From 4be580237dbd17d29c4aaad9f6343d5d768309d8 Mon Sep 17 00:00:00 2001
From: Mirko Brodesser <mbrodesser@mozilla.com>
Date: Fri, 6 Mar 2020 12:03:23 +0000
Subject: [PATCH] Bug 1619617: part 1) Annotate
 `RemoveRangeAndUnselectFramesAndNotifyListeners` with `MOZ_CAN_RUN_SCRIPT`.
 r=smaug

Differential Revision: https://phabricator.services.mozilla.com/D65511

--HG--
extra : moz-landing-system : lando
---
 accessible/generic/HyperTextAccessible.cpp          |  6 +++---
 accessible/generic/HyperTextAccessible.h            | 13 +++++++++----
 dom/base/Selection.h                                |  3 +--
 dom/base/nsRange.cpp                                |  6 ++++--
 dom/base/nsRange.h                                  |  4 +++-
 editor/libeditor/HTMLTableEditor.cpp                |  5 +++--
 extensions/spellcheck/src/mozInlineSpellChecker.cpp |  5 +++--
 extensions/spellcheck/src/mozInlineSpellChecker.h   |  6 ++++--
 layout/generic/nsFrameSelection.h                   | 12 +++++++-----
 9 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/accessible/generic/HyperTextAccessible.cpp b/accessible/generic/HyperTextAccessible.cpp
index e3fbd3682448..0b7fc6ee0c86 100644
--- a/accessible/generic/HyperTextAccessible.cpp
+++ b/accessible/generic/HyperTextAccessible.cpp
@@ -1283,7 +1283,7 @@ nsresult HyperTextAccessible::SetSelectionRange(int32_t aStartPos,
   // some input controls
   if (isFocusable) TakeFocus();
 
-  dom::Selection* domSel = DOMSelection();
+  RefPtr<dom::Selection> domSel = DOMSelection();
   NS_ENSURE_STATE(domSel);
 
   // Set up the selection.
@@ -1577,7 +1577,7 @@ bool HyperTextAccessible::SetSelectionBoundsAt(int32_t aSelectionNum,
     return false;
   }
 
-  dom::Selection* domSel = DOMSelection();
+  RefPtr<dom::Selection> domSel = DOMSelection();
   if (!domSel) return false;
 
   RefPtr<nsRange> range;
@@ -1615,7 +1615,7 @@ bool HyperTextAccessible::SetSelectionBoundsAt(int32_t aSelectionNum,
 }
 
 bool HyperTextAccessible::RemoveFromSelection(int32_t aSelectionNum) {
-  dom::Selection* domSel = DOMSelection();
+  RefPtr<dom::Selection> domSel = DOMSelection();
   if (!domSel) return false;
 
   if (aSelectionNum < 0 ||
diff --git a/accessible/generic/HyperTextAccessible.h b/accessible/generic/HyperTextAccessible.h
index 6f47d4968852..f0e5e2be40d1 100644
--- a/accessible/generic/HyperTextAccessible.h
+++ b/accessible/generic/HyperTextAccessible.h
@@ -341,8 +341,10 @@ class HyperTextAccessible : public AccessibleWrap {
    * Changes the start and end offset of the specified selection.
    * @return true if succeeded
    */
-  bool SetSelectionBoundsAt(int32_t aSelectionNum, int32_t aStartOffset,
-                            int32_t aEndOffset);
+  // TODO: annotate this with `MOZ_CAN_RUN_SCRIPT` instead.
+  MOZ_CAN_RUN_SCRIPT_BOUNDARY bool SetSelectionBoundsAt(int32_t aSelectionNum,
+                                                        int32_t aStartOffset,
+                                                        int32_t aEndOffset);
 
   /**
    * Adds a selection bounded by the specified offsets.
@@ -354,7 +356,8 @@ class HyperTextAccessible : public AccessibleWrap {
    * Removes the specified selection.
    * @return true if succeeded
    */
-  bool RemoveFromSelection(int32_t aSelectionNum);
+  // TODO: annotate this with `MOZ_CAN_RUN_SCRIPT` instead.
+  MOZ_CAN_RUN_SCRIPT_BOUNDARY bool RemoveFromSelection(int32_t aSelectionNum);
 
   /**
    * Scroll the given text range into view.
@@ -508,7 +511,9 @@ class HyperTextAccessible : public AccessibleWrap {
   void GetSelectionDOMRanges(SelectionType aSelectionType,
                              nsTArray<nsRange*>* aRanges);
 
-  nsresult SetSelectionRange(int32_t aStartPos, int32_t aEndPos);
+  // TODO: annotate this with `MOZ_CAN_RUN_SCRIPT` instead.
+  MOZ_CAN_RUN_SCRIPT_BOUNDARY nsresult SetSelectionRange(int32_t aStartPos,
+                                                         int32_t aEndPos);
 
   /**
    * Convert the given DOM point to a DOM point in non-generated contents.
diff --git a/dom/base/Selection.h b/dom/base/Selection.h
index 4b606161862b..3a25a393b6ea 100644
--- a/dom/base/Selection.h
+++ b/dom/base/Selection.h
@@ -307,8 +307,7 @@ class Selection final : public nsSupportsWeakReference,
   /**
    * Callers need to keep `aRange` alive.
    */
-  MOZ_CAN_RUN_SCRIPT_BOUNDARY
-  void RemoveRangeAndUnselectFramesAndNotifyListeners(
+  MOZ_CAN_RUN_SCRIPT void RemoveRangeAndUnselectFramesAndNotifyListeners(
       nsRange& aRange, mozilla::ErrorResult& aRv);
 
   MOZ_CAN_RUN_SCRIPT_BOUNDARY void RemoveAllRanges(mozilla::ErrorResult& aRv);
diff --git a/dom/base/nsRange.cpp b/dom/base/nsRange.cpp
index 5997059a0ce3..46866a7adff8 100644
--- a/dom/base/nsRange.cpp
+++ b/dom/base/nsRange.cpp
@@ -943,9 +943,11 @@ void nsRange::SetSelection(mozilla::dom::Selection* aSelection) {
 
   // Extra step in case our parent failed to ensure the above
   // invariant.
+  RefPtr<nsRange> range{this};
   if (aSelection && mSelection) {
-    mSelection->RemoveRangeAndUnselectFramesAndNotifyListeners(*this,
-                                                               IgnoreErrors());
+    RefPtr<Selection> selection{mSelection};
+    selection->RemoveRangeAndUnselectFramesAndNotifyListeners(*range,
+                                                              IgnoreErrors());
   }
 
   mSelection = aSelection;
diff --git a/dom/base/nsRange.h b/dom/base/nsRange.h
index 2d04d34cd2d5..0b64b5e00211 100644
--- a/dom/base/nsRange.h
+++ b/dom/base/nsRange.h
@@ -100,7 +100,9 @@ class nsRange final : public mozilla::dom::AbstractRange,
   /**
    * Called when the range is added/removed from a Selection.
    */
-  void SetSelection(mozilla::dom::Selection* aSelection);
+  // TODO: annotate this with `MOZ_CAN_RUN_SCRIPT` instead.
+  MOZ_CAN_RUN_SCRIPT_BOUNDARY void SetSelection(
+      mozilla::dom::Selection* aSelection);
 
   /**
    * Returns pointer to a Selection if the range is associated with a Selection.
diff --git a/editor/libeditor/HTMLTableEditor.cpp b/editor/libeditor/HTMLTableEditor.cpp
index 5332b258222d..41a626f7c54f 100644
--- a/editor/libeditor/HTMLTableEditor.cpp
+++ b/editor/libeditor/HTMLTableEditor.cpp
@@ -2622,8 +2622,9 @@ HTMLEditor::JoinTableCells(bool aMergeNonContiguousContents) {
       RefPtr<Element> deletedCell;
       HTMLEditor::GetCellFromRange(range, getter_AddRefs(deletedCell));
       if (!deletedCell) {
-        SelectionRefPtr()->RemoveRangeAndUnselectFramesAndNotifyListeners(
-            *range, IgnoreErrors());
+        MOZ_KnownLive(SelectionRefPtr())
+            ->RemoveRangeAndUnselectFramesAndNotifyListeners(*range,
+                                                             IgnoreErrors());
         rangeCount--;
         i--;
       }
diff --git a/extensions/spellcheck/src/mozInlineSpellChecker.cpp b/extensions/spellcheck/src/mozInlineSpellChecker.cpp
index c9cafa5b8d92..881f9f156889 100644
--- a/extensions/spellcheck/src/mozInlineSpellChecker.cpp
+++ b/extensions/spellcheck/src/mozInlineSpellChecker.cpp
@@ -1605,8 +1605,9 @@ nsresult mozInlineSpellChecker::RemoveRange(Selection* aSpellCheckSelection,
   NS_ENSURE_ARG_POINTER(aRange);
 
   ErrorResult rv;
-  aSpellCheckSelection->RemoveRangeAndUnselectFramesAndNotifyListeners(*aRange,
-                                                                       rv);
+  RefPtr<nsRange> range{aRange};
+  RefPtr<Selection> selection{aSpellCheckSelection};
+  selection->RemoveRangeAndUnselectFramesAndNotifyListeners(*range, rv);
   if (!rv.Failed() && mNumWordsInSpellSelection) mNumWordsInSpellSelection--;
 
   return rv.StealNSResult();
diff --git a/extensions/spellcheck/src/mozInlineSpellChecker.h b/extensions/spellcheck/src/mozInlineSpellChecker.h
index 674ec267a51c..4748734d86f3 100644
--- a/extensions/spellcheck/src/mozInlineSpellChecker.h
+++ b/extensions/spellcheck/src/mozInlineSpellChecker.h
@@ -222,8 +222,10 @@ class mozInlineSpellChecker final : public nsIInlineSpellChecker,
   /**
    * @param aRange needs to be kept alive by the caller.
    */
-  nsresult RemoveRange(mozilla::dom::Selection* aSpellCheckSelection,
-                       nsRange* aRange);
+  // TODO: annotate with `MOZ_CAN_RUN_SCRIPT` instead
+  // (https://bugzilla.mozilla.org/show_bug.cgi?id=1620540).
+  MOZ_CAN_RUN_SCRIPT_BOUNDARY nsresult
+  RemoveRange(mozilla::dom::Selection* aSpellCheckSelection, nsRange* aRange);
   nsresult AddRange(mozilla::dom::Selection* aSpellCheckSelection,
                     nsRange* aRange);
   bool SpellCheckSelectionIsFull() {
diff --git a/layout/generic/nsFrameSelection.h b/layout/generic/nsFrameSelection.h
index 21414b8e7cfc..6ef055e4647a 100644
--- a/layout/generic/nsFrameSelection.h
+++ b/layout/generic/nsFrameSelection.h
@@ -820,6 +820,8 @@ class nsFrameSelection final {
     // (according to GetFirstCellNodeInRange).
     nsRange* GetNextCellRange(const mozilla::dom::Selection& aNormalSelection);
 
+    // TODO: annotate this with `MOZ_CAN_RUN_SCRIPT` instead.
+    MOZ_CAN_RUN_SCRIPT_BOUNDARY
     nsresult HandleSelection(nsINode* aParentContent, int32_t aContentOffset,
                              mozilla::TableSelectionMode aTarget,
                              mozilla::WidgetMouseEvent* aMouseEvent,
@@ -833,11 +835,11 @@ class nsFrameSelection final {
                                mozilla::dom::Selection& aNormalSelection);
 
     // TODO: mark as `MOZ_CAN_RUN_SCRIPT`.
-    nsresult UnselectCells(nsIContent* aTable, int32_t aStartRowIndex,
-                           int32_t aStartColumnIndex, int32_t aEndRowIndex,
-                           int32_t aEndColumnIndex,
-                           bool aRemoveOutsideOfCellRange,
-                           mozilla::dom::Selection& aNormalSelection);
+    MOZ_CAN_RUN_SCRIPT_BOUNDARY nsresult
+    UnselectCells(nsIContent* aTable, int32_t aStartRowIndex,
+                  int32_t aStartColumnIndex, int32_t aEndRowIndex,
+                  int32_t aEndColumnIndex, bool aRemoveOutsideOfCellRange,
+                  mozilla::dom::Selection& aNormalSelection);
 
     nsCOMPtr<nsINode> mCellParent;  // used to snap to table selection
     nsCOMPtr<nsIContent> mStartSelectedCell;