Bug 1563622 - Use the right layers id for events prevented by chrome. r=botond

This is latent bug in the code. The layers id used in the parent process' call to SetTargetAPZC was always the one that the APZ hit-test produced. But in the case where the parent process had a chrome event listener that does a preventDefault on the event, that is the wrong layers id to use, because we want to use the parent process' layers id instead of the content process' layers id. The reason the test in this bug hits this is because with WebRender enabled the code in APZCTreeManagerParent that receives the SetTargetAPZC message checks the layers id to see if it matches expectations (if it doesn't, it assumes a malicious content process). In this scenario the layers id doesn't match and causes an assertion failure. With this fix the layers id matches expectations. I don't believe this has any functional effect beyond the malicious content process check. Differential Revision: https://phabricator.services.mozilla.com/D38238 --HG-- extra : moz-landing-system : lando
2019-07-19 16:29:36 +00:00 · 2019-07-19 16:29:36 +00:00 · 917d84a405
--- a/widget/nsBaseWidget.cpp
+++ b/widget/nsBaseWidget.cpp
@ -1009,6 +1009,15 @@ nsEventStatus nsBaseWidget::ProcessUntransformedAPZEvent(
  if (mAPZC && !InputAPZContext::WasRoutedToChildProcess() && aInputBlockId) {
    // EventStateManager did not route the event into the child process.
    // It's safe to communicate to APZ that the event has been processed.
+    // Note that here aGuid.mLayersId might be different from
+    // mCompositorSession->RootLayerTreeId() because the event might have gotten
+    // hit-tested by APZ to be targeted at a child process, but a parent process
+    // event listener called preventDefault on it. In that case aGuid.mLayersId
+    // would still be the layers id for the child process, but the event would
+    // not have actually gotten routed to the child process. The main-thread
+    // hit-test result therefore needs to use the parent process layers id.
+    LayersId rootLayersId = mCompositorSession->RootLayerTreeId();
+
    UniquePtr<DisplayportSetListener> postLayerization;
    if (WidgetTouchEvent* touchEvent = aEvent->AsTouchEvent()) {
      if (touchEvent->mMessage == eTouchStart) {
@ -1018,7 +1027,7 @@ nsEventStatus nsBaseWidget::ProcessUntransformedAPZEvent(
              mSetAllowedTouchBehaviorCallback);
        }
        postLayerization = APZCCallbackHelper::SendSetTargetAPZCNotification(
-            this, GetDocument(), *(original->AsTouchEvent()), aGuid.mLayersId,
+            this, GetDocument(), *(original->AsTouchEvent()), rootLayersId,
            aInputBlockId);
      }
      mAPZEventState->ProcessTouchEvent(*touchEvent, aGuid, aInputBlockId,
@ -1026,7 +1035,7 @@ nsEventStatus nsBaseWidget::ProcessUntransformedAPZEvent(
    } else if (WidgetWheelEvent* wheelEvent = aEvent->AsWheelEvent()) {
      MOZ_ASSERT(wheelEvent->mFlags.mHandledByAPZ);
      postLayerization = APZCCallbackHelper::SendSetTargetAPZCNotification(
-          this, GetDocument(), *(original->AsWheelEvent()), aGuid.mLayersId,
+          this, GetDocument(), *(original->AsWheelEvent()), rootLayersId,
          aInputBlockId);
      if (wheelEvent->mCanTriggerSwipe) {
        ReportSwipeStarted(aInputBlockId, wheelEvent->TriggersSwipe());
@ -1035,7 +1044,7 @@ nsEventStatus nsBaseWidget::ProcessUntransformedAPZEvent(
    } else if (WidgetMouseEvent* mouseEvent = aEvent->AsMouseEvent()) {
      MOZ_ASSERT(mouseEvent->mFlags.mHandledByAPZ);
      postLayerization = APZCCallbackHelper::SendSetTargetAPZCNotification(
-          this, GetDocument(), *(original->AsMouseEvent()), aGuid.mLayersId,
+          this, GetDocument(), *(original->AsMouseEvent()), rootLayersId,
          aInputBlockId);
      mAPZEventState->ProcessMouseEvent(*mouseEvent, aInputBlockId);
    }