class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS MOZ_NON_PARAM Variant { } template - typename detail::Nth::Type&& as() && { + typename detail::Nth::Type&& as() && MOZ_LIFETIME_BOUND { static_assert(N < sizeof...(Ts), "provided an index outside of this Variant's type list"); MOZ_RELEASE_ASSERT(is()); @@ -793,7 +794,7 @@ class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS MOZ_NON_PARAM Variant { /** Immutable const rvalue-reference. */ template - const T&& as() const&& { + const T&& as() const&& MOZ_LIFETIME_BOUND { static_assert(detail::SelectVariantType::count == 1, "provided a type not found in this Variant's type list"); MOZ_RELEASE_ASSERT(is()); @@ -801,7 +802,7 @@ class MOZ_INHERIT_TYPE_ANNOTATIONS_FROM_TEMPLATE_ARGS MOZ_NON_PARAM Variant { } template - const typename detail::Nth::Type&& as() const&& { + const typename detail::Nth::Type&& as() const&& MOZ_LIFETIME_BOUND { static_assert(N < sizeof...(Ts), "provided an index outside of this Variant's type list"); MOZ_RELEASE_ASSERT(is()); diff --git a/mfbt/Vector.h b/mfbt/Vector.h index 380e27254867..84e5845de66d 100644 --- a/mfbt/Vector.h +++ b/mfbt/Vector.h @@ -339,7 +339,7 @@ struct VectorTesting; */ template -class MOZ_NON_PARAM Vector final : private AllocPolicy { +class MOZ_NON_PARAM MOZ_GSL_OWNER Vector final : private AllocPolicy { /* utilities */ static constexpr bool kElemIsPod = std::is_trivial_v && std::is_standard_layout_v; diff --git a/xpcom/ds/nsTArray.h b/xpcom/ds/nsTArray.h index ebf949edbb70..e0f156b0c3c5 100644 --- a/xpcom/ds/nsTArray.h +++ b/xpcom/ds/nsTArray.h @@ -2742,7 +2742,8 @@ inline void ImplCycleCollectionIndexedContainer(nsTArray_Impl& aField, // file for more details. // template -class nsTArray : public nsTArray_Impl { +class MOZ_GSL_OWNER nsTArray + : public nsTArray_Impl { public: using InfallibleAlloc = nsTArrayInfallibleAllocator; using base_type = nsTArray_Impl; @@ -2963,7 +2964,7 @@ class nsTArray : public nsTArray_Impl { }; template -class CopyableTArray : public nsTArray { +class MOZ_GSL_OWNER CopyableTArray : public nsTArray { public: using nsTArray::nsTArray; @@ -3007,7 +3008,8 @@ class CopyableTArray : public nsTArray { // FallibleTArray is a fallible vector class. // template -class FallibleTArray : public nsTArray_Impl { +class MOZ_GSL_OWNER FallibleTArray + : public nsTArray_Impl { public: typedef nsTArray_Impl base_type; typedef FallibleTArray self_type; @@ -3040,7 +3042,7 @@ class FallibleTArray : public nsTArray_Impl { // Storing more than N elements is fine, but it will cause a heap allocation. // template -class MOZ_NON_MEMMOVABLE AutoTArray : public nsTArray { +class MOZ_NON_MEMMOVABLE MOZ_GSL_OWNER AutoTArray : public nsTArray { static_assert(N != 0, "AutoTArray should be specialized"); public: diff --git a/xpcom/string/nsString.h b/xpcom/string/nsString.h index b4d49402fd42..61ab93c985e9 100644 --- a/xpcom/string/nsString.h +++ b/xpcom/string/nsString.h @@ -38,7 +38,7 @@ static_assert(sizeof(nsTLiteralString) == sizeof(nsTString), /** * A helper class that converts a UTF-16 string to ASCII in a lossy manner */ -class NS_LossyConvertUTF16toASCII : public nsAutoCString { +class MOZ_GSL_OWNER NS_LossyConvertUTF16toASCII : public nsAutoCString { public: explicit NS_LossyConvertUTF16toASCII(const char16ptr_t aString) { LossyAppendUTF16toASCII(mozilla::MakeStringSpan(aString), *this); diff --git a/xpcom/string/nsTDependentString.h b/xpcom/string/nsTDependentString.h index fdd8529e865f..0c0efd432a05 100644 --- a/xpcom/string/nsTDependentString.h +++ b/xpcom/string/nsTDependentString.h @@ -21,7 +21,7 @@ * duration of its use. */ template -class nsTDependentString : public nsTString { +class MOZ_GSL_POINTER nsTDependentString : public nsTString { public: typedef nsTDependentString self_type; typedef nsTString base_string_type; @@ -57,9 +57,11 @@ class nsTDependentString : public nsTString { * constructors */ - nsTDependentString(const char_type* aStart, const char_type* aEnd); + nsTDependentString(const char_type* aStart MOZ_LIFETIME_BOUND, + const char_type* aEnd MOZ_LIFETIME_BOUND); - nsTDependentString(const char_type* aData, size_type aLength) + nsTDependentString(const char_type* aData MOZ_LIFETIME_BOUND, + size_type aLength) : string_type(const_cast(aData), aLength, DataFlags::TERMINATED, ClassFlags(0)) { this->AssertValidDependentString(); @@ -67,11 +69,11 @@ class nsTDependentString : public nsTString { #if defined(MOZ_USE_CHAR16_WRAPPER) template > - nsTDependentString(char16ptr_t aData, size_type aLength) + nsTDependentString(char16ptr_t aData MOZ_LIFETIME_BOUND, size_type aLength) : nsTDependentString(static_cast(aData), aLength) {} #endif - explicit nsTDependentString(const char_type* aData) + explicit nsTDependentString(const char_type* aData MOZ_LIFETIME_BOUND) : string_type(const_cast(aData), char_traits::length(aData), DataFlags::TERMINATED, ClassFlags(0)) { string_type::AssertValidDependentString(); @@ -79,11 +81,12 @@ class nsTDependentString : public nsTString { #if defined(MOZ_USE_CHAR16_WRAPPER) template > - explicit nsTDependentString(char16ptr_t aData) + explicit nsTDependentString(char16ptr_t aData MOZ_LIFETIME_BOUND) : nsTDependentString(static_cast(aData)) {} #endif - nsTDependentString(const string_type& aStr, index_type aStartPos) + nsTDependentString(const string_type& aStr MOZ_LIFETIME_BOUND, + index_type aStartPos) : string_type() { Rebind(aStr, aStartPos); } @@ -107,11 +110,12 @@ class nsTDependentString : public nsTString { */ using nsTString::Rebind; - void Rebind(const char_type* aData) { + void Rebind(const char_type* aData MOZ_LIFETIME_BOUND) { Rebind(aData, char_traits::length(aData)); } - void Rebind(const char_type* aStart, const char_type* aEnd); + void Rebind(const char_type* aStart MOZ_LIFETIME_BOUND, + const char_type* aEnd MOZ_LIFETIME_BOUND); void Rebind(const string_type&, index_type aStartPos); private: diff --git a/xpcom/string/nsTDependentSubstring.h b/xpcom/string/nsTDependentSubstring.h index 221a145d65f1..010db0e0ff59 100644 --- a/xpcom/string/nsTDependentSubstring.h +++ b/xpcom/string/nsTDependentSubstring.h @@ -24,7 +24,7 @@ * nsDependentCSubstring for narrow characters */ template -class nsTDependentSubstring : public nsTSubstring { +class MOZ_GSL_POINTER nsTDependentSubstring : public nsTSubstring { public: typedef nsTDependentSubstring self_type; typedef nsTSubstring substring_type; @@ -67,26 +67,30 @@ class nsTDependentSubstring : public nsTSubstring { Rebind(aStr, aStartPos, aLength); } - nsTDependentSubstring(const char_type* aData, size_type aLength) + nsTDependentSubstring(const char_type* aData MOZ_LIFETIME_BOUND, + size_type aLength) : substring_type(const_cast(aData), aLength, DataFlags(0), ClassFlags(0)) {} - explicit nsTDependentSubstring(mozilla::Span aData) + explicit nsTDependentSubstring( + mozilla::Span aData MOZ_LIFETIME_BOUND) : nsTDependentSubstring(aData.Elements(), aData.Length()) {} - nsTDependentSubstring(const char_type* aStart, const char_type* aEnd); + nsTDependentSubstring(const char_type* aStart MOZ_LIFETIME_BOUND, + const char_type* aEnd MOZ_LIFETIME_BOUND); #if defined(MOZ_USE_CHAR16_WRAPPER) template > - nsTDependentSubstring(char16ptr_t aData, size_type aLength) + nsTDependentSubstring(char16ptr_t aData MOZ_LIFETIME_BOUND, size_type aLength) : nsTDependentSubstring(static_cast(aData), aLength) {} template > - nsTDependentSubstring(char16ptr_t aStart, char16ptr_t aEnd); + nsTDependentSubstring(char16ptr_t aStart MOZ_LIFETIME_BOUND, + char16ptr_t aEnd MOZ_LIFETIME_BOUND); #endif - nsTDependentSubstring(const const_iterator& aStart, - const const_iterator& aEnd); + nsTDependentSubstring(const const_iterator& aStart MOZ_LIFETIME_BOUND, + const const_iterator& aEnd MOZ_LIFETIME_BOUND); // Create a nsTDependentSubstring to be bound later nsTDependentSubstring() : substring_type() {} @@ -129,26 +133,28 @@ inline const nsTDependentSubstring Substring( } template -inline const nsTDependentSubstring Substring(const T* aData, - size_t aLength) { +inline const nsTDependentSubstring Substring( + const T* aData MOZ_LIFETIME_BOUND, size_t aLength) { return nsTDependentSubstring(aData, aLength); } template -const nsTDependentSubstring Substring(const T* aStart, const T* aEnd); +const nsTDependentSubstring Substring(const T* aStart MOZ_LIFETIME_BOUND, + const T* aEnd MOZ_LIFETIME_BOUND); -extern template const nsTDependentSubstring Substring(const char* aStart, - const char* aEnd); +extern template const nsTDependentSubstring Substring( + const char* aStart MOZ_LIFETIME_BOUND, const char* aEnd MOZ_LIFETIME_BOUND); extern template const nsTDependentSubstring Substring( - const char16_t* aStart, const char16_t* aEnd); + const char16_t* aStart MOZ_LIFETIME_BOUND, + const char16_t* aEnd MOZ_LIFETIME_BOUND); #if defined(MOZ_USE_CHAR16_WRAPPER) -inline const nsTDependentSubstring Substring(char16ptr_t aData, - size_t aLength); +inline const nsTDependentSubstring Substring( + char16ptr_t aData MOZ_LIFETIME_BOUND, size_t aLength); -const nsTDependentSubstring Substring(char16ptr_t aStart, - char16ptr_t aEnd); +const nsTDependentSubstring Substring( + char16ptr_t aStart MOZ_LIFETIME_BOUND, char16ptr_t aEnd MOZ_LIFETIME_BOUND); #endif template @@ -158,8 +164,8 @@ inline const nsTDependentSubstring StringHead(const nsTSubstring& aStr, } template -inline const nsTDependentSubstring StringTail(const nsTSubstring& aStr, - size_t aCount) { +inline const nsTDependentSubstring StringTail( + const nsTSubstring& aStr MOZ_LIFETIME_BOUND, size_t aCount) { return nsTDependentSubstring(aStr, aStr.Length() - aCount, aCount); } diff --git a/xpcom/string/nsTString.h b/xpcom/string/nsTString.h index c3d9dc31a0a9..84e2b880437c 100644 --- a/xpcom/string/nsTString.h +++ b/xpcom/string/nsTString.h @@ -23,7 +23,7 @@ * to denote a null-terminated string. */ template -class nsTString : public nsTSubstring { +class MOZ_GSL_OWNER nsTString : public nsTSubstring { public: typedef nsTString self_type; @@ -255,7 +255,7 @@ struct fmt::formatter, Char> * nsAutoCStringN / nsTAutoCString for narrow characters */ template -class MOZ_NON_MEMMOVABLE nsTAutoStringN : public nsTString { +class MOZ_NON_MEMMOVABLE MOZ_GSL_OWNER nsTAutoStringN : public nsTString { public: typedef nsTAutoStringN self_type;