corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1840191 - Fix a crash where nsContentSink::DidBuildModelImpl gets called with incorrect state r=hsivonen,dom-core

Browse Source 
The autofocus algorithm made this noticeable because we now can run
scripts at an earlier time.

Differential Revision: https://phabricator.services.mozilla.com/D182734
This commit is contained in:
Sean Feng
2023-08-17 18:22:57 +00:00
parent ba299f226a
commit d34aa2d18b
6 changed files with 80 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
dom/base/crashtests/1840191.html Normal file
View File

@@ -0,0 +1,68 @@
<head>
<script>
function go() {
document.onreadystatechange = () => { a.submit() }
window.stop()
}
</script>
</head>
<!-- a -->
<body>
<wbr>
<map>
<output>
<fieldset>
<keygen>
</fieldset>
<iframe></iframe>
<h1>
<form>
</bgsound>
</option>
</form>
<data>
<form id="a" target="b">
<output>
<output>
<picture>
<pre></pre>
</data>
<output>
<textarea onfocus="go()" autofocus="">
</textarea>
<dl>
<dt>
<input>
</dt>
<dt>
<dd>
<table>
<marquee>
<frameset>
<frame>
</frame>
</frameset>
<bdo>
<canvas>
<video>
<input>
<time>
<keygen>
<audio>
<track>
<source>
<select>
<optgroup>
<option>
<option>
</select>
<bdi>
<h4>
<img>
<sub>
<picture>
<h4>
<link>
<link>
<!-- a -->
</html>

1
dom/base/crashtests/crashtests.list
View File

@@ -270,3 +270,4 @@ load 1822717.html
load 1835886.html load 1835886.html
load 1836824.html load 1836824.html
skip-if(Android) load 1838484.html skip-if(Android) load 1838484.html
load 1840191.html

2
dom/base/nsContentSink.cpp
View File

@@ -815,7 +815,7 @@ void nsContentSink::EndUpdate(Document* aDocument) {
} }
void nsContentSink::DidBuildModelImpl(bool aTerminated) { void nsContentSink::DidBuildModelImpl(bool aTerminated) {
MOZ_ASSERT(aTerminated || MOZ_ASSERT(aTerminated || (mParser && mParser->IsParserClosed()) ||
mDocument->GetReadyStateEnum() == Document::READYSTATE_LOADING, mDocument->GetReadyStateEnum() == Document::READYSTATE_LOADING,
"Bad readyState"); "Bad readyState");
mDocument->SetReadyStateInternal(Document::READYSTATE_INTERACTIVE); mDocument->SetReadyStateInternal(Document::READYSTATE_INTERACTIVE);

3
parser/html/nsHtml5Parser.cpp
View File

@@ -147,6 +147,9 @@ nsHtml5Parser::ContinueInterruptedParsingAsync() {
NS_IMETHODIMP_(bool) NS_IMETHODIMP_(bool)
nsHtml5Parser::IsParserEnabled() { return !mBlocked; } nsHtml5Parser::IsParserEnabled() { return !mBlocked; }
NS_IMETHODIMP_(bool)
nsHtml5Parser::IsParserClosed() { return mDocumentClosed; }
NS_IMETHODIMP_(bool) NS_IMETHODIMP_(bool)
nsHtml5Parser::IsComplete() { return mExecutor->IsComplete(); } nsHtml5Parser::IsComplete() { return mExecutor->IsComplete(); }

6
parser/html/nsHtml5Parser.h
View File

@@ -105,6 +105,12 @@ class nsHtml5Parser final : public nsIParser, public nsSupportsWeakReference {
*/ */
NS_IMETHOD_(bool) IsParserEnabled() override; NS_IMETHOD_(bool) IsParserEnabled() override;
/**
* Query whether the parser is closed (i.e. document.closed() is called) or
* not.
*/
NS_IMETHOD_(bool) IsParserClosed() override;
/** /**
* Query whether the parser thinks it's done with parsing. * Query whether the parser thinks it's done with parsing.
*/ */

1
parser/htmlparser/nsParserBase.h
View File

@@ -10,6 +10,7 @@
class nsParserBase : public nsISupports { class nsParserBase : public nsISupports {
public: public:
NS_IMETHOD_(bool) IsParserEnabled() { return true; } NS_IMETHOD_(bool) IsParserEnabled() { return true; }
NS_IMETHOD_(bool) IsParserClosed() { return false; }
}; };
#endif // nsParserBase_h_ #endif // nsParserBase_h_