There are some crash reports crashed in TSF module which may be caused by
passing invalid selection range (e.g., out of bounds of text). However,
the cache is created in the child process and that causes the invalid cache
creation does not appear in the crash reports. Therefore, let's try to
crash as soon as possible if `ContentCache` has invalid data.
Note that this does not detect all of the invalid cases because it's hard to
(re-)understand the edge cases. Therefore, this tries to detect the cases
checked in `ContentCacheInParent::HandleQueryContentEvent` (*1) and some other
obvious odd cases.
1. https://searchfox.org/mozilla-central/rev/0ffaecaa075887ab07bf4c607c61ea2faa81b172/widget/ContentCache.cpp#776-778
Differential Revision: https://phabricator.services.mozilla.com/D176747
Since IPCDataTransfer* is actually used for nsITransferable, so rename them to
IPCTransferable* as follows,
- Rename IPCDataTransfer to IPCTransferableData.
- Rename IPCDataTransferItem to IPCTransferableDataItem.
- Rename IPCDataTransferData to IPCTransferableDataType.
- Rename IPCDataTransferString to IPCTransferableDataString.
- Rename IPCDataTransferCString to IPCTransferableDataCString.
- Rename IPCDataTransferInputStream to IPCTransferableDataInputStream.
- Rename IPCDataTransferImageContainer to IPCTransferableDataImageContainer.
- Rename IPCDataTransferBlob to IPCTransferableDataBlob.
Differential Revision: https://phabricator.services.mozilla.com/D178069
Since IPCDataTransfer* is actually used for nsITransferable, so rename them to
IPCTransferable* as follows,
- Rename IPCDataTransfer to IPCTransferableData.
- Rename IPCDataTransferItem to IPCTransferableDataItem.
- Rename IPCDataTransferData to IPCTransferableDataType.
- Rename IPCDataTransferString to IPCTransferableDataString.
- Rename IPCDataTransferCString to IPCTransferableDataCString.
- Rename IPCDataTransferInputStream to IPCTransferableDataInputStream.
- Rename IPCDataTransferImageContainer to IPCTransferableDataImageContainer.
- Rename IPCDataTransferBlob to IPCTransferableDataBlob.
Differential Revision: https://phabricator.services.mozilla.com/D178069
There are some crash reports crashed in TSF module which may be caused by
passing invalid selection range (e.g., out of bounds of text). However,
the cache is created in the child process and that causes the invalid cache
creation does not appear in the crash reports. Therefore, let's try to
crash as soon as possible if `ContentCache` has invalid data.
Note that this does not detect all of the invalid cases because it's hard to
(re-)understand the edge cases. Therefore, this tries to detect the cases
checked in `ContentCacheInParent::HandleQueryContentEvent` (*1) and some other
obvious odd cases.
1. https://searchfox.org/mozilla-central/rev/0ffaecaa075887ab07bf4c607c61ea2faa81b172/widget/ContentCache.cpp#776-778
Differential Revision: https://phabricator.services.mozilla.com/D176747
These types were already non-nullable, with the serializer implementation not
supporting nullptr values. This patch converts the uses to be explicitly
non-nullable, and adds the relevant `WrapNotNull` changes.
Differential Revision: https://phabricator.services.mozilla.com/D168890
These types were already non-nullable, with the serializer implementation not
supporting nullptr values. This patch converts the uses to be explicitly
non-nullable, and adds the relevant `WrapNotNull` changes.
Differential Revision: https://phabricator.services.mozilla.com/D168890
Convert the various mode* constants in nsIFilePicker into a proper
enum, and perform validation when passing it across IPC.
Differential Revision: https://phabricator.services.mozilla.com/D169853
Let the caller addref it if needed.
I wrote this because I wanted to make some code dealing with it
thread-safe, but I ended up writing a less sketchy solution. However I
still think this is worth it.
It seems this only returns an already_AddRefed because before it used to
be an XPCOM-ish thing where the widget was returned as an out-param.
For now it doesn't change behavior but there are some callers that would
benefit from having less addref/release calls if they only need to read
simple stuff from the widget.
Differential Revision: https://phabricator.services.mozilla.com/D168141
For normal (desktop) fission, we add NotifyImpendingShutdown before we notify destroy to the browser if we know a content process will go away both during normal operations and when the parent shuts down.
For e10s and Android we can only add NotifyImpendingShutdown when the parent process is shutting down, as they use a different keep alive logic that is hard to anticipate.
Differential Revision: https://phabricator.services.mozilla.com/D166303
For normal (desktop) fission, we add NotifyImpendingShutdown before we notify destroy to the browser if we know a content process will go away both during normal operations and when the parent shuts down.
For e10s and Android we can only add NotifyImpendingShutdown when the parent process is shutting down, as they use a different keep alive logic that is hard to anticipate.
Differential Revision: https://phabricator.services.mozilla.com/D166303
Because the parent process lacks information about the current shell
size, the child has to send both the current and the new shell size to
the parent. The parent then applies the delta to the window size. This
can produce different results for calls with the same arguments,
whenever a previous call did not have enough time to update the child
with its new size.
The implementation is replaced by applying the delta in the child.
Differential Revision: https://phabricator.services.mozilla.com/D160261
Implementations of nsIEmbeddingSiteWindow and nsIBaseWindow largely
overlap, and where they don't, the nsIEmbeddingSiteWindow implementation
of the otherwise shared interface is primarily stubbed out with the
exception of Get/SetDimensions().
This patch moves a reimplementation of Get/SetDimensions() from
nsIEmbeddingSiteWindow to nsIBaseWindow. The other methods of
nsIEmbeddingSiteWindow remain covered by nsIBaseWindow.
Get/SetDimensions() can be implemented as part of nsIWebBrowserChrome
where nsIBaseWindow is not necessary. This removes the need for
nsIEmbeddingSiteWindow.
Blur() has also been moved to nsIWebBrowserChrome, as only
nsContentTreeOwner has an actual implementation which we in theory also
want to call from BrowserChild/Parent, but the spec suggests to
"selectively or uniformly ignore calls".
GetVisibility() had an implementation in BrowserChild that pretended to
always be visible. Instead of providing an interface for that,
nsDocShell now handles the not implemented case for tree owners.
nsIEmbeddingSiteWindow::GetSiteWindow() used to call through to
nsIBaseWindow::GetParentNativeWindow().
The Get/SetDimensions() implementation has been replaced with a strongly
typed setter, which is now also used directly from nsGlobalWindowOuter
to avoid problems that come with autodetecting unchanged dimensions,
when the current dimensions are outdated (e.g. immediately reverting a
change can be ignored).
Differential Revision: https://phabricator.services.mozilla.com/D160260
Two minor changes that otherwise might go unnoticed in the following
parts:
- AppWindow can't skip SetSize calls that match the current size. On
Linux a previous call might not have changed the size yet. If the
current call is skipped, the previous call can ultimately dictate the
resulting size.
- BrowserParent should not have to call UpdatePosition when receiving
new dimensions from BrowserChild. But HeadlessWidget needs to call
NotifyWindowMoved when moved.
Differential Revision: https://phabricator.services.mozilla.com/D160259
Because the parent process lacks information about the current shell
size, the child has to send both the current and the new shell size to
the parent. The parent then applies the delta to the window size. This
can produce different results for calls with the same arguments,
whenever a previous call did not have enough time to update the child
with its new size.
The implementation is replaced by applying the delta in the child.
Differential Revision: https://phabricator.services.mozilla.com/D160261
Implementations of nsIEmbeddingSiteWindow and nsIBaseWindow largely
overlap, and where they don't, the nsIEmbeddingSiteWindow implementation
of the otherwise shared interface is primarily stubbed out with the
exception of Get/SetDimensions().
This patch moves a reimplementation of Get/SetDimensions() from
nsIEmbeddingSiteWindow to nsIBaseWindow. The other methods of
nsIEmbeddingSiteWindow remain covered by nsIBaseWindow.
Get/SetDimensions() can be implemented as part of nsIWebBrowserChrome
where nsIBaseWindow is not necessary. This removes the need for
nsIEmbeddingSiteWindow.
Blur() has also been moved to nsIWebBrowserChrome, as only
nsContentTreeOwner has an actual implementation which we in theory also
want to call from BrowserChild/Parent, but the spec suggests to
"selectively or uniformly ignore calls".
GetVisibility() had an implementation in BrowserChild that pretended to
always be visible. Instead of providing an interface for that,
nsDocShell now handles the not implemented case for tree owners.
nsIEmbeddingSiteWindow::GetSiteWindow() used to call through to
nsIBaseWindow::GetParentNativeWindow().
The Get/SetDimensions() implementation has been replaced with a strongly
typed setter, which is now also used directly from nsGlobalWindowOuter
to avoid problems that come with autodetecting unchanged dimensions,
when the current dimensions are outdated (e.g. immediately reverting a
change can be ignored).
Differential Revision: https://phabricator.services.mozilla.com/D160260
Two minor changes that otherwise might go unnoticed in the following
parts:
- AppWindow can't skip SetSize calls that match the current size. On
Linux a previous call might not have changed the size yet. If the
current call is skipped, the previous call can ultimately dictate the
resulting size.
- BrowserParent should not have to call UpdatePosition when receiving
new dimensions from BrowserChild. But HeadlessWidget needs to call
NotifyWindowMoved when moved. HeadlessWidget no longer stays in
"maximized" size mode after being resized or moved.
Differential Revision: https://phabricator.services.mozilla.com/D160259
Because the parent process lacks information about the current shell
size, the child has to send both the current and the new shell size to
the parent. The parent then applies the delta to the window size. This
can produce different results for calls with the same arguments,
whenever a previous call did not have enough time to update the child
with its new size.
The implementation is replaced by applying the delta in the child.
Differential Revision: https://phabricator.services.mozilla.com/D160261
Implementations of nsIEmbeddingSiteWindow and nsIBaseWindow largely
overlap, and where they don't, the nsIEmbeddingSiteWindow implementation
of the otherwise shared interface is primarily stubbed out with the
exception of Get/SetDimensions().
This patch moves a reimplementation of Get/SetDimensions() from
nsIEmbeddingSiteWindow to nsIBaseWindow. The other methods of
nsIEmbeddingSiteWindow remain covered by nsIBaseWindow.
Get/SetDimensions() can be implemented as part of nsIWebBrowserChrome
where nsIBaseWindow is not necessary. This removes the need for
nsIEmbeddingSiteWindow.
Blur() has also been moved to nsIWebBrowserChrome, as only
nsContentTreeOwner has an actual implementation which we in theory also
want to call from BrowserChild/Parent, but the spec suggests to
"selectively or uniformly ignore calls".
GetVisibility() had an implementation in BrowserChild that pretended to
always be visible. Instead of providing an interface for that,
nsDocShell now handles the not implemented case for tree owners.
nsIEmbeddingSiteWindow::GetSiteWindow() used to call through to
nsIBaseWindow::GetParentNativeWindow().
The Get/SetDimensions() implementation has been replaced with a strongly
typed setter, which is now also used directly from nsGlobalWindowOuter
to avoid problems that come with autodetecting unchanged dimensions,
when the current dimensions are outdated (e.g. immediately reverting a
change can be ignored).
Differential Revision: https://phabricator.services.mozilla.com/D160260
Two minor changes that otherwise might go unnoticed in the following
parts:
- AppWindow can't skip SetSize calls that match the current size. On
Linux a previous call might not have changed the size yet. If the
current call is skipped, the previous call can ultimately dictate the
resulting size.
- BrowserParent should not have to call UpdatePosition when receiving
new dimensions from BrowserChild. But HeadlessWidget needs to call
NotifyWindowMoved when moved. HeadlessWidget no longer stays in
"maximized" size mode after being resized or moved.
Differential Revision: https://phabricator.services.mozilla.com/D160259
This restores the previous behavior in a somewhat more principled way.
The extensions code is still broken in multi-monitor cases, but that's a
more complicated fix.
Differential Revision: https://phabricator.services.mozilla.com/D161997
It might be possible for a short while to have a DocAccessibleParent which has been shut down but is still managed by its BrowserParent.
In that case, DocAccessibleParent::GetFrom might previously have found the document via its BrowsingContext, thus returning a destroyed document.
This could cause problems when returning the focus if the document itself was the last thing focused.
To fix this, clear the BrowsingContext when shutting down a DocAccessibleParent so that it can't be found this way.
There is one case during actor construction where we call MarkAsShutdown instead of Destroy, and MarkAsShutdown isn't supposed to do any cleanup.
To deal with this, don't set the BrowsingContext until we're sure we're not going to call MarkAsShutdown.
Differential Revision: https://phabricator.services.mozilla.com/D161421
It might be possible for a short while to have a DocAccessibleParent which has been shut down but is still managed by its BrowserParent.
In that case, DocAccessibleParent::GetFrom might previously have found the document via its BrowsingContext, thus returning a destroyed document.
This could cause problems when returning the focus if the document itself was the last thing focused.
To fix this, clear the BrowsingContext when shutting down a DocAccessibleParent so that it can't be found this way.
There is one case during actor construction where we call MarkAsShutdown instead of Destroy, and MarkAsShutdown isn't supposed to do any cleanup.
To deal with this, don't set the BrowsingContext until we're sure we're not going to call MarkAsShutdown.
I also added an assertion to DocAccessibleParent::GetAccessible, since we should really never call that on a destroyed document.
Differential Revision: https://phabricator.services.mozilla.com/D161421
Updating mBounds.Size() without calling WindowResized leaves the window
temporarily in a state where inner and outer sizes are out of sync.
BrowserParent::UpdatePosition should call BrowserParent::UpdateDimension
with the size during the last update, rather than the current window
size. There is an edge case where a call can happen between a resize and
its reflow, and a second resize could prevent the reflow from changing
the frame loader size, leaving the BrowserChild with an outdated outer
size.
Differential Revision: https://phabricator.services.mozilla.com/D158343
After the previous changes there was only one consumer left of the Shmem
version of GetSurfaceData, which could easily be changed to use BigBuffer,
removing the need for that overload.
After that consumer is removed, the interface was also simplified as the
generic logic in the implementation was no longer necessary.
Differential Revision: https://phabricator.services.mozilla.com/D151854
