This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch upstream/28.4.1 in repository pale-moon. at 9ffed6e Simplify some alias sets in IonMonkey. This branch includes the following new commits: new ae971bf Add hover state arrow images. new 333c64e Prevent loading of document subresources over FTP. new 9676ebd [Palemoon] Disable Microsoft Family Safety support (Windows 8.1). new 932ecf5 Remove unused SSL errorReporting prefs new 38986a4 [PALEMOON] Add SSUAO override for firefox.com (native mode) new 90a44b3 Remove harmless assertions by using IgnoredErrorResult. new 80dfca4 Pref the use of unboxed plain objects in JS and disable by default. new 5ec124c Force expected crashes on unexpected magic values. new f8c7e32 Check for dead wrappers in CallerGetterImpl/CallerSetterImpl. new 9d01447 Check child container count in NotifyRefreshDriverCreated. new aabb357 Clean up nsOSHelperAppService. new 181cb52 Add nullcheck for frames in FindNearestCommonAncestorFrame new 6478daf Implement origin-clean algorithm for ImageBitmap. new 2ae457f Extend origin-clean algorithm (DiD). new 9e3ca28 Restrict ExtractLinearSum to monotonous operation in infinite math space. new cc53748 Grab caching capturing content with local variable. new 1af286f Convert UI-dictating FTP errors to console errors. new 3be7cb9 Escape '!' to '\041' in posix strings ($'...') new b4a65a3 Check for osint argument when checking for greomni and appomni arguments. new cee1324f Disallow getUserMedia on null principals. new 7243684 Check if CopyData succeeded. new a5b2695 Version bump new 98bd23c Add SSUAO for polyfill.io new 9ffed6e Simplify some alias sets in IonMonkey. The 24 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit ae971bfe8e3d096261077f1e8a7ddd2cbb3257a2 Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Sun Mar 3 13:41:37 2019 +0100 Add hover state arrow images. This fixes #981 --- toolkit/themes/shared/non-mac.jar.inc.mn | 2 ++ toolkit/themes/windows/global/arrow/arrow-lft-hov.gif | Bin 0 -> 91 bytes toolkit/themes/windows/global/arrow/arrow-rit-hov.gif | Bin 0 -> 91 bytes 3 files changed, 2 insertions(+) diff --git a/toolkit/themes/shared/non-mac.jar.inc.mn b/toolkit/themes/shared/non-mac.jar.inc.mn index 23f9da5..4391871 100644 --- a/toolkit/themes/shared/non-mac.jar.inc.mn +++ b/toolkit/themes/shared/non-mac.jar.inc.mn @@ -36,10 +36,12 @@ skin/classic/global/arrow/arrow-down.png (../../windows/global/arrow/arrow-down.png) skin/classic/global/arrow/arrow-lft.gif (../../windows/global/arrow/arrow-lft.gif) skin/classic/global/arrow/arrow-lft-dis.gif (../../windows/global/arrow/arrow-lft-dis.gif) + skin/classic/global/arrow/arrow-lft-hov.gif (../../windows/global/arrow/arrow-lft-hov.gif) skin/classic/global/arrow/arrow-lft-sharp.gif (../../windows/global/arrow/arrow-lft-sharp.gif) skin/classic/global/arrow/arrow-lft-sharp-end.gif (../../windows/global/arrow/arrow-lft-sharp-end.gif) skin/classic/global/arrow/arrow-rit.gif (../../windows/global/arrow/arrow-rit.gif) skin/classic/global/arrow/arrow-rit-dis.gif (../../windows/global/arrow/arrow-rit-dis.gif) + skin/classic/global/arrow/arrow-rit-hov.gif (../../windows/global/arrow/arrow-rit-hov.gif) skin/classic/global/arrow/arrow-rit-sharp.gif (../../windows/global/arrow/arrow-rit-sharp.gif) skin/classic/global/arrow/arrow-rit-sharp-end.gif (../../windows/global/arrow/arrow-rit-sharp-end.gif) skin/classic/global/arrow/arrow-up.gif (../../windows/global/arrow/arrow-up.gif) diff --git a/toolkit/themes/windows/global/arrow/arrow-lft-hov.gif b/toolkit/themes/windows/global/arrow/arrow-lft-hov.gif new file mode 100644 index 0000000..2c814ca Binary files /dev/null and b/toolkit/themes/windows/global/arrow/arrow-lft-hov.gif differ diff --git a/toolkit/themes/windows/global/arrow/arrow-rit-hov.gif b/toolkit/themes/windows/global/arrow/arrow-rit-hov.gif new file mode 100644 index 0000000..d0a4016 Binary files /dev/null and b/toolkit/themes/windows/global/arrow/arrow-rit-hov.gif differ -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 333c64ef30a6120802f2f356c34f73f46e68269f Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Sat Mar 9 08:15:36 2019 +0100 Prevent loading of document subresources over FTP. --- .../en-US/chrome/security/security.properties | 2 + dom/security/nsContentSecurityManager.cpp | 56 ++++++++++++++++++++++ dom/security/nsContentSecurityManager.h | 1 + 3 files changed, 59 insertions(+) diff --git a/dom/locales/en-US/chrome/security/security.properties b/dom/locales/en-US/chrome/security/security.properties index 8efdb0a..2be56fb 100644 --- a/dom/locales/en-US/chrome/security/security.properties +++ b/dom/locales/en-US/chrome/security/security.properties @@ -85,3 +85,5 @@ BlockScriptWithWrongMimeType=Script from “%1$S” was blocked because of a dis # LOCALIZATION NOTE: Do not translate "data: URI". BlockTopLevelDataURINavigation=Navigation to toplevel data: URI not allowed (Blocked loading of: “%1$S”) + +BlockSubresourceFTP=Loading FTP subresource within http(s) page not allowed (Blocked loading of: “%1$S”) diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp index 5707303..f2cbc8f 100644 --- a/dom/security/nsContentSecurityManager.cpp +++ b/dom/security/nsContentSecurityManager.cpp @@ -92,6 +92,55 @@ nsContentSecurityManager::AllowTopLevelNavigationToDataURI(nsIChannel* aChannel) return false; } +/* static */ nsresult +nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel) +{ + // We dissallow using FTP resources as a subresource everywhere. + // The only valid way to use FTP resources is loading it as + // a top level document. + + nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo(); + if (!loadInfo) { + return NS_OK; + } + + nsContentPolicyType type = loadInfo->GetExternalContentPolicyType(); + if (type == nsIContentPolicy::TYPE_DOCUMENT) { + return NS_OK; + } + + nsCOMPtr<nsIURI> uri; + nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri)); + NS_ENSURE_SUCCESS(rv, rv); + if (!uri) { + return NS_OK; + } + + bool isFtpURI = (NS_SUCCEEDED(uri->SchemeIs("ftp", &isFtpURI)) && isFtpURI); + if (!isFtpURI) { + return NS_OK; + } + + nsCOMPtr<nsIDocument> doc; + if (nsINode* node = loadInfo->LoadingNode()) { + doc = node->OwnerDoc(); + } + + nsAutoCString spec; + uri->GetSpec(spec); + NS_ConvertUTF8toUTF16 specUTF16(NS_UnescapeURL(spec)); + const char16_t* params[] = { specUTF16.get() }; + + nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, + NS_LITERAL_CSTRING("FTP_URI_BLOCKED"), + doc, + nsContentUtils::eSECURITY_PROPERTIES, + "BlockSubresourceFTP", + params, ArrayLength(params)); + + return NS_ERROR_CONTENT_BLOCKED; +} + static nsresult ValidateSecurityFlags(nsILoadInfo* aLoadInfo) { @@ -574,6 +623,10 @@ nsContentSecurityManager::doContentSecurityCheck(nsIChannel* aChannel, rv = DoContentSecurityChecks(aChannel, loadInfo); NS_ENSURE_SUCCESS(rv, rv); + // Apply this after CSP checks to allow CSP reporting. + rv = CheckFTPSubresourceLoad(aChannel); + NS_ENSURE_SUCCESS(rv, rv); + // now lets set the initalSecurityFlag for subsequent calls loadInfo->SetInitialSecurityCheckDone(true); @@ -591,6 +644,9 @@ nsContentSecurityManager::AsyncOnChannelRedirect(nsIChannel* aOldChannel, // Are we enforcing security using LoadInfo? if (loadInfo && loadInfo->GetEnforceSecurity()) { nsresult rv = CheckChannel(aNewChannel); + if (NS_SUCCEEDED(rv)) { + rv = CheckFTPSubresourceLoad(aNewChannel); + } if (NS_FAILED(rv)) { aOldChannel->Cancel(rv); return rv; diff --git a/dom/security/nsContentSecurityManager.h b/dom/security/nsContentSecurityManager.h index bab8477..750dd88 100644 --- a/dom/security/nsContentSecurityManager.h +++ b/dom/security/nsContentSecurityManager.h @@ -36,6 +36,7 @@ public: private: static nsresult CheckChannel(nsIChannel* aChannel); + static nsresult CheckFTPSubresourceLoad(nsIChannel* aChannel); virtual ~nsContentSecurityManager() {} -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 9676ebdced627a3b999657aee93b355046f86a6d Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Thu Mar 14 09:01:12 2019 +0100 [Palemoon] Disable Microsoft Family Safety support (Windows 8.1). This is basically a https MitM setup that is unwanted for Pale Moon. Resolves #1000. --- application/palemoon/app/profile/palemoon.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/application/palemoon/app/profile/palemoon.js b/application/palemoon/app/profile/palemoon.js index 43f020f..f514d9b 100644 --- a/application/palemoon/app/profile/palemoon.js +++ b/application/palemoon/app/profile/palemoon.js @@ -1121,6 +1121,9 @@ pref("security.csp.speccompliant", true); // Block insecure active content on https pages pref("security.mixed_content.block_active_content", true); +// Disable Microsoft Family Safety MitM support +pref("security.family_safety.mode", 0); + // Override the Gecko-default value of false for Pale Moon. pref("plain_text.wrap_long_lines", true); -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 932ecf52b6dfb3c8651395470030d49313906261 Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Thu Mar 14 13:07:00 2019 +0100 Remove unused SSL errorReporting prefs Resolves #1003. --- netwerk/base/security-prefs.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index ea0b223..ef78ddc 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -117,10 +117,6 @@ pref("security.webauth.u2f", false); pref("security.webauth.u2f_enable_softtoken", false); pref("security.webauth.u2f_enable_usbtoken", false); -pref("security.ssl.errorReporting.enabled", true); -pref("security.ssl.errorReporting.url", "https://incoming.telemetry.mozilla.org/submit/sslreports/"); -pref("security.ssl.errorReporting.automatic", false); - // OCSP must-staple pref("security.ssl.enable_ocsp_must_staple", true); -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 38986a488b449e9be3467aed701cf5807d5a683c Author: JustOff <Off.Just.Off@gmail.com> Date: Thu Mar 14 17:42:08 2019 +0200 [PALEMOON] Add SSUAO override for firefox.com (native mode) --- application/palemoon/branding/shared/pref/uaoverrides.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/application/palemoon/branding/shared/pref/uaoverrides.inc b/application/palemoon/branding/shared/pref/uaoverrides.inc index 5679566..3e28225 100644 --- a/application/palemoon/branding/shared/pref/uaoverrides.inc +++ b/application/palemoon/branding/shared/pref/uaoverrides.inc @@ -63,6 +63,7 @@ pref("@GUAO_PREF@.deviantart.com","Mozilla/5.0 (@OS_SLICE@ rv:@GRE_VERSION@) @GR pref("@GUAO_PREF@.deviantart.net","Mozilla/5.0 (@OS_SLICE@ rv:@GRE_VERSION@) @GRE_DATE_SLICE@ @PM_SLICE@"); pref("@GUAO_PREF@.altibox.dk","Mozilla/5.0 (@OS_SLICE@ rv:@GRE_VERSION@) @GRE_DATE_SLICE@ @PM_SLICE@"); pref("@GUAO_PREF@.altibox.no","Mozilla/5.0 (@OS_SLICE@ rv:@GRE_VERSION@) @GRE_DATE_SLICE@ @PM_SLICE@"); +pref("@GUAO_PREF@.firefox.com","Mozilla/5.0 (@OS_SLICE@ rv:@GRE_VERSION@) @GRE_DATE_SLICE@ @PM_SLICE@"); // UA-Sniffing domains below have indicated no interest in supporting Pale Moon (BOO!) pref("@GUAO_PREF@.humblebundle.com","Mozilla/5.0 (@OS_SLICE@ rv:@GK_VERSION@) @GK_SLICE@ @FX_SLICE@ (Pale Moon)"); -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 90a44b312f35dc679982d558d18555d69e356ffb Author: Olli Pettay <Olli.Pettay@helsinki.fi> Date: Thu Mar 21 09:02:04 2019 +0100 Remove harmless assertions by using IgnoredErrorResult. --- dom/html/HTMLTableElement.cpp | 15 ++++++--------- dom/html/HTMLTableSectionElement.cpp | 2 +- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/dom/html/HTMLTableElement.cpp b/dom/html/HTMLTableElement.cpp index ec1b7ce..c5b7696 100644 --- a/dom/html/HTMLTableElement.cpp +++ b/dom/html/HTMLTableElement.cpp @@ -421,11 +421,10 @@ HTMLTableElement::CreateTHead() void HTMLTableElement::DeleteTHead() { - HTMLTableSectionElement* tHead = GetTHead(); + RefPtr<HTMLTableSectionElement> tHead = GetTHead(); if (tHead) { - mozilla::ErrorResult rv; + mozilla::IgnoredErrorResult rv; nsINode::RemoveChild(*tHead, rv); - MOZ_ASSERT(!rv.Failed()); } } @@ -452,11 +451,10 @@ HTMLTableElement::CreateTFoot() void HTMLTableElement::DeleteTFoot() { - HTMLTableSectionElement* tFoot = GetTFoot(); + RefPtr<HTMLTableSectionElement> tFoot = GetTFoot(); if (tFoot) { - mozilla::ErrorResult rv; + mozilla::IgnoredErrorResult rv; nsINode::RemoveChild(*tFoot, rv); - MOZ_ASSERT(!rv.Failed()); } } @@ -483,11 +481,10 @@ HTMLTableElement::CreateCaption() void HTMLTableElement::DeleteCaption() { - HTMLTableCaptionElement* caption = GetCaption(); + RefPtr<HTMLTableCaptionElement> caption = GetCaption(); if (caption) { - mozilla::ErrorResult rv; + mozilla::IgnoredErrorResult rv; nsINode::RemoveChild(*caption, rv); - MOZ_ASSERT(!rv.Failed()); } } diff --git a/dom/html/HTMLTableSectionElement.cpp b/dom/html/HTMLTableSectionElement.cpp index c7b0665..e995976 100644 --- a/dom/html/HTMLTableSectionElement.cpp +++ b/dom/html/HTMLTableSectionElement.cpp @@ -122,7 +122,7 @@ HTMLTableSectionElement::DeleteRow(int32_t aValue, ErrorResult& aError) refIndex = (uint32_t)aValue; } - nsINode* row = rows->Item(refIndex); + nsCOMPtr<nsINode> row = rows->Item(refIndex); if (!row) { aError.Throw(NS_ERROR_DOM_INDEX_SIZE_ERR); return; -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 80dfca45772a4d4fc5fd61630e2a812e779ec620 Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Thu Mar 21 09:53:24 2019 +0100 Pref the use of unboxed plain objects in JS and disable by default. This should be all that's needed for #1017, but verification of impact is definitely desired. --- js/src/jit/JitOptions.cpp | 2 +- js/src/jsapi.cpp | 3 +++ js/src/jsapi.h | 25 +++++++++++++------------ js/xpconnect/src/XPCJSContext.cpp | 4 ++++ modules/libpref/init/all.js | 1 + 5 files changed, 22 insertions(+), 13 deletions(-) diff --git a/js/src/jit/JitOptions.cpp b/js/src/jit/JitOptions.cpp index eb5a6c1..b9a7c7b 100644 --- a/js/src/jit/JitOptions.cpp +++ b/js/src/jit/JitOptions.cpp @@ -222,7 +222,7 @@ DefaultJitOptions::DefaultJitOptions() } // Toggles whether unboxed plain objects can be created by the VM. - SET_DEFAULT(disableUnboxedObjects, false); + SET_DEFAULT(disableUnboxedObjects, true); // Test whether Atomics are allowed in asm.js code. SET_DEFAULT(asmJSAtomicsEnable, false); diff --git a/js/src/jsapi.cpp b/js/src/jsapi.cpp index 37d023b..6114b81 100644 --- a/js/src/jsapi.cpp +++ b/js/src/jsapi.cpp @@ -6410,6 +6410,9 @@ JS_SetGlobalJitCompilerOption(JSContext* cx, JSJitCompilerOption opt, uint32_t v } jit::JitOptions.jumpThreshold = value; break; + case JSJITCOMPILER_UNBOXED_OBJECTS: + jit::JitOptions.disableUnboxedObjects = !value; + break; case JSJITCOMPILER_ASMJS_ATOMICS_ENABLE: jit::JitOptions.asmJSAtomicsEnable = !!value; break; diff --git a/js/src/jsapi.h b/js/src/jsapi.h index 005d227..1f726f2 100644 --- a/js/src/jsapi.h +++ b/js/src/jsapi.h @@ -5783,19 +5783,20 @@ JS_SetParallelParsingEnabled(JSContext* cx, bool enabled); extern JS_PUBLIC_API(void) JS_SetOffthreadIonCompilationEnabled(JSContext* cx, bool enabled); -#define JIT_COMPILER_OPTIONS(Register) \ - Register(BASELINE_WARMUP_TRIGGER, "baseline.warmup.trigger") \ - Register(ION_WARMUP_TRIGGER, "ion.warmup.trigger") \ - Register(ION_GVN_ENABLE, "ion.gvn.enable") \ - Register(ION_FORCE_IC, "ion.forceinlineCaches") \ - Register(ION_ENABLE, "ion.enable") \ +#define JIT_COMPILER_OPTIONS(Register) \ + Register(BASELINE_WARMUP_TRIGGER, "baseline.warmup.trigger") \ + Register(ION_WARMUP_TRIGGER, "ion.warmup.trigger") \ + Register(ION_GVN_ENABLE, "ion.gvn.enable") \ + Register(ION_FORCE_IC, "ion.forceinlineCaches") \ + Register(ION_ENABLE, "ion.enable") \ Register(ION_INTERRUPT_WITHOUT_SIGNAL, "ion.interrupt-without-signals") \ - Register(ION_CHECK_RANGE_ANALYSIS, "ion.check-range-analysis") \ - Register(BASELINE_ENABLE, "baseline.enable") \ - Register(OFFTHREAD_COMPILATION_ENABLE, "offthread-compilation.enable") \ - Register(JUMP_THRESHOLD, "jump-threshold") \ - Register(ASMJS_ATOMICS_ENABLE, "asmjs.atomics.enable") \ - Register(WASM_TEST_MODE, "wasm.test-mode") \ + Register(ION_CHECK_RANGE_ANALYSIS, "ion.check-range-analysis") \ + Register(BASELINE_ENABLE, "baseline.enable") \ + Register(OFFTHREAD_COMPILATION_ENABLE, "offthread-compilation.enable") \ + Register(JUMP_THRESHOLD, "jump-threshold") \ + Register(UNBOXED_OBJECTS, "unboxed_objects") \ + Register(ASMJS_ATOMICS_ENABLE, "asmjs.atomics.enable") \ + Register(WASM_TEST_MODE, "wasm.test-mode") \ Register(WASM_FOLD_OFFSETS, "wasm.fold-offsets") typedef enum JSJitCompilerOption { diff --git a/js/xpconnect/src/XPCJSContext.cpp b/js/xpconnect/src/XPCJSContext.cpp index 0243d80..bde949a 100644 --- a/js/xpconnect/src/XPCJSContext.cpp +++ b/js/xpconnect/src/XPCJSContext.cpp @@ -1427,6 +1427,8 @@ ReloadPrefsCallback(const char* pref, void* data) bool extraWarnings = Preferences::GetBool(JS_OPTIONS_DOT_STR "strict"); + bool unboxedObjects = Preferences::GetBool(JS_OPTIONS_DOT_STR "unboxed_objects"); + sSharedMemoryEnabled = Preferences::GetBool(JS_OPTIONS_DOT_STR "shared_memory"); #ifdef DEBUG @@ -1455,6 +1457,8 @@ ReloadPrefsCallback(const char* pref, void* data) useBaselineEager ? 0 : -1); JS_SetGlobalJitCompilerOption(cx, JSJITCOMPILER_ION_WARMUP_TRIGGER, useIonEager ? 0 : -1); + JS_SetGlobalJitCompilerOption(cx, JSJITCOMPILER_UNBOXED_OBJECTS, + unboxedObjects); } XPCJSContext::~XPCJSContext() diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index f6e9017..d5df9fa 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -1264,6 +1264,7 @@ pref("javascript.options.strict", false); #ifdef DEBUG pref("javascript.options.strict.debug", false); #endif +pref("javascript.options.unboxed_objects", false); pref("javascript.options.baselinejit", true); pref("javascript.options.ion", true); pref("javascript.options.asmjs", true); -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 5ec124cf03f7380da68d6b1b5bcdf41ec7d5dbe1 Author: Nicolas B. Pierron <nicolas.b.pierron@nbp.name> Date: Thu Mar 21 21:28:10 2019 +0100 Force expected crashes on unexpected magic values. --- js/public/Value.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/js/public/Value.h b/js/public/Value.h index 01666ed..7c4f833 100644 --- a/js/public/Value.h +++ b/js/public/Value.h @@ -567,8 +567,11 @@ class MOZ_NON_PARAM alignas(8) Value } bool isMagic(JSWhyMagic why) const { - MOZ_ASSERT_IF(isMagic(), data.s.payload.why == why); - return isMagic(); + if (!isMagic()) { + return false; + } + MOZ_RELEASE_ASSERT(data.s.payload.why == why); + return true; } JS::TraceKind traceKind() const { -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit f8c7e321a54cad57b0e4428bc159de7a921266bc Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Fri Mar 22 12:06:40 2019 +0100 Check for dead wrappers in CallerGetterImpl/CallerSetterImpl. This also removes code duplication by making CallerSetterImpl call CallerGetterImpl. --- js/src/jsfun.cpp | 58 ++++++++++++-------------------------------------------- 1 file changed, 12 insertions(+), 46 deletions(-) diff --git a/js/src/jsfun.cpp b/js/src/jsfun.cpp index 863871d..98311be 100644 --- a/js/src/jsfun.cpp +++ b/js/src/jsfun.cpp @@ -288,6 +288,12 @@ CallerGetterImpl(JSContext* cx, const CallArgs& args) return true; } + if (JS_IsDeadWrapper(callerObj)) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_DEAD_OBJECT); + return false; + } + JSFunction* callerFun = &callerObj->as<JSFunction>(); MOZ_ASSERT(!callerFun->isBuiltin(), "non-builtin iterator returned a builtin?"); @@ -314,54 +320,14 @@ CallerSetterImpl(JSContext* cx, const CallArgs& args) { MOZ_ASSERT(IsFunction(args.thisv())); - // Beware! This function can be invoked on *any* function! It can't - // assume it'll never be invoked on natives, strict mode functions, bound - // functions, or anything else that ordinarily has immutable .caller - // defined with [[ThrowTypeError]]. - RootedFunction fun(cx, &args.thisv().toObject().as<JSFunction>()); - if (!CallerRestrictions(cx, fun)) - return false; - - // Return |undefined| unless an error must be thrown. - args.rval().setUndefined(); - - // We can almost just return |undefined| here -- but if the caller function - // was strict mode code, we still have to throw a TypeError. This requires - // computing the caller, checking that no security boundaries are crossed, - // and throwing a TypeError if the resulting caller is strict. - - NonBuiltinScriptFrameIter iter(cx); - if (!AdvanceToActiveCallLinear(cx, iter, fun)) - return true; - - ++iter; - while (!iter.done() && iter.isEvalFrame()) - ++iter; - - if (iter.done() || !iter.isFunctionFrame()) - return true; - - RootedObject caller(cx, iter.callee(cx)); - if (!cx->compartment()->wrap(cx, &caller)) { - cx->clearPendingException(); - return true; - } - - // If we don't have full access to the caller, or the caller is not strict, - // return undefined. Otherwise throw a TypeError. - JSObject* callerObj = CheckedUnwrap(caller); - if (!callerObj) - return true; - - JSFunction* callerFun = &callerObj->as<JSFunction>(); - MOZ_ASSERT(!callerFun->isBuiltin(), "non-builtin iterator returned a builtin?"); - - if (callerFun->strict()) { - JS_ReportErrorFlagsAndNumberASCII(cx, JSREPORT_ERROR, GetErrorMessage, nullptr, - JSMSG_CALLER_IS_STRICT); - return false; + // We just have to return |undefined|, but first we call CallerGetterImpl + // because we need the same strict-mode and security checks. + + if (!CallerGetterImpl(cx, args)) { + return false; } + args.rval().setUndefined(); return true; } -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 9d01447a2131305a022740693deaeef6585f9436 Author: Brian Birtles <birtles@gmail.com> Date: Fri Mar 22 12:10:37 2019 +0100 Check child container count in NotifyRefreshDriverCreated. --- dom/smil/nsSMILAnimationController.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dom/smil/nsSMILAnimationController.cpp b/dom/smil/nsSMILAnimationController.cpp index 0dd6163..6995620 100644 --- a/dom/smil/nsSMILAnimationController.cpp +++ b/dom/smil/nsSMILAnimationController.cpp @@ -233,7 +233,7 @@ void nsSMILAnimationController::NotifyRefreshDriverCreated( nsRefreshDriver* aRefreshDriver) { - if (!mPauseState) { + if (!mPauseState && mChildContainerTable.Count()) { MaybeStartSampling(aRefreshDriver); } } -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit aabb3573ead213b82eac48634a9ede05f45bc963 Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Fri Mar 22 12:44:26 2019 +0100 Clean up nsOSHelperAppService. About time we stopped looking at Netscape 4.x entries in the registry ;) Also, assume the application association API is present in Windows and use that instead of reading from the registry directly. --- uriloader/exthandler/win/nsOSHelperAppService.cpp | 192 +++++++--------------- 1 file changed, 57 insertions(+), 135 deletions(-) diff --git a/uriloader/exthandler/win/nsOSHelperAppService.cpp b/uriloader/exthandler/win/nsOSHelperAppService.cpp index f01f3b4..48b6f17 100644 --- a/uriloader/exthandler/win/nsOSHelperAppService.cpp +++ b/uriloader/exthandler/win/nsOSHelperAppService.cpp @@ -29,8 +29,6 @@ #define LOG(args) MOZ_LOG(mLog, mozilla::LogLevel::Debug, args) // helper methods: forward declarations... -static nsresult GetExtensionFrom4xRegistryInfo(const nsACString& aMimeType, - nsString& aFileExtension); static nsresult GetExtensionFromWindowsMimeDatabase(const nsACString& aMimeType, nsString& aFileExtension); @@ -77,79 +75,45 @@ static nsresult GetExtensionFromWindowsMimeDatabase(const nsACString& aMimeType, return NS_OK; } -// We have a serious problem!! I have this content type and the windows registry only gives me -// helper apps based on extension. Right now, we really don't have a good place to go for -// trying to figure out the extension for a particular mime type....One short term hack is to look -// this information in 4.x (it's stored in the windows regsitry). -static nsresult GetExtensionFrom4xRegistryInfo(const nsACString& aMimeType, - nsString& aFileExtension) -{ - nsCOMPtr<nsIWindowsRegKey> regKey = - do_CreateInstance("@mozilla.org/windows-registry-key;1"); - if (!regKey) - return NS_ERROR_NOT_AVAILABLE; - - nsresult rv = regKey-> - Open(nsIWindowsRegKey::ROOT_KEY_CURRENT_USER, - NS_LITERAL_STRING("Software\\Netscape\\Netscape Navigator\\Suffixes"), - nsIWindowsRegKey::ACCESS_QUERY_VALUE); - if (NS_FAILED(rv)) - return NS_ERROR_NOT_AVAILABLE; - - rv = regKey->ReadStringValue(NS_ConvertASCIItoUTF16(aMimeType), - aFileExtension); - if (NS_FAILED(rv)) - return NS_OK; - - aFileExtension.Insert(char16_t('.'), 0); - - // this may be a comma separated list of extensions...just take the - // first one for now... - - int32_t pos = aFileExtension.FindChar(char16_t(',')); - if (pos > 0) { - // we have a comma separated list of types... - // truncate everything after the first comma (including the comma) - aFileExtension.Truncate(pos); - } - - return NS_OK; -} - nsresult nsOSHelperAppService::OSProtocolHandlerExists(const char * aProtocolScheme, bool * aHandlerExists) { // look up the protocol scheme in the windows registry....if we find a match then we have a handler for it... *aHandlerExists = false; if (aProtocolScheme && *aProtocolScheme) { - // Vista: use new application association interface - if (mAppAssoc) { - wchar_t * pResult = nullptr; - NS_ConvertASCIItoUTF16 scheme(aProtocolScheme); - // We are responsible for freeing returned strings. - HRESULT hr = mAppAssoc->QueryCurrentDefault(scheme.get(), - AT_URLPROTOCOL, AL_EFFECTIVE, - &pResult); - if (SUCCEEDED(hr)) { - CoTaskMemFree(pResult); - *aHandlerExists = true; + NS_ENSURE_TRUE(mAppAssoc, NS_ERROR_NOT_AVAILABLE); + wchar_t * pResult = nullptr; + NS_ConvertASCIItoUTF16 scheme(aProtocolScheme); + // We are responsible for freeing returned strings. + HRESULT hr = mAppAssoc->QueryCurrentDefault(scheme.get(), + AT_URLPROTOCOL, AL_EFFECTIVE, + &pResult); + if (SUCCEEDED(hr)) { + CoTaskMemFree(pResult); + // Check the registry to see if it's a valid handler. + nsCOMPtr<nsIWindowsRegKey> regKey = do_CreateInstance("@mozilla.org/windows-registry-key;1"); + if (!regKey) { + return NS_ERROR_NOT_AVAILABLE; + } + + nsresult rv = regKey->Open(nsIWindowsRegKey::ROOT_KEY_CLASSES_ROOT, + nsDependentString(scheme.get()), + nsIWindowsRegKey::ACCESS_QUERY_VALUE); + if (NS_FAILED(rv)) { + // Open will fail if the registry key path doesn't exist. + return NS_OK; + } + + bool hasValue; + rv = regKey->HasValue(NS_LITERAL_STRING("URL Protocol"), &hasValue); + if (NS_FAILED(rv)) { + return NS_ERROR_FAILURE; + } + if (!hasValue) { + return NS_OK; } - return NS_OK; - } - HKEY hKey; - LONG err = ::RegOpenKeyExW(HKEY_CLASSES_ROOT, - NS_ConvertASCIItoUTF16(aProtocolScheme).get(), - 0, - KEY_QUERY_VALUE, - &hKey); - if (err == ERROR_SUCCESS) - { - err = ::RegQueryValueExW(hKey, L"URL Protocol", - nullptr, nullptr, nullptr, nullptr); - *aHandlerExists = (err == ERROR_SUCCESS); - // close the key - ::RegCloseKey(hKey); + *aHandlerExists = true; } } @@ -180,40 +144,21 @@ NS_IMETHODIMP nsOSHelperAppService::GetApplicationDescription(const nsACString& } } - if (mAppAssoc) { - // Vista: use new application association interface - wchar_t * pResult = nullptr; - // We are responsible for freeing returned strings. - HRESULT hr = mAppAssoc->QueryCurrentDefault(buf.get(), - AT_URLPROTOCOL, AL_EFFECTIVE, - &pResult); - if (SUCCEEDED(hr)) { - nsCOMPtr<nsIFile> app; - nsAutoString appInfo(pResult); - CoTaskMemFree(pResult); - if (NS_SUCCEEDED(GetDefaultAppInfo(appInfo, _retval, getter_AddRefs(app)))) - return NS_OK; - } - return NS_ERROR_NOT_AVAILABLE; + NS_ENSURE_TRUE(mAppAssoc, NS_ERROR_NOT_AVAILABLE); + wchar_t * pResult = nullptr; + // We are responsible for freeing returned strings. + HRESULT hr = mAppAssoc->QueryCurrentDefault(buf.get(), + AT_URLPROTOCOL, AL_EFFECTIVE, + &pResult); + if (SUCCEEDED(hr)) { + nsCOMPtr<nsIFile> app; + nsAutoString appInfo(pResult); + CoTaskMemFree(pResult); + if (NS_SUCCEEDED(GetDefaultAppInfo(appInfo, _retval, getter_AddRefs(app)))) + return NS_OK; } - nsCOMPtr<nsIFile> app; - GetDefaultAppInfo(buf, _retval, getter_AddRefs(app)); - - if (!_retval.Equals(buf)) - return NS_OK; - - // Fall back to full path - buf.AppendLiteral("\\shell\\open\\command"); - nsresult rv = regKey->Open(nsIWindowsRegKey::ROOT_KEY_CLASSES_ROOT, - buf, - nsIWindowsRegKey::ACCESS_QUERY_VALUE); - if (NS_FAILED(rv)) - return NS_ERROR_NOT_AVAILABLE; - - rv = regKey->ReadStringValue(EmptyString(), _retval); - - return NS_SUCCEEDED(rv) ? NS_OK : NS_ERROR_NOT_AVAILABLE; + return NS_ERROR_NOT_AVAILABLE; } // GetMIMEInfoFromRegistry: This function obtains the values of some of the nsIMIMEInfo @@ -421,36 +366,18 @@ already_AddRefed<nsMIMEInfoWin> nsOSHelperAppService::GetByExtension(const nsAFl bool found; // Retrieve the default application for this extension - if (mAppAssoc) { - // Vista: use the new application association COM interfaces - // for resolving helpers. - nsString assocType(fileExtToUse); - wchar_t * pResult = nullptr; - HRESULT hr = mAppAssoc->QueryCurrentDefault(assocType.get(), - AT_FILEEXTENSION, AL_EFFECTIVE, - &pResult); - if (SUCCEEDED(hr)) { - found = true; - appInfo.Assign(pResult); - CoTaskMemFree(pResult); - } - else { - found = false; - } - } - else - { - nsCOMPtr<nsIWindowsRegKey> regKey = - do_CreateInstance("@mozilla.org/windows-registry-key;1"); - if (!regKey) - return nullptr; - nsresult rv = regKey->Open(nsIWindowsRegKey::ROOT_KEY_CLASSES_ROOT, - fileExtToUse, - nsIWindowsRegKey::ACCESS_QUERY_VALUE); - if (NS_SUCCEEDED(rv)) { - found = NS_SUCCEEDED(regKey->ReadStringValue(EmptyString(), - appInfo)); - } + NS_ENSURE_TRUE(mAppAssoc, nullptr); + nsString assocType(fileExtToUse); + wchar_t * pResult = nullptr; + HRESULT hr = mAppAssoc->QueryCurrentDefault(assocType.get(), + AT_FILEEXTENSION, AL_EFFECTIVE, + &pResult); + if (SUCCEEDED(hr)) { + found = true; + appInfo.Assign(pResult); + CoTaskMemFree(pResult); + } else { + found = false; } // Bug 358297 - ignore the default handler, force the user to choose app @@ -496,14 +423,9 @@ already_AddRefed<nsIMIMEInfo> nsOSHelperAppService::GetMIMEInfoFromOS(const nsAC * We'll do extension-based lookup for this type later in this function. */ if (!aMIMEType.LowerCaseEqualsLiteral(APPLICATION_OCTET_STREAM)) { - // (1) try to use the windows mime database to see if there is a mapping to a file extension - // (2) try to see if we have some left over 4.x registry info we can peek at... + // try to use the windows mime database to see if there is a mapping to a file extension GetExtensionFromWindowsMimeDatabase(aMIMEType, fileExtension); LOG(("Windows mime database: extension '%s'\n", fileExtension.get())); - if (fileExtension.IsEmpty()) { - GetExtensionFrom4xRegistryInfo(aMIMEType, fileExtension); - LOG(("4.x Registry: extension '%s'\n", fileExtension.get())); - } } // If we found an extension for the type, do the lookup RefPtr<nsMIMEInfoWin> mi; -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 181cb5210e6555102f5215316ea7a9b1771b0717 Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Mon Feb 18 22:24:29 2019 +0100 Add nullcheck for frames in FindNearestCommonAncestorFrame This resolves #978. --- layout/base/nsLayoutUtils.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp index f0341f9..07befdc 100644 --- a/layout/base/nsLayoutUtils.cpp +++ b/layout/base/nsLayoutUtils.cpp @@ -2681,6 +2681,10 @@ nsLayoutUtils::GetTransformToAncestorScaleExcludingAnimated(nsIFrame* aFrame) nsIFrame* nsLayoutUtils::FindNearestCommonAncestorFrame(nsIFrame* aFrame1, nsIFrame* aFrame2) { + if (!aFrame1 || !aFrame2) { + return nullptr; + } + AutoTArray<nsIFrame*,100> ancestors1; AutoTArray<nsIFrame*,100> ancestors2; nsIFrame* commonAncestor = nullptr; -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 6478daf2988b56ae73f941fd471242b7e92b2a4e Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Thu Feb 14 11:46:21 2019 +0100 Implement origin-clean algorithm for ImageBitmap. This resolves #973. --- dom/canvas/CanvasRenderingContext2D.cpp | 17 +++-- dom/canvas/CanvasRenderingContext2D.h | 14 ++++ dom/canvas/ImageBitmap.cpp | 101 +++++++++++++++++------------ dom/canvas/ImageBitmap.h | 12 ++++ dom/canvas/ImageBitmapRenderingContext.cpp | 5 ++ dom/canvas/WebGLContext.h | 3 +- dom/canvas/WebGLTextureUpload.cpp | 22 ++++++- dom/canvas/test/test_imagebitmap.html | 23 +++++-- dom/html/HTMLCanvasElement.cpp | 2 +- dom/html/HTMLCanvasElement.h | 4 +- 10 files changed, 143 insertions(+), 60 deletions(-) diff --git a/dom/canvas/CanvasRenderingContext2D.cpp b/dom/canvas/CanvasRenderingContext2D.cpp index b60ab23..a750c69 100644 --- a/dom/canvas/CanvasRenderingContext2D.cpp +++ b/dom/canvas/CanvasRenderingContext2D.cpp @@ -1105,6 +1105,7 @@ CanvasRenderingContext2D::CanvasRenderingContext2D(layers::LayersBackend aCompos , mIsCapturedFrameInvalid(false) , mPathTransformWillUpdate(false) , mInvalidateCount(0) + , mWriteOnly(false) // == !origin-clean { sNumLivingContexts++; @@ -2562,7 +2563,8 @@ CanvasRenderingContext2D::CreatePattern(const CanvasImageSource& aSource, // nullptr and set CORSUsed to true for passing the security check in // CanvasUtils::DoDrawImageSecurityCheck(). RefPtr<CanvasPattern> pat = - new CanvasPattern(this, srcSurf, repeatMode, nullptr, false, true); + new CanvasPattern(this, srcSurf, repeatMode, nullptr, + imgBitmap.IsWriteOnly(), true); return pat.forget(); } @@ -4952,6 +4954,10 @@ CanvasRenderingContext2D::DrawImage(const CanvasImageSource& aImage, aError.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); return; } + + if (canvas->IsWriteOnly()) { + SetWriteOnly(); + } } else if (aImage.IsImageBitmap()) { ImageBitmap& imageBitmap = aImage.GetAsImageBitmap(); srcSurf = imageBitmap.PrepareForDrawTarget(mTarget); @@ -4960,6 +4966,10 @@ CanvasRenderingContext2D::DrawImage(const CanvasImageSource& aImage, return; } + if (imageBitmap.IsWriteOnly()) { + SetWriteOnly(); + } + imgSize = gfx::IntSize(imageBitmap.Width(), imageBitmap.Height()); } else { @@ -5674,9 +5684,8 @@ CanvasRenderingContext2D::GetImageData(JSContext* aCx, double aSx, // Check only if we have a canvas element; if we were created with a docshell, // then it's special internal use. - if (mCanvasElement && mCanvasElement->IsWriteOnly() && - !nsContentUtils::IsCallerChrome()) - { + if (IsWriteOnly() || + (mCanvasElement && mCanvasElement->IsWriteOnly() && !nsContentUtils::IsCallerChrome())) { // XXX ERRMSG we need to report an error to developers here! (bug 329026) aError.Throw(NS_ERROR_DOM_SECURITY_ERR); return nullptr; diff --git a/dom/canvas/CanvasRenderingContext2D.h b/dom/canvas/CanvasRenderingContext2D.h index 848b3ee..46758ec 100644 --- a/dom/canvas/CanvasRenderingContext2D.h +++ b/dom/canvas/CanvasRenderingContext2D.h @@ -40,6 +40,7 @@ class SourceSurface; namespace dom { class HTMLImageElementOrSVGImageElementOrHTMLCanvasElementOrHTMLVideoElementOrImageBitmap; typedef HTMLImageElementOrSVGImageElementOrHTMLCanvasElementOrHTMLVideoElementOrImageBitmap CanvasImageSource; +class ImageBitmap; class ImageData; class StringOrCanvasGradientOrCanvasPattern; class OwningStringOrCanvasGradientOrCanvasPattern; @@ -1151,6 +1152,19 @@ protected: friend struct CanvasBidiProcessor; friend class CanvasDrawObserver; + friend class ImageBitmap; + + // For the origin-clean algorithm (mWriteOnly == !origin-clean) + // See https://html.spec.whatwg.org/multipage/imagebitmap-and-animations.html + void SetWriteOnly() { + mWriteOnly = true; + } + + bool IsWriteOnly() const { + return mWriteOnly; + } + + bool mWriteOnly; }; } // namespace dom diff --git a/dom/canvas/ImageBitmap.cpp b/dom/canvas/ImageBitmap.cpp index e45cdfc..6efe1b3 100644 --- a/dom/canvas/ImageBitmap.cpp +++ b/dom/canvas/ImageBitmap.cpp @@ -351,29 +351,27 @@ CheckSecurityForHTMLElements(const nsLayoutUtils::SurfaceFromElementResult& aRes */ template<class HTMLElementType> static already_AddRefed<SourceSurface> -GetSurfaceFromElement(nsIGlobalObject* aGlobal, HTMLElementType& aElement, ErrorResult& aRv) +GetSurfaceFromElement(nsIGlobalObject* aGlobal, HTMLElementType& aElement, + bool* aWriteOnly, ErrorResult& aRv) { nsLayoutUtils::SurfaceFromElementResult res = nsLayoutUtils::SurfaceFromElement(&aElement, nsLayoutUtils::SFE_WANT_FIRST_FRAME); - // check origin-clean - if (!CheckSecurityForHTMLElements(res)) { - aRv.Throw(NS_ERROR_DOM_SECURITY_ERR); - return nullptr; - } - RefPtr<SourceSurface> surface = res.GetSourceSurface(); if (NS_WARN_IF(!surface)) { - aRv.Throw(NS_ERROR_NOT_AVAILABLE); + aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); return nullptr; } + + // Check origin-clean and pass back + *aWriteOnly = !CheckSecurityForHTMLElements(res); return surface.forget(); } /* - * The specification doesn't allow to create an ImegeBitmap from a vector image. + * The specification doesn't allow to create an ImageBitmap from a vector image. * This function is used to check if the given HTMLImageElement contains a * raster image. */ @@ -398,7 +396,7 @@ HasRasterImage(HTMLImageElement& aImageEl) } ImageBitmap::ImageBitmap(nsIGlobalObject* aGlobal, layers::Image* aData, - bool aIsPremultipliedAlpha /* = true */) + bool aWriteOnly, bool aIsPremultipliedAlpha /* = true */) : mParent(aGlobal) , mData(aData) , mSurface(nullptr) @@ -406,6 +404,7 @@ ImageBitmap::ImageBitmap(nsIGlobalObject* aGlobal, layers::Image* aData, , mPictureRect(0, 0, aData->GetSize().width, aData->GetSize().height) , mIsPremultipliedAlpha(aIsPremultipliedAlpha) , mIsCroppingAreaOutSideOfSourceImage(false) + , mWriteOnly(aWriteOnly) { MOZ_ASSERT(aData, "aData is null in ImageBitmap constructor."); } @@ -698,6 +697,7 @@ ImageBitmap::ToCloneData() const RefPtr<SourceSurface> surface = mData->GetAsSourceSurface(); result->mSurface = surface->GetDataSurface(); MOZ_ASSERT(result->mSurface); + result->mWriteOnly = mWriteOnly; return Move(result); } @@ -708,7 +708,7 @@ ImageBitmap::CreateFromCloneData(nsIGlobalObject* aGlobal, { RefPtr<layers::Image> data = CreateImageFromSurface(aData->mSurface); - RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data, + RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data, aData->mWriteOnly, aData->mIsPremultipliedAlpha); ret->mIsCroppingAreaOutSideOfSourceImage = @@ -724,11 +724,8 @@ ImageBitmap::CreateFromOffscreenCanvas(nsIGlobalObject* aGlobal, OffscreenCanvas& aOffscreenCanvas, ErrorResult& aRv) { - // Check origin-clean. - if (aOffscreenCanvas.IsWriteOnly()) { - aRv.Throw(NS_ERROR_DOM_SECURITY_ERR); - return nullptr; - } + // Check origin-clean + bool writeOnly = aOffscreenCanvas.IsWriteOnly(); nsLayoutUtils::SurfaceFromElementResult res = nsLayoutUtils::SurfaceFromOffscreenCanvas(&aOffscreenCanvas, @@ -744,7 +741,7 @@ ImageBitmap::CreateFromOffscreenCanvas(nsIGlobalObject* aGlobal, RefPtr<layers::Image> data = CreateImageFromSurface(surface); - RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data); + RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data, writeOnly); return ret.forget(); } @@ -757,16 +754,19 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, HTMLImageElement& aImageEl aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); return nullptr; } - + // Check if the image element is a bitmap (e.g. it's a vector graphic) or not. if (!HasRasterImage(aImageEl)) { aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); return nullptr; } + bool writeOnly = true; + // Get the SourceSurface out from the image element and then do security // checking. - RefPtr<SourceSurface> surface = GetSurfaceFromElement(aGlobal, aImageEl, aRv); + RefPtr<SourceSurface> surface = GetSurfaceFromElement(aGlobal, aImageEl, + &writeOnly, aRv); if (NS_WARN_IF(aRv.Failed())) { return nullptr; @@ -780,7 +780,7 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, HTMLImageElement& aImageEl return nullptr; } - RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data); + RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data, writeOnly); // Set the picture rectangle. if (ret && aCropRect.isSome()) { @@ -812,13 +812,13 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, HTMLVideoElement& aVideoEl return nullptr; } + bool writeOnly = true; + // Check security. nsCOMPtr<nsIPrincipal> principal = aVideoEl.GetCurrentVideoPrincipal(); bool CORSUsed = aVideoEl.GetCORSMode() != CORS_NONE; - if (!CheckSecurityForHTMLElements(false, CORSUsed, principal)) { - aRv.Throw(NS_ERROR_DOM_SECURITY_ERR); - return nullptr; - } + + writeOnly = !CheckSecurityForHTMLElements(false, CORSUsed, principal); // Create ImageBitmap. ImageContainer *container = aVideoEl.GetImageContainer(); @@ -834,7 +834,7 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, HTMLVideoElement& aVideoEl aRv.Throw(NS_ERROR_NOT_AVAILABLE); return nullptr; } - RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data); + RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data, writeOnly); // Set the picture rectangle. if (ret && aCropRect.isSome()) { @@ -856,12 +856,18 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, HTMLCanvasElement& aCanvas return nullptr; } - RefPtr<SourceSurface> surface = GetSurfaceFromElement(aGlobal, aCanvasEl, aRv); + bool writeOnly = true; + + RefPtr<SourceSurface> surface = GetSurfaceFromElement(aGlobal, aCanvasEl, &writeOnly, aRv); if (NS_WARN_IF(aRv.Failed())) { return nullptr; } + if (!writeOnly) { + writeOnly = aCanvasEl.IsWriteOnly(); + } + // Crop the source surface if needed. RefPtr<SourceSurface> croppedSurface; IntRect cropRect = aCropRect.valueOr(IntRect()); @@ -874,8 +880,7 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, HTMLCanvasElement& aCanvas aCropRect.isSome()) { // The _surface_ must be a DataSourceSurface. MOZ_ASSERT(surface->GetType() == SurfaceType::DATA, - "The snapshot SourceSurface from WebGL rendering contest is not \ - DataSourceSurface."); + "The snapshot SourceSurface from WebGL rendering contest is not DataSourceSurface."); RefPtr<DataSourceSurface> dataSurface = surface->GetDataSurface(); croppedSurface = CropAndCopyDataSourceSurface(dataSurface, cropRect); cropRect.MoveTo(0, 0); @@ -897,7 +902,7 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, HTMLCanvasElement& aCanvas return nullptr; } - RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data); + RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data, writeOnly); // Set the picture rectangle. if (ret && aCropRect.isSome()) { @@ -958,9 +963,12 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, ImageData& aImageData, return nullptr; } - // Create an ImageBimtap. + // Create an ImageBitmap. // ImageData's underlying data is not alpha-premultiplied. - RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data, false); + RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, + data, + false /* write-only */, + false /* alpha-premult */); // The cropping information has been handled in the CreateImageFromRawData() // function. @@ -975,11 +983,8 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, ImageData& aImageData, ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, CanvasRenderingContext2D& aCanvasCtx, const Maybe<IntRect>& aCropRect, ErrorResult& aRv) { - // Check origin-clean. - if (aCanvasCtx.GetCanvas()->IsWriteOnly()) { - aRv.Throw(NS_ERROR_DOM_SECURITY_ERR); - return nullptr; - } + // Check origin-clean + bool writeOnly = aCanvasCtx.GetCanvas()->IsWriteOnly() || aCanvasCtx.IsWriteOnly(); RefPtr<SourceSurface> surface = aCanvasCtx.GetSurfaceSnapshot(); @@ -1001,7 +1006,7 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, CanvasRenderingContext2D& return nullptr; } - RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data); + RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data, writeOnly); // Set the picture rectangle. if (ret && aCropRect.isSome()) { @@ -1024,7 +1029,10 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, ImageBitmap& aImageBitmap, } RefPtr<layers::Image> data = aImageBitmap.mData; - RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, data, aImageBitmap.mIsPremultipliedAlpha); + RefPtr<ImageBitmap> ret = new ImageBitmap(aGlobal, + data, + aImageBitmap.mWriteOnly, + aImageBitmap.mIsPremultipliedAlpha); // Set the picture rectangle. if (ret && aCropRect.isSome()) { @@ -1295,7 +1303,7 @@ private: } // Create ImageBitmap object. - RefPtr<ImageBitmap> imageBitmap = new ImageBitmap(mGlobalObject, data); + RefPtr<ImageBitmap> imageBitmap = new ImageBitmap(mGlobalObject, data, false /* write-only */); // Set mIsCroppingAreaOutSideOfSourceImage. imageBitmap->SetIsCroppingAreaOutSideOfSourceImage(sourceSize, originalCropRect); @@ -1391,7 +1399,7 @@ private: } // Create ImageBitmap object. - RefPtr<ImageBitmap> imageBitmap = new ImageBitmap(mGlobalObject, data); + RefPtr<ImageBitmap> imageBitmap = new ImageBitmap(mGlobalObject, data, false /* write-only */); // Set mIsCroppingAreaOutSideOfSourceImage. imageBitmap->SetIsCroppingAreaOutSideOfSourceImage(sourceSize, originalCropRect); @@ -1486,14 +1494,19 @@ ImageBitmap::ReadStructuredClone(JSContext* aCx, uint32_t picRectHeight_; uint32_t isPremultipliedAlpha_; uint32_t isCroppingAreaOutSideOfSourceImage_; + uint32_t writeOnly; + uint32_t dummy; if (!JS_ReadUint32Pair(aReader, &picRectX_, &picRectY_) || !JS_ReadUint32Pair(aReader, &picRectWidth_, &picRectHeight_) || !JS_ReadUint32Pair(aReader, &isPremultipliedAlpha_, - &isCroppingAreaOutSideOfSourceImage_)) { + &isCroppingAreaOutSideOfSourceImage_) || + !JS_ReadUint32Pair(aReader, &writeOnly, &dummy)) { return nullptr; } + MOZ_ASSERT(dummy == 0); + int32_t picRectX = BitwiseCast<int32_t>(picRectX_); int32_t picRectY = BitwiseCast<int32_t>(picRectY_); int32_t picRectWidth = BitwiseCast<int32_t>(picRectWidth_); @@ -1512,7 +1525,7 @@ ImageBitmap::ReadStructuredClone(JSContext* aCx, { RefPtr<layers::Image> img = CreateImageFromSurface(aClonedSurfaces[aIndex]); RefPtr<ImageBitmap> imageBitmap = - new ImageBitmap(aParent, img, isPremultipliedAlpha_); + new ImageBitmap(aParent, img, !!writeOnly, isPremultipliedAlpha_); imageBitmap->mIsCroppingAreaOutSideOfSourceImage = isCroppingAreaOutSideOfSourceImage_; @@ -1547,6 +1560,7 @@ ImageBitmap::WriteStructuredClone(JSStructuredCloneWriter* aWriter, const uint32_t picRectHeight = BitwiseCast<uint32_t>(aImageBitmap->mPictureRect.height); const uint32_t isPremultipliedAlpha = aImageBitmap->mIsPremultipliedAlpha ? 1 : 0; const uint32_t isCroppingAreaOutSideOfSourceImage = aImageBitmap->mIsCroppingAreaOutSideOfSourceImage ? 1 : 0; + const uint32_t isWriteOnly = aImageBitmap->mWriteOnly ? 1 : 0; // Indexing the cloned surfaces and send the index to the receiver. uint32_t index = aClonedSurfaces.Length(); @@ -1555,7 +1569,8 @@ ImageBitmap::WriteStructuredClone(JSStructuredCloneWriter* aWriter, NS_WARN_IF(!JS_WriteUint32Pair(aWriter, picRectX, picRectY)) || NS_WARN_IF(!JS_WriteUint32Pair(aWriter, picRectWidth, picRectHeight)) || NS_WARN_IF(!JS_WriteUint32Pair(aWriter, isPremultipliedAlpha, - isCroppingAreaOutSideOfSourceImage))) { + isCroppingAreaOutSideOfSourceImage)) || + NS_WARN_IF(!JS_WriteUint32Pair(aWriter, isWriteOnly, 0))) { return false; } diff --git a/dom/canvas/ImageBitmap.h b/dom/canvas/ImageBitmap.h index 2119c6b..25084b6 100644 --- a/dom/canvas/ImageBitmap.h +++ b/dom/canvas/ImageBitmap.h @@ -65,6 +65,7 @@ struct ImageBitmapCloneData final gfx::IntRect mPictureRect; bool mIsPremultipliedAlpha; bool mIsCroppingAreaOutSideOfSourceImage; + bool mWriteOnly; }; /* @@ -161,6 +162,10 @@ public: template<typename T> friend class MapDataIntoBufferSource; + bool IsWriteOnly() const { + return mWriteOnly; + } + // Mozilla Extensions ImageBitmapFormat FindOptimalFormat(const Optional<Sequence<ImageBitmapFormat>>& aPossibleFormats, @@ -197,6 +202,7 @@ protected: * CreateInternal(from ImageData) method. */ ImageBitmap(nsIGlobalObject* aGlobal, layers::Image* aData, + bool aWriteOnly, bool aIsPremultipliedAlpha = true); virtual ~ImageBitmap(); @@ -280,6 +286,12 @@ protected: */ bool mIsCroppingAreaOutSideOfSourceImage; + /* + * Write-Only flag is set to true if this image has been generated from a + * cross-origin source. This is the opposite of what is called 'origin-clean' + * in the spec. + */ + bool mWriteOnly; }; } // namespace dom diff --git a/dom/canvas/ImageBitmapRenderingContext.cpp b/dom/canvas/ImageBitmapRenderingContext.cpp index 8f50745..ad31390 100644 --- a/dom/canvas/ImageBitmapRenderingContext.cpp +++ b/dom/canvas/ImageBitmapRenderingContext.cpp @@ -63,6 +63,11 @@ ImageBitmapRenderingContext::TransferFromImageBitmap(ImageBitmap& aImageBitmap) if (!mImage) { return; } + + // Check if ImageBitmap is tainted, and if so flag the canvas tainted too. + if (aImageBitmap.IsWriteOnly() && mCanvasElement) { + mCanvasElement->SetWriteOnly(); + } Redraw(gfxRect(0, 0, mWidth, mHeight)); } diff --git a/dom/canvas/WebGLContext.h b/dom/canvas/WebGLContext.h index 3ec307b..8a20237 100644 --- a/dom/canvas/WebGLContext.h +++ b/dom/canvas/WebGLContext.h @@ -275,8 +275,9 @@ struct TexImageSourceAdapter final : public TexImageSource mPboOffset = pboOffset; } - TexImageSourceAdapter(const dom::ImageBitmap* imageBitmap, ErrorResult*) { + TexImageSourceAdapter(const dom::ImageBitmap* imageBitmap, ErrorResult* out_error) { mImageBitmap = imageBitmap; + mOut_error = out_error; } TexImageSourceAdapter(const dom::ImageData* imageData, ErrorResult*) { diff --git a/dom/canvas/WebGLTextureUpload.cpp b/dom/canvas/WebGLTextureUpload.cpp index 612d588..3839b5d 100644 --- a/dom/canvas/WebGLTextureUpload.cpp +++ b/dom/canvas/WebGLTextureUpload.cpp @@ -12,6 +12,7 @@ #include "GLBlitHelper.h" #include "GLContext.h" #include "mozilla/gfx/2D.h" +#include "mozilla/dom/HTMLCanvasElement.h" #include "mozilla/dom/HTMLVideoElement.h" #include "mozilla/dom/ImageBitmap.h" #include "mozilla/dom/ImageData.h" @@ -214,9 +215,18 @@ FromPboOffset(WebGLContext* webgl, const char* funcName, TexImageTarget target, static UniquePtr<webgl::TexUnpackBlob> FromImageBitmap(WebGLContext* webgl, const char* funcName, TexImageTarget target, uint32_t width, uint32_t height, uint32_t depth, - const dom::ImageBitmap& imageBitmap) + const dom::ImageBitmap& imageBitmap, ErrorResult* aRv) { + if (imageBitmap.IsWriteOnly()) { + aRv->Throw(NS_ERROR_DOM_SECURITY_ERR); + return nullptr; + } + UniquePtr<dom::ImageBitmapCloneData> cloneData = Move(imageBitmap.ToCloneData()); + if (!cloneData) { + return nullptr; + } + const RefPtr<gfx::DataSourceSurface> surf = cloneData->mSurface; //// @@ -293,6 +303,14 @@ WebGLContext::FromDomElem(const char* funcName, TexImageTarget target, uint32_t uint32_t height, uint32_t depth, const dom::Element& elem, ErrorResult* const out_error) { + if (elem.IsHTMLElement(nsGkAtoms::canvas)) { + const dom::HTMLCanvasElement* canvas = static_cast<const dom::HTMLCanvasElement*>(&elem); + if (canvas->IsWriteOnly()) { + out_error->Throw(NS_ERROR_DOM_SECURITY_ERR); + return nullptr; + } + } + uint32_t flags = nsLayoutUtils::SFE_WANT_IMAGE_SURFACE | nsLayoutUtils::SFE_USE_ELEMENT_SIZE_IF_VECTOR; @@ -412,7 +430,7 @@ WebGLContext::From(const char* funcName, TexImageTarget target, GLsizei rawWidth if (src.mImageBitmap) { return FromImageBitmap(this, funcName, target, width, height, depth, - *(src.mImageBitmap)); + *(src.mImageBitmap), src.mOut_error); } if (src.mImageData) { diff --git a/dom/canvas/test/test_imagebitmap.html b/dom/canvas/test/test_imagebitmap.html index b3d3c08..3b74970 100644 --- a/dom/canvas/test/test_imagebitmap.html +++ b/dom/canvas/test/test_imagebitmap.html @@ -270,13 +270,22 @@ function testSecurityErrors() { } function checkPromiseFailedWithSecurityError(p) { - return p.then( function(reason) { ok(false, "Did not get SecurityError with unclean source. ImageBitmap was created successfully."); }, - function(reason) { if (reason == "SecurityError: The operation is insecure.") { - ok(true, reason); - } - else { - ok(false, "Did not get SecurityError with unclean source. Error Message: " + reason); - }}); + return p.then(imageBitmap => { + ok(!!imageBitmap, "ImageBitmaps are always created"); + const context = document.createElement("canvas").getContext("2d"); + context.drawImage(imageBitmap, 0, 0); + try { + context.getImageData(0, 0, 1, 1); + ok(false, "Did not get SecurityError with unclean source. ImageBitmap was created successfully."); + } catch (ex) { + if (ex == "SecurityError: The operation is insecure.") { + ok(true, ex); + } + else { + ok(false, "Did not get SecurityError with unclean source. Error Message: " + ex); + } + } + }); } return Promise.all([ diff --git a/dom/html/HTMLCanvasElement.cpp b/dom/html/HTMLCanvasElement.cpp index 527135a..a01795d 100644 --- a/dom/html/HTMLCanvasElement.cpp +++ b/dom/html/HTMLCanvasElement.cpp @@ -1000,7 +1000,7 @@ HTMLCanvasElement::GetSize() } bool -HTMLCanvasElement::IsWriteOnly() +HTMLCanvasElement::IsWriteOnly() const { return mWriteOnly; } diff --git a/dom/html/HTMLCanvasElement.h b/dom/html/HTMLCanvasElement.h index 746fab1..e77db6f 100644 --- a/dom/html/HTMLCanvasElement.h +++ b/dom/html/HTMLCanvasElement.h @@ -224,9 +224,9 @@ public: nsIntSize GetSize(); /** - * Determine whether the canvas is write-only. + * Determine whether the canvas is write-only (tainted). */ - bool IsWriteOnly(); + bool IsWriteOnly() const; /** * Force the canvas to be write-only. -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 2ae457f21e7a60182f884bfdfeaa9d2c127eb8b9 Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Fri Mar 22 13:11:18 2019 +0100 Extend origin-clean algorithm (DiD). --- dom/canvas/CanvasRenderingContext2D.cpp | 7 +++++++ dom/canvas/CanvasRenderingContext2D.h | 4 +--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/dom/canvas/CanvasRenderingContext2D.cpp b/dom/canvas/CanvasRenderingContext2D.cpp index a750c69..4849fda 100644 --- a/dom/canvas/CanvasRenderingContext2D.cpp +++ b/dom/canvas/CanvasRenderingContext2D.cpp @@ -6329,6 +6329,13 @@ CanvasRenderingContext2D::ShouldForceInactiveLayer(LayerManager* aManager) return !aManager->CanUseCanvasLayerForSize(GetSize()); } +void CanvasRenderingContext2D::SetWriteOnly() { + mWriteOnly = true; + if (mCanvasElement) { + mCanvasElement->SetWriteOnly(); + } +} + NS_IMPL_CYCLE_COLLECTION_ROOT_NATIVE(CanvasPath, AddRef) NS_IMPL_CYCLE_COLLECTION_UNROOT_NATIVE(CanvasPath, Release) diff --git a/dom/canvas/CanvasRenderingContext2D.h b/dom/canvas/CanvasRenderingContext2D.h index 46758ec..d4f295a 100644 --- a/dom/canvas/CanvasRenderingContext2D.h +++ b/dom/canvas/CanvasRenderingContext2D.h @@ -1156,9 +1156,7 @@ protected: // For the origin-clean algorithm (mWriteOnly == !origin-clean) // See https://html.spec.whatwg.org/multipage/imagebitmap-and-animations.html - void SetWriteOnly() { - mWriteOnly = true; - } + void SetWriteOnly(); bool IsWriteOnly() const { return mWriteOnly; -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 9e3ca2878d47fc10e5effc3537a4869c462e7e16 Author: Nicolas B. Pierron <nicolas.b.pierron@nbp.name> Date: Sat Mar 23 09:36:15 2019 +0100 Restrict ExtractLinearSum to monotonous operation in infinite math space. Thanks to Bruno Keith & Niklas Baumstark from the phoenhex team for finding this issue and reporting it with a proper analysis. --- js/src/jit/IonAnalysis.cpp | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/js/src/jit/IonAnalysis.cpp b/js/src/jit/IonAnalysis.cpp index b163d58..d255c32 100644 --- a/js/src/jit/IonAnalysis.cpp +++ b/js/src/jit/IonAnalysis.cpp @@ -3127,6 +3127,15 @@ ExtractMathSpace(MDefinition* ins) MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE("Unknown TruncateKind"); } +static bool MonotoneAdd(int32_t lhs, int32_t rhs) { + return (lhs >= 0 && rhs >= 0) || (lhs <= 0 && rhs <= 0); +} + +static bool MonotoneSub(int32_t lhs, int32_t rhs) { + return (lhs >= 0 && rhs <= 0) || (lhs <= 0 && rhs >= 0); +} + + // Extract a linear sum from ins, if possible (otherwise giving the sum 'ins + 0'). SimpleLinearSum jit::ExtractLinearSum(MDefinition* ins, MathSpace space) @@ -3168,10 +3177,12 @@ jit::ExtractLinearSum(MDefinition* ins, MathSpace space) // Check if this is of the form <SUM> + n or n + <SUM>. if (ins->isAdd()) { int32_t constant; - if (space == MathSpace::Modulo) + if (space == MathSpace::Modulo) { constant = lsum.constant + rsum.constant; - else if (!SafeAdd(lsum.constant, rsum.constant, &constant)) + } else if (!SafeAdd(lsum.constant, rsum.constant, &constant) || + !MonotoneAdd(lsum.constant, rsum.constant)) { return SimpleLinearSum(ins, 0); + } return SimpleLinearSum(lsum.term ? lsum.term : rsum.term, constant); } @@ -3179,10 +3190,12 @@ jit::ExtractLinearSum(MDefinition* ins, MathSpace space) // Check if this is of the form <SUM> - n. if (lsum.term) { int32_t constant; - if (space == MathSpace::Modulo) + if (space == MathSpace::Modulo) { constant = lsum.constant - rsum.constant; - else if (!SafeSub(lsum.constant, rsum.constant, &constant)) + } else if (!SafeSub(lsum.constant, rsum.constant, &constant) || + !MonotoneSub(lsum.constant, rsum.constant)) { return SimpleLinearSum(ins, 0); + } return SimpleLinearSum(lsum.term, constant); } -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit cc53748228bb4201d05dcbd2a7d7f8e05c80909b Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Sat Mar 23 10:20:01 2019 +0100 Grab caching capturing content with local variable. --- layout/base/nsPresShell.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/layout/base/nsPresShell.cpp b/layout/base/nsPresShell.cpp index 969ebc9..5dfbb8d 100644 --- a/layout/base/nsPresShell.cpp +++ b/layout/base/nsPresShell.cpp @@ -7296,11 +7296,11 @@ PresShell::HandleEvent(nsIFrame* aFrame, return NS_OK; } - nsIContent* capturingContent = ((aEvent->mClass == ePointerEventClass || - aEvent->mClass == eWheelEventClass || - aEvent->HasMouseEventMessage()) - ? GetCapturingContent() - : nullptr); + nsCOMPtr<nsIContent> capturingContent = ((aEvent->mClass == ePointerEventClass || + aEvent->mClass == eWheelEventClass || + aEvent->HasMouseEventMessage()) + ? GetCapturingContent() + : nullptr); nsCOMPtr<nsIDocument> retargetEventDoc; if (!aDontRetargetEvents) { -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 1af286ffef9b71ed8dbe68b8d25484f47dfd75ec Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Sat Mar 23 10:46:00 2019 +0100 Convert UI-dictating FTP errors to console errors. --- netwerk/protocol/ftp/FTPChannelChild.cpp | 41 +------------ netwerk/protocol/ftp/nsFtpConnectionThread.cpp | 81 +------------------------- 2 files changed, 4 insertions(+), 118 deletions(-) diff --git a/netwerk/protocol/ftp/FTPChannelChild.cpp b/netwerk/protocol/ftp/FTPChannelChild.cpp index f8284aa..f525867 100644 --- a/netwerk/protocol/ftp/FTPChannelChild.cpp +++ b/netwerk/protocol/ftp/FTPChannelChild.cpp @@ -516,33 +516,6 @@ FTPChannelChild::RecvOnStopRequest(const nsresult& aChannelStatus, return true; } -class nsFtpChildAsyncAlert : public Runnable -{ -public: - nsFtpChildAsyncAlert(nsIPrompt *aPrompter, nsString aResponseMsg) - : mPrompter(aPrompter) - , mResponseMsg(aResponseMsg) - { - MOZ_COUNT_CTOR(nsFtpChildAsyncAlert); - } -protected: - virtual ~nsFtpChildAsyncAlert() - { - MOZ_COUNT_DTOR(nsFtpChildAsyncAlert); - } -public: - NS_IMETHOD Run() override - { - if (mPrompter) { - mPrompter->Alert(nullptr, mResponseMsg.get()); - } - return NS_OK; - } -private: - nsCOMPtr<nsIPrompt> mPrompter; - nsString mResponseMsg; -}; - class MaybeDivertOnStopFTPEvent : public ChannelEvent { public: @@ -600,19 +573,7 @@ FTPChannelChild::DoOnStopRequest(const nsresult& aChannelStatus, (void)mListener->OnStopRequest(this, mListenerContext, aChannelStatus); if (NS_FAILED(aChannelStatus) && !aErrorMsg.IsEmpty()) { - nsCOMPtr<nsIPrompt> prompter; - GetCallback(prompter); - if (prompter) { - nsCOMPtr<nsIRunnable> alertEvent; - if (aUseUTF8) { - alertEvent = new nsFtpChildAsyncAlert(prompter, - NS_ConvertUTF8toUTF16(aErrorMsg)); - } else { - alertEvent = new nsFtpChildAsyncAlert(prompter, - NS_ConvertASCIItoUTF16(aErrorMsg)); - } - NS_DispatchToMainThread(alertEvent); - } + NS_ERROR("FTP error on stop request."); } mListener = nullptr; diff --git a/netwerk/protocol/ftp/nsFtpConnectionThread.cpp b/netwerk/protocol/ftp/nsFtpConnectionThread.cpp index 2ae1284..0dae7ca 100644 --- a/netwerk/protocol/ftp/nsFtpConnectionThread.cpp +++ b/netwerk/protocol/ftp/nsFtpConnectionThread.cpp @@ -29,7 +29,6 @@ #include "nsIStreamListenerTee.h" #include "nsIPrefService.h" #include "nsIPrefBranch.h" -#include "nsIStringBundle.h" #include "nsAuthInformationHolder.h" #include "nsIProtocolProxyService.h" #include "nsICancelable.h" @@ -926,38 +925,7 @@ nsFtpState::R_syst() { mServerType = FTP_VMS_TYPE; } else { NS_ERROR("Server type list format unrecognized."); - // Guessing causes crashes. - // (Of course, the parsing code should be more robust...) - nsCOMPtr<nsIStringBundleService> bundleService = - do_GetService(NS_STRINGBUNDLE_CONTRACTID); - if (!bundleService) - return FTP_ERROR; - - nsCOMPtr<nsIStringBundle> bundle; - nsresult rv = bundleService->CreateBundle(NECKO_MSGS_URL, - getter_AddRefs(bundle)); - if (NS_FAILED(rv)) - return FTP_ERROR; - - char16_t* ucs2Response = ToNewUnicode(mResponseMsg); - const char16_t *formatStrings[1] = { ucs2Response }; - NS_NAMED_LITERAL_STRING(name, "UnsupportedFTPServer"); - - nsXPIDLString formattedString; - rv = bundle->FormatStringFromName(name.get(), formatStrings, 1, - getter_Copies(formattedString)); - free(ucs2Response); - if (NS_FAILED(rv)) - return FTP_ERROR; - - // TODO(darin): this code should not be dictating UI like this! - nsCOMPtr<nsIPrompt> prompter; - mChannel->GetCallback(prompter); - if (prompter) - prompter->Alert(nullptr, formattedString.get()); - - // since we just alerted the user, clear mResponseMsg, - // which is displayed to the user. + // clear mResponseMsg, which is displayed to the user. mResponseMsg = ""; return FTP_ERROR; } @@ -1779,34 +1747,6 @@ nsFtpState::KillControlConnection() mControlConnection = nullptr; } -class nsFtpAsyncAlert : public Runnable -{ -public: - nsFtpAsyncAlert(nsIPrompt *aPrompter, nsString aResponseMsg) - : mPrompter(aPrompter) - , mResponseMsg(aResponseMsg) - { - MOZ_COUNT_CTOR(nsFtpAsyncAlert); - } -protected: - virtual ~nsFtpAsyncAlert() - { - MOZ_COUNT_DTOR(nsFtpAsyncAlert); - } -public: - NS_IMETHOD Run() override - { - if (mPrompter) { - mPrompter->Alert(nullptr, mResponseMsg.get()); - } - return NS_OK; - } -private: - nsCOMPtr<nsIPrompt> mPrompter; - nsString mResponseMsg; -}; - - nsresult nsFtpState::StopProcessing() { @@ -1818,23 +1758,8 @@ nsFtpState::StopProcessing() LOG_INFO(("FTP:(%x) nsFtpState stopping", this)); if (NS_FAILED(mInternalError) && !mResponseMsg.IsEmpty()) { - // check to see if the control status is bad. - // web shell wont throw an alert. we better: - - // XXX(darin): this code should not be dictating UI like this! - nsCOMPtr<nsIPrompt> prompter; - mChannel->GetCallback(prompter); - if (prompter) { - nsCOMPtr<nsIRunnable> alertEvent; - if (mUseUTF8) { - alertEvent = new nsFtpAsyncAlert(prompter, - NS_ConvertUTF8toUTF16(mResponseMsg)); - } else { - alertEvent = new nsFtpAsyncAlert(prompter, - NS_ConvertASCIItoUTF16(mResponseMsg)); - } - NS_DispatchToMainThread(alertEvent); - } + NS_ERROR("FTP: bad control status."); + // check to see if the control status is bad; forward the error message. nsCOMPtr<nsIFTPChannelParentInternal> ftpChanP; mChannel->GetCallback(ftpChanP); if (ftpChanP) { -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 3be7cb940e52f712787a14efb4721fbb08b524f3 Author: Brian Grinstead <bgrinstead@mozilla.com> Date: Sat Mar 23 10:56:30 2019 +0100 Escape '!' to '\041' in posix strings ($'...') --- devtools/client/shared/curl.js | 1 + 1 file changed, 1 insertion(+) diff --git a/devtools/client/shared/curl.js b/devtools/client/shared/curl.js index 6d33ad9..9670197 100644 --- a/devtools/client/shared/curl.js +++ b/devtools/client/shared/curl.js @@ -375,6 +375,7 @@ const CurlUtils = { .replace(/\'/g, "\\\'") .replace(/\n/g, "\\n") .replace(/\r/g, "\\r") + .replace(/!/g, "\\041") .replace(/[^\x20-\x7E]/g, escapeCharacter) + "'"; } -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit b4a65a3e0191fa92bfee04d2b88f6a7baa3cb492 Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Sat Mar 23 11:10:28 2019 +0100 Check for osint argument when checking for greomni and appomni arguments. Specifying both is invalid and unsupported. --- toolkit/xre/nsAppRunner.cpp | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp index 59a72c4..26e432b 100644 --- a/toolkit/xre/nsAppRunner.cpp +++ b/toolkit/xre/nsAppRunner.cpp @@ -4130,9 +4130,12 @@ XRE_InitCommandLine(int aArgc, char* aArgv[]) #endif const char *path = nullptr; - ArgResult ar = CheckArg("greomni", false, &path); + ArgResult ar = CheckArg("greomni", true, &path); if (ar == ARG_BAD) { - PR_fprintf(PR_STDERR, "Error: argument --greomni requires a path argument\n"); + PR_fprintf(PR_STDERR, + "Error: argument --greomni requires a path argument or the " + "--osint argument was specified with the --greomni argument " + "which is invalid.\n"); return NS_ERROR_FAILURE; } @@ -4146,9 +4149,12 @@ XRE_InitCommandLine(int aArgc, char* aArgv[]) return rv; } - ar = CheckArg("appomni", false, &path); + ar = CheckArg("appomni", true, &path); if (ar == ARG_BAD) { - PR_fprintf(PR_STDERR, "Error: argument --appomni requires a path argument\n"); + PR_fprintf(PR_STDERR, + "Error: argument --appomni requires a path argument or the " + "--osint argument was specified with the --appomni argument " + "which is invalid.\n"); return NS_ERROR_FAILURE; } -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit cee1324f0fb9b7fd989f7479b696c999493ed8af Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Sat Mar 23 12:52:39 2019 +0100 Disallow getUserMedia on null principals. --- dom/media/MediaManager.cpp | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/dom/media/MediaManager.cpp b/dom/media/MediaManager.cpp index 288f2e7..979cb64 100644 --- a/dom/media/MediaManager.cpp +++ b/dom/media/MediaManager.cpp @@ -2049,6 +2049,16 @@ MediaManager::GetUserMedia(nsPIDOMWindowInner* aWindow, return rv; } + // Disallow access to null principal pages + nsCOMPtr<nsIPrincipal> principal = aWindow->GetExtantDoc()->NodePrincipal(); + if (principal->GetIsNullPrincipal()) { + RefPtr<MediaStreamError> error = + new MediaStreamError(aWindow, + NS_LITERAL_STRING("NotAllowedError")); + onFailure->OnError(error); + return NS_OK; + } + if (!Preferences::GetBool("media.navigator.video.enabled", true)) { c.mVideo.SetAsBoolean() = false; } @@ -2188,7 +2198,6 @@ MediaManager::GetUserMedia(nsPIDOMWindowInner* aWindow, StreamListeners* listeners = AddWindowID(windowID); // Create a disabled listener to act as a placeholder - nsIPrincipal* principal = aWindow->GetExtantDoc()->NodePrincipal(); RefPtr<GetUserMediaCallbackMediaStreamListener> listener = new GetUserMediaCallbackMediaStreamListener(mMediaThread, windowID, MakePrincipalHandle(principal)); -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 724368467bb00e7b08fc0fc178ef261411f7c9e0 Author: sotaro <sotaro.ikeda.g@gmail.com> Date: Sat Mar 23 13:01:13 2019 +0100 Check if CopyData succeeded. --- dom/media/VideoFrameContainer.cpp | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/dom/media/VideoFrameContainer.cpp b/dom/media/VideoFrameContainer.cpp index 2b19657..56aea9d 100644 --- a/dom/media/VideoFrameContainer.cpp +++ b/dom/media/VideoFrameContainer.cpp @@ -61,7 +61,7 @@ void VideoFrameContainer::UpdatePrincipalHandleForFrameIDLocked(const PrincipalH mFrameIDForPendingPrincipalHandle = aFrameID; } -static void +static bool SetImageToBlackPixel(PlanarYCbCrImage* aImage) { uint8_t blackPixel[] = { 0x10, 0x80, 0x80 }; @@ -72,7 +72,7 @@ SetImageToBlackPixel(PlanarYCbCrImage* aImage) data.mCrChannel = blackPixel + 2; data.mYStride = data.mCbCrStride = 1; data.mPicSize = data.mYSize = data.mCbCrSize = gfx::IntSize(1, 1); - aImage->CopyData(data); + return aImage->CopyData(data); } class VideoFrameContainerInvalidateRunnable : public Runnable { @@ -122,11 +122,13 @@ void VideoFrameContainer::SetCurrentFrames(const VideoSegment& aSegment) if (frame->GetForceBlack()) { if (!mBlackImage) { - mBlackImage = GetImageContainer()->CreatePlanarYCbCrImage(); - if (mBlackImage) { + RefPtr<Image> blackImage = GetImageContainer()->CreatePlanarYCbCrImage(); + if (blackImage) { // Sets the image to a single black pixel, which will be scaled to // fill the rendered size. - SetImageToBlackPixel(mBlackImage->AsPlanarYCbCrImage()); + if (SetImageToBlackPixel(blackImage->AsPlanarYCbCrImage())) { + mBlackImage = blackImage; + } } } if (mBlackImage) { -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit a5b2695841296d06eae7489f056ccc9b9040f14d Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Sat Mar 23 14:43:00 2019 +0100 Version bump --- application/palemoon/config/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/palemoon/config/version.txt b/application/palemoon/config/version.txt index 5b82d50..a0f77e6 100644 --- a/application/palemoon/config/version.txt +++ b/application/palemoon/config/version.txt @@ -1 +1 @@ -28.4.0 \ No newline at end of file +28.4.1 \ No newline at end of file -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 98bd23c78fd43d7d05b44e813c54c9c14bdfc4a0 Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Fri Mar 22 19:21:52 2019 +0100 Add SSUAO for polyfill.io Financial Times' polyfill.io service horribly breaks when it finds anything but a short list of predefined UA strings. We have to send them a strict Firefox UA or other sites relying on it will break too (including PayPal!). An issue has been raised on their repo. --- application/palemoon/branding/shared/pref/uaoverrides.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/application/palemoon/branding/shared/pref/uaoverrides.inc b/application/palemoon/branding/shared/pref/uaoverrides.inc index 3e28225..36a0ae1 100644 --- a/application/palemoon/branding/shared/pref/uaoverrides.inc +++ b/application/palemoon/branding/shared/pref/uaoverrides.inc @@ -57,6 +57,9 @@ pref("@GUAO_PREF@.www.amazon.com","Mozilla/5.0 (@OS_SLICE@ rv:45.9) @GK_SLICE@ F pref("@GUAO_PREF@.soundcloud.com","Mozilla/5.0 (@OS_SLICE@ rv:@GRE_VERSION@) @GRE_DATE_SLICE@ @PM_SLICE@"); // Daily motion only likes strict Firefox UAs pref("@GUAO_PREF@.dailymotion.com","Mozilla/5.0 (@OS_SLICE@ rv:52.0) @GK_SLICE@ Firefox/52.0"); +// Financial Times' polyfill.io breaks horribly on a Pale Moon UA. Send a strict Firefox UA instead. +pref("@GUAO_PREF@.polyfill.io","Mozilla/5.0 (@OS_SLICE@ rv:60.9) @GK_SLICE@ Firefox/60.9"); + // The following requires native mode. Or it blocks.. "too old firefox", breakage, etc. pref("@GUAO_PREF@.deviantart.com","Mozilla/5.0 (@OS_SLICE@ rv:@GRE_VERSION@) @GRE_DATE_SLICE@ @PM_SLICE@"); -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/28.4.1 in repository pale-moon. commit 9ffed6e8bfb35c090caf5f8bca7a0f8bd4cbec94 Author: wolfbeast <mcwerewolf@wolfbeast.com> Date: Tue Mar 26 18:30:57 2019 +0100 Simplify some alias sets in IonMonkey. --- js/src/jit/AliasAnalysisShared.cpp | 3 ++- js/src/jit/MIR.h | 7 ++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/js/src/jit/AliasAnalysisShared.cpp b/js/src/jit/AliasAnalysisShared.cpp index ae28327..81c0fd0 100644 --- a/js/src/jit/AliasAnalysisShared.cpp +++ b/js/src/jit/AliasAnalysisShared.cpp @@ -102,7 +102,6 @@ GetObject(const MDefinition* ins) case MDefinition::Op_SetDisjointTypedElements: case MDefinition::Op_ArrayPopShift: case MDefinition::Op_ArrayPush: - case MDefinition::Op_ArraySlice: case MDefinition::Op_LoadTypedArrayElementHole: case MDefinition::Op_StoreTypedArrayElementHole: case MDefinition::Op_LoadFixedSlot: @@ -126,6 +125,7 @@ GetObject(const MDefinition* ins) object = ins->getOperand(0); break; case MDefinition::Op_GetPropertyCache: + case MDefinition::Op_CallGetProperty: case MDefinition::Op_LoadTypedArrayElementStatic: case MDefinition::Op_StoreTypedArrayElementStatic: case MDefinition::Op_GetDOMProperty: @@ -148,6 +148,7 @@ GetObject(const MDefinition* ins) case MDefinition::Op_WasmLoadGlobalVar: case MDefinition::Op_WasmStoreGlobalVar: case MDefinition::Op_ArrayJoin: + case MDefinition::Op_ArraySlice: return nullptr; default: #ifdef DEBUG diff --git a/js/src/jit/MIR.h b/js/src/jit/MIR.h index b2e8432..fb0f22f 100644 --- a/js/src/jit/MIR.h +++ b/js/src/jit/MIR.h @@ -9910,10 +9910,6 @@ class MArraySlice return unboxedType_; } - AliasSet getAliasSet() const override { - return AliasSet::Store(AliasSet::BoxedOrUnboxedElements(unboxedType()) | - AliasSet::ObjectFields); - } bool possiblyCalls() const override { return true; } @@ -11837,7 +11833,8 @@ class MCallGetProperty AliasSet getAliasSet() const override { if (!idempotent_) return AliasSet::Store(AliasSet::Any); - return AliasSet::None(); + return AliasSet::Load(AliasSet::ObjectFields | AliasSet::FixedSlot | + AliasSet::DynamicSlot); } bool possiblyCalls() const override { return true; -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git