From 532a99b12aa8ae2210b00516fb6144517ed8125f Mon Sep 17 00:00:00 2001 From: "Carsten \"Tomcat\" Book" Date: Wed, 12 Jul 2017 10:32:20 +0200 Subject: [PATCH] Backed out changeset 20866468f52d (bug 1376964) --- gfx/thebes/gfxUserFontSet.cpp | 115 +++------------------------------ gfx/thebes/gfxUserFontSet.h | 43 +----------- layout/style/FontFaceSet.cpp | 17 +---- layout/style/FontFaceSet.h | 3 - layout/style/ServoStyleSet.cpp | 11 +--- layout/style/ServoStyleSet.h | 1 - 6 files changed, 13 insertions(+), 177 deletions(-) diff --git a/gfx/thebes/gfxUserFontSet.cpp b/gfx/thebes/gfxUserFontSet.cpp index 1b6df9e9f0c2..b38be303c61d 100644 --- a/gfx/thebes/gfxUserFontSet.cpp +++ b/gfx/thebes/gfxUserFontSet.cpp @@ -909,8 +909,6 @@ gfxUserFontSet::~gfxUserFontSet() if (fp) { fp->RemoveUserFontSet(this); } - - UserFontCache::ClearAllowedFontSets(this); } already_AddRefed @@ -1281,6 +1279,13 @@ gfxUserFontSet::UserFontCache::GetFont(nsIURI* aSrcURI, return nullptr; } + // We have to perform another content policy check here to prevent + // cache poisoning. E.g. a.com loads a font into the cache but + // b.com has a CSP not allowing any fonts to be loaded. + if (!aUserFontEntry->mFontSet->IsFontLoadAllowed(aSrcURI, aPrincipal)) { + return nullptr; + } + // Ignore principal when looking up a data: URI. nsIPrincipal* principal; if (IgnorePrincipal(aSrcURI)) { @@ -1291,77 +1296,11 @@ gfxUserFontSet::UserFontCache::GetFont(nsIURI* aSrcURI, Entry* entry = sUserFonts->GetEntry(Key(aSrcURI, principal, aUserFontEntry, aPrivate)); - if (!entry) { - return nullptr; + if (entry) { + return entry->GetFontEntry(); } - // We have to perform another content policy check here to prevent - // cache poisoning. E.g. a.com loads a font into the cache but - // b.com has a CSP not allowing any fonts to be loaded. - bool allowed = false; - if (ServoStyleSet::IsInServoTraversal()) { - // Use the cached IsFontLoadAllowed results in mAllowedFontSets. - allowed = entry->IsFontSetAllowed(aUserFontEntry->mFontSet); - } else { - // Call IsFontLoadAllowed directly, since we are on the main thread. - MOZ_ASSERT(NS_IsMainThread()); - allowed = aUserFontEntry->mFontSet->IsFontLoadAllowed(aSrcURI, - aPrincipal); - MOZ_ASSERT(!entry->IsFontSetAllowedKnown(aUserFontEntry->mFontSet) || - entry->IsFontSetAllowed(aUserFontEntry->mFontSet) == allowed, - "why does IsFontLoadAllowed return a different value from " - "the cached value in mAllowedFontSets?"); - } - - if (!allowed) { - return nullptr; - } - - return entry->GetFontEntry(); -} - -/* static */ void -gfxUserFontSet::UserFontCache::UpdateAllowedFontSets( - gfxUserFontSet* aUserFontSet) -{ - MOZ_ASSERT(NS_IsMainThread()); - - if (!sUserFonts) { - return; - } - - for (auto iter = sUserFonts->Iter(); !iter.Done(); iter.Next()) { - Entry* entry = iter.Get(); - if (!entry->IsFontSetAllowedKnown(aUserFontSet)) { - nsIPrincipal* principal = entry->GetPrincipal(); - if (!principal) { - // This is a data: URI. Just get the standard principal the - // font set uses. (For cases when mUseOriginPrincipal is true, - // we don't use the cached results of IsFontLoadAllowed, and - // instead just process the data: URI load async.) - principal = aUserFontSet->GetStandardFontLoadPrincipal(); - } - bool allowed = - aUserFontSet->IsFontLoadAllowed(entry->GetURI(), principal); - entry->SetIsFontSetAllowed(aUserFontSet, allowed); - } - } -} - -/* static */ void -gfxUserFontSet::UserFontCache::ClearAllowedFontSets( - gfxUserFontSet* aUserFontSet) -{ - MOZ_ASSERT(NS_IsMainThread()); - - if (!sUserFonts) { - return; - } - - for (auto iter = sUserFonts->Iter(); !iter.Done(); iter.Next()) { - Entry* entry = iter.Get(); - entry->ClearIsFontSetAllowed(aUserFontSet); - } + return nullptr; } void @@ -1375,40 +1314,6 @@ gfxUserFontSet::UserFontCache::Shutdown() MOZ_DEFINE_MALLOC_SIZE_OF(UserFontsMallocSizeOf) -bool -gfxUserFontSet::UserFontCache::Entry::IsFontSetAllowed( - gfxUserFontSet* aUserFontSet) const -{ - bool allowed = false; - DebugOnly found = mAllowedFontSets.Get(aUserFontSet, &allowed); - MOZ_ASSERT(found, "UpdateAllowedFontSets should have been called and " - "added an entry to mAllowedFontSets"); - return allowed; -} - -bool -gfxUserFontSet::UserFontCache::Entry::IsFontSetAllowedKnown( - gfxUserFontSet* aUserFontSet) const -{ - return mAllowedFontSets.Contains(aUserFontSet); -} - -void -gfxUserFontSet::UserFontCache::Entry::SetIsFontSetAllowed( - gfxUserFontSet* aUserFontSet, - bool aAllowed) -{ - MOZ_ASSERT(!IsFontSetAllowedKnown(aUserFontSet)); - mAllowedFontSets.Put(aUserFontSet, aAllowed); -} - -void -gfxUserFontSet::UserFontCache::Entry::ClearIsFontSetAllowed( - gfxUserFontSet* aUserFontSet) -{ - mAllowedFontSets.Remove(aUserFontSet); -} - void gfxUserFontSet::UserFontCache::Entry::ReportMemory( nsIHandleReportCallback* aHandleReport, nsISupports* aData, bool aAnonymize) diff --git a/gfx/thebes/gfxUserFontSet.h b/gfx/thebes/gfxUserFontSet.h index d90a8ca3f1d7..9d9e0753fb06 100644 --- a/gfx/thebes/gfxUserFontSet.h +++ b/gfx/thebes/gfxUserFontSet.h @@ -256,8 +256,6 @@ public: nsIPrincipal** aPrincipal, bool* aBypassCache) = 0; - virtual nsIPrincipal* GetStandardFontLoadPrincipal() = 0; - // check whether content policies allow the given URI to load. virtual bool IsFontLoadAllowed(nsIURI* aFontLocation, nsIPrincipal* aPrincipal) = 0; @@ -307,25 +305,6 @@ public: // the cache. (Removals don't increment it.) static uint32_t Generation() { return sGeneration; } - // For each entry in the user font cache where we haven't recorded - // whether the given user font set is allowed to use the entry, - // call IsFontLoadAllowed and record it. - // - // This function should be called just before a Servo restyle, so - // that we can determine whether a given font load (using a cached - // font) would be allowed without having to call the non-OMT-safe - // IsFontLoadAllowed from the style worker threads. - static void UpdateAllowedFontSets(gfxUserFontSet* aUserFontSet); - - // Clears all recorded IsFontLoadAllowed results for the given - // user font set. - // - // This function should be called just before the user font set is - // going away, or when we detect that a document's node principal - // has changed (and thus the already recorded IsFontLoadAllowed - // results are no longer valid). - static void ClearAllowedFontSets(gfxUserFontSet* aUserFontSet); - // Clear everything so that we don't leak URIs and Principals. static void Shutdown(); @@ -422,15 +401,9 @@ public: enum { ALLOW_MEMMOVE = false }; - nsIURI* GetURI() const { return mURI; } - nsIPrincipal* GetPrincipal() const { return mPrincipal; } gfxFontEntry* GetFontEntry() const { return mFontEntry; } - bool IsPrivate() const { return mPrivate; } - bool IsFontSetAllowed(gfxUserFontSet* aUserFontSet) const; - bool IsFontSetAllowedKnown(gfxUserFontSet* aUserFontSet) const; - void SetIsFontSetAllowed(gfxUserFontSet* aUserFontSet, bool aAllowed); - void ClearIsFontSetAllowed(gfxUserFontSet* aUserFontSet); + bool IsPrivate() const { return mPrivate; } void ReportMemory(nsIHandleReportCallback* aHandleReport, nsISupports* aData, bool aAnonymize); @@ -446,20 +419,6 @@ public: aFeatures.Length() * sizeof(gfxFontFeature)); } - // Set of gfxUserFontSets that are allowed to use this cached font - // entry. - // - // This is basically a cache of results of calls to - // gfxUserFontSet::IsFontLoadAllowed for each font set to be used - // when using the cache from style worker threads (where calling - // IsFontLoadAllowed is not possible). Whenever a new entry is - // added to the cache, sGeneration is bumped, and a FontFaceSet - // for a document about to be styled can call UpdateAllowedFontSets - // to record IsFontLoadAllowed results for the new entries. When - // a FontFaceSet is going away, it calls ClearAllowedFontSets - // to remove entries from the mAllowedFontSets tables. - nsDataHashtable, bool> mAllowedFontSets; - nsCOMPtr mURI; nsCOMPtr mPrincipal; // or nullptr for data: URLs diff --git a/layout/style/FontFaceSet.cpp b/layout/style/FontFaceSet.cpp index 479b3a64f553..63d7057e102e 100644 --- a/layout/style/FontFaceSet.cpp +++ b/layout/style/FontFaceSet.cpp @@ -1326,12 +1326,6 @@ FontFaceSet::LogMessage(gfxUserFontEntry* aUserFontEntry, return NS_OK; } -nsIPrincipal* -FontFaceSet::GetStandardFontLoadPrincipal() -{ - return mDocument->NodePrincipal(); -} - nsresult FontFaceSet::CheckFontLoad(const gfxFontFaceSrc* aFontFaceSrc, nsIPrincipal** aPrincipal, @@ -1350,7 +1344,7 @@ FontFaceSet::CheckFontLoad(const gfxFontFaceSrc* aFontFaceSrc, // use document principal, original principal if flag set // this enables user stylesheets to load font files via // @font-face rules - *aPrincipal = GetStandardFontLoadPrincipal(); + *aPrincipal = mDocument->NodePrincipal(); NS_ASSERTION(aFontFaceSrc->mOriginPrincipal, "null origin principal in @font-face rule"); @@ -1803,15 +1797,6 @@ FontFaceSet::UserFontSet::CheckFontLoad(const gfxFontFaceSrc* aFontFaceSrc, return mFontFaceSet->CheckFontLoad(aFontFaceSrc, aPrincipal, aBypassCache); } -/* virtual */ nsIPrincipal* -FontFaceSet::UserFontSet::GetStandardFontLoadPrincipal() -{ - if (!mFontFaceSet) { - return nullptr; - } - return mFontFaceSet->GetStandardFontLoadPrincipal(); -} - /* virtual */ bool FontFaceSet::UserFontSet::IsFontLoadAllowed(nsIURI* aFontLocation, nsIPrincipal* aPrincipal) diff --git a/layout/style/FontFaceSet.h b/layout/style/FontFaceSet.h index 24beb90f777f..f72f6e94a7f9 100644 --- a/layout/style/FontFaceSet.h +++ b/layout/style/FontFaceSet.h @@ -63,8 +63,6 @@ public: FontFaceSet* GetFontFaceSet() { return mFontFaceSet; } - nsIPrincipal* GetStandardFontLoadPrincipal() override; - virtual nsresult CheckFontLoad(const gfxFontFaceSrc* aFontFaceSrc, nsIPrincipal** aPrincipal, bool* aBypassCache) override; @@ -263,7 +261,6 @@ private: nsresult StartLoad(gfxUserFontEntry* aUserFontEntry, const gfxFontFaceSrc* aFontFaceSrc); - nsIPrincipal* GetStandardFontLoadPrincipal(); nsresult CheckFontLoad(const gfxFontFaceSrc* aFontFaceSrc, nsIPrincipal** aPrincipal, bool* aBypassCache); diff --git a/layout/style/ServoStyleSet.cpp b/layout/style/ServoStyleSet.cpp index 9e886928d6b9..5268b34de7aa 100644 --- a/layout/style/ServoStyleSet.cpp +++ b/layout/style/ServoStyleSet.cpp @@ -40,7 +40,6 @@ ServoStyleSet::ServoStyleSet() , mAuthorStyleDisabled(false) , mStylistState(StylistState::NotDirty) , mUserFontSetUpdateGeneration(0) - , mUserFontCacheUpdateGeneration(0) , mNeedsRestyleAfterEnsureUniqueInner(false) { } @@ -299,21 +298,13 @@ ServoStyleSet::PreTraverseSync() // it so force computation early. mPresContext->Document()->GetDocumentState(); + // Ensure that the @font-face data is not stale if (gfxUserFontSet* userFontSet = mPresContext->Document()->GetUserFontSet()) { - // Ensure that the @font-face data is not stale uint64_t generation = userFontSet->GetGeneration(); if (generation != mUserFontSetUpdateGeneration) { mPresContext->DeviceContext()->UpdateFontCacheUserFonts(userFontSet); mUserFontSetUpdateGeneration = generation; } - - // Ensure that the user font cache holds up-to-date data on whether - // our font set is allowed to re-use fonts from the cache. - uint32_t cacheGeneration = gfxUserFontSet::UserFontCache::Generation(); - if (cacheGeneration != mUserFontCacheUpdateGeneration) { - gfxUserFontSet::UserFontCache::UpdateAllowedFontSets(userFontSet); - mUserFontCacheUpdateGeneration = cacheGeneration; - } } UpdateStylistIfNeeded(); diff --git a/layout/style/ServoStyleSet.h b/layout/style/ServoStyleSet.h index cb6569289cdd..c120611c399b 100644 --- a/layout/style/ServoStyleSet.h +++ b/layout/style/ServoStyleSet.h @@ -583,7 +583,6 @@ private: bool mAuthorStyleDisabled; StylistState mStylistState; uint64_t mUserFontSetUpdateGeneration; - uint32_t mUserFontCacheUpdateGeneration; bool mNeedsRestyleAfterEnsureUniqueInner;