2017-10-27 20:33:53 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
2017-02-17 16:15:18 +03:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
#ifndef NS_AUTOREFERENCELIMITER_H
|
|
|
|
#define NS_AUTOREFERENCELIMITER_H
|
|
|
|
|
2017-03-27 14:49:21 +03:00
|
|
|
#include "Element.h"
|
2017-02-17 16:15:18 +03:00
|
|
|
#include "mozilla/Assertions.h"
|
|
|
|
#include "mozilla/Attributes.h"
|
|
|
|
#include "mozilla/ReentrancyGuard.h"
|
|
|
|
#include "mozilla/Likely.h"
|
|
|
|
#include "nsDebug.h"
|
2019-01-02 16:05:23 +03:00
|
|
|
#include "mozilla/dom/Document.h"
|
2017-02-17 16:15:18 +03:00
|
|
|
#include "nsIFrame.h"
|
|
|
|
|
|
|
|
namespace mozilla {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This helper class helps us to protect against two related issues that can
|
|
|
|
* occur in SVG content: reference loops, and reference chains that we deem to
|
|
|
|
* be too long.
|
|
|
|
*
|
|
|
|
* Some SVG effects can reference another effect of the same type to produce
|
|
|
|
* a chain of effects to be applied (e.g. clipPath), while in other cases it is
|
|
|
|
* possible that while processing an effect of a certain type another effect
|
|
|
|
* of the same type may be encountered indirectly (e.g. pattern). In order to
|
|
|
|
* avoid stack overflow crashes and performance issues we need to impose an
|
|
|
|
* arbitrary limit on the length of the reference chains that SVG content may
|
|
|
|
* try to create. (Some SVG authoring tools have been known to create absurdly
|
|
|
|
* long reference chains. For example, bug 1253590 details a case where Adobe
|
|
|
|
* Illustrator was used to created an SVG with a chain of 5000 clip paths which
|
|
|
|
* could cause us to run out of stack space and crash.)
|
|
|
|
*
|
|
|
|
* This class is intended to be used with the nsIFrame's of SVG effects that
|
|
|
|
* may involve reference chains. To use it add a boolean member, something
|
|
|
|
* like this:
|
|
|
|
*
|
|
|
|
* // Flag used to indicate whether a methods that may reenter due to
|
|
|
|
* // following a reference to another instance is currently executing.
|
|
|
|
* bool mIsBeingProcessed;
|
|
|
|
*
|
|
|
|
* Make sure to initialize the member to false in the class' constructons.
|
|
|
|
*
|
|
|
|
* Then add the following to the top of any methods that may be reentered due
|
|
|
|
* to following a reference:
|
|
|
|
*
|
|
|
|
* static int16_t sRefChainLengthCounter = AutoReferenceChainGuard::noChain;
|
|
|
|
*
|
|
|
|
* AutoReferenceChainGuard refChainGuard(this, &mIsBeingProcessed,
|
|
|
|
* &sRefChainLengthCounter);
|
|
|
|
* if (MOZ_UNLIKELY(!refChainGuard.Reference())) {
|
|
|
|
* return; // Break reference chain
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
* Note that mIsBeingProcessed and sRefChainLengthCounter should never be used
|
|
|
|
* by the frame except when it initialize them as indicated above.
|
|
|
|
*/
|
|
|
|
class MOZ_RAII AutoReferenceChainGuard {
|
|
|
|
static const int16_t sDefaultMaxChainLength = 10; // arbitrary length
|
|
|
|
|
|
|
|
public:
|
|
|
|
static const int16_t noChain = -2;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param aFrame The frame for an effect that may involve a reference chain.
|
|
|
|
* @param aFrameInUse The member variable on aFrame that is used to indicate
|
|
|
|
* whether one of aFrame's methods that may involve following a reference
|
|
|
|
* to another effect of the same type is currently being executed.
|
|
|
|
* @param aChainCounter A static variable in the method in which this class
|
|
|
|
* is instantiated that is used to keep track of how many times the method
|
|
|
|
* is reentered (and thus how long the a reference chain is).
|
|
|
|
* @param aMaxChainLength The maximum number of links that are allowed in
|
|
|
|
* a reference chain.
|
|
|
|
*/
|
|
|
|
AutoReferenceChainGuard(nsIFrame* aFrame, bool* aFrameInUse,
|
|
|
|
int16_t* aChainCounter,
|
|
|
|
int16_t aMaxChainLength = sDefaultMaxChainLength
|
|
|
|
MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
|
|
|
|
: mFrame(aFrame),
|
|
|
|
mFrameInUse(aFrameInUse),
|
2017-08-22 13:43:15 +03:00
|
|
|
mChainCounter(aChainCounter),
|
2017-02-17 16:15:18 +03:00
|
|
|
mMaxChainLength(aMaxChainLength),
|
2017-08-22 13:43:15 +03:00
|
|
|
mBrokeReference(false) {
|
2017-02-17 16:15:18 +03:00
|
|
|
MOZ_GUARD_OBJECT_NOTIFIER_INIT;
|
|
|
|
MOZ_ASSERT(aFrame && aFrameInUse && aChainCounter);
|
|
|
|
MOZ_ASSERT(aMaxChainLength > 0);
|
|
|
|
MOZ_ASSERT(*aChainCounter == noChain ||
|
|
|
|
(*aChainCounter >= 0 && *aChainCounter < aMaxChainLength));
|
|
|
|
}
|
|
|
|
|
|
|
|
~AutoReferenceChainGuard() {
|
2017-08-22 13:43:15 +03:00
|
|
|
if (mBrokeReference) {
|
|
|
|
// We didn't change mFrameInUse or mChainCounter
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2017-02-17 16:15:18 +03:00
|
|
|
*mFrameInUse = false;
|
|
|
|
|
|
|
|
// If we fail this assert then there were more destructor calls than
|
|
|
|
// Reference() calls (a consumer forgot to to call Reference()), or else
|
|
|
|
// someone messed with the variable pointed to by mChainCounter.
|
|
|
|
MOZ_ASSERT(*mChainCounter < mMaxChainLength);
|
|
|
|
|
|
|
|
(*mChainCounter)++;
|
|
|
|
|
|
|
|
if (*mChainCounter == mMaxChainLength) {
|
|
|
|
*mChainCounter = noChain; // reset ready for use next time
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns true on success (no reference loop/reference chain length is
|
|
|
|
* within the specified limits), else returns false on failure (there is a
|
|
|
|
* reference loop/the reference chain has exceeded the specified limits).
|
|
|
|
* If it returns false then an error message will be reported to the DevTools
|
|
|
|
* console (only once).
|
|
|
|
*/
|
|
|
|
MOZ_MUST_USE bool Reference() {
|
|
|
|
if (MOZ_UNLIKELY(*mFrameInUse)) {
|
2017-08-22 13:43:15 +03:00
|
|
|
mBrokeReference = true;
|
2017-02-17 16:15:18 +03:00
|
|
|
ReportErrorToConsole();
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2017-08-22 13:43:15 +03:00
|
|
|
if (*mChainCounter == noChain) {
|
|
|
|
// Initialize - we start at aMaxChainLength and decrement towards zero.
|
|
|
|
*mChainCounter = mMaxChainLength;
|
|
|
|
} else {
|
|
|
|
// If we fail this assertion then either a consumer failed to break a
|
|
|
|
// reference loop/chain, or else they called Reference() more than once
|
|
|
|
MOZ_ASSERT(*mChainCounter >= 0);
|
|
|
|
|
|
|
|
if (MOZ_UNLIKELY(*mChainCounter < 1)) {
|
|
|
|
mBrokeReference = true;
|
|
|
|
ReportErrorToConsole();
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
2017-02-17 16:15:18 +03:00
|
|
|
|
2018-03-18 21:09:51 +03:00
|
|
|
// We only set these once we know we're returning true.
|
2017-08-22 13:43:15 +03:00
|
|
|
*mFrameInUse = true;
|
2017-09-07 19:38:57 +03:00
|
|
|
(*mChainCounter)--;
|
|
|
|
|
2017-02-17 16:15:18 +03:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
private:
|
|
|
|
void ReportErrorToConsole() {
|
2017-09-11 19:02:35 +03:00
|
|
|
nsAutoString tag, id;
|
|
|
|
dom::Element* element = mFrame->GetContent()->AsElement();
|
|
|
|
element->GetTagName(tag);
|
|
|
|
element->GetId(id);
|
|
|
|
const char16_t* params[] = {tag.get(), id.get()};
|
2017-02-17 16:15:18 +03:00
|
|
|
auto doc = mFrame->GetContent()->OwnerDoc();
|
2019-01-02 16:05:23 +03:00
|
|
|
auto warning = *mFrameInUse ? dom::Document::eSVGRefLoop
|
|
|
|
: dom::Document::eSVGRefChainLengthExceeded;
|
2017-02-17 16:15:18 +03:00
|
|
|
doc->WarnOnceAbout(warning, /* asError */ true, params,
|
|
|
|
ArrayLength(params));
|
|
|
|
}
|
|
|
|
|
|
|
|
nsIFrame* mFrame;
|
|
|
|
bool* mFrameInUse;
|
|
|
|
int16_t* mChainCounter;
|
|
|
|
const int16_t mMaxChainLength;
|
2017-08-22 13:43:15 +03:00
|
|
|
bool mBrokeReference;
|
2017-02-17 16:15:18 +03:00
|
|
|
MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
|
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace mozilla
|
|
|
|
|
|
|
|
#endif // NS_AUTOREFERENCELIMITER_H
|