From a6aa330ed81c5458609d9d15bbeffcd1e36c20d4 Mon Sep 17 00:00:00 2001 From: Benoit Jacob Date: Fri, 21 Feb 2014 16:50:25 -0500 Subject: [PATCH] Bug 968825 - Null pointer checks in LayerTransactionParent - r=jrmuizel --- gfx/layers/ipc/LayerTransactionParent.cpp | 90 +++++++++++++++++++---- gfx/layers/ipc/LayerTransactionParent.h | 2 +- 2 files changed, 75 insertions(+), 17 deletions(-) diff --git a/gfx/layers/ipc/LayerTransactionParent.cpp b/gfx/layers/ipc/LayerTransactionParent.cpp index 69c2d6fab1df..655b2b7cb3c2 100644 --- a/gfx/layers/ipc/LayerTransactionParent.cpp +++ b/gfx/layers/ipc/LayerTransactionParent.cpp @@ -270,6 +270,9 @@ LayerTransactionParent::RecvUpdate(const InfallibleTArray& cset, const OpSetLayerAttributes& osla = edit.get_OpSetLayerAttributes(); ShadowLayerParent* layerParent = AsLayerComposite(osla); Layer* layer = layerParent->AsLayer(); + if (!layer) { + return false; + } const LayerAttributes& attrs = osla.attrs(); const CommonLayerAttributes& common = attrs.common(); @@ -401,16 +404,30 @@ LayerTransactionParent::RecvUpdate(const InfallibleTArray& cset, MOZ_LAYERS_LOG(("[ParentSide] InsertAfter")); const OpInsertAfter& oia = edit.get_OpInsertAfter(); - ShadowContainer(oia)->AsContainerLayerComposite()->InsertAfter( - ShadowChild(oia)->AsLayer(), ShadowAfter(oia)->AsLayer()); + Layer* child = ShadowChild(oia)->AsLayer(); + if (!child) { + return false; + } + ContainerLayerComposite* container = ShadowContainer(oia)->AsContainerLayerComposite(); + if (!container) { + return false; + } + container->InsertAfter(child, ShadowAfter(oia)->AsLayer()); break; } case Edit::TOpAppendChild: { MOZ_LAYERS_LOG(("[ParentSide] AppendChild")); const OpAppendChild& oac = edit.get_OpAppendChild(); - ShadowContainer(oac)->AsContainerLayerComposite()->InsertAfter( - ShadowChild(oac)->AsLayer(), nullptr); + Layer* child = ShadowChild(oac)->AsLayer(); + if (!child) { + return false; + } + ContainerLayerComposite* container = ShadowContainer(oac)->AsContainerLayerComposite(); + if (!container) { + return false; + } + container->InsertAfter(child, nullptr); break; } case Edit::TOpRemoveChild: { @@ -418,23 +435,44 @@ LayerTransactionParent::RecvUpdate(const InfallibleTArray& cset, const OpRemoveChild& orc = edit.get_OpRemoveChild(); Layer* childLayer = ShadowChild(orc)->AsLayer(); - ShadowContainer(orc)->AsContainerLayerComposite()->RemoveChild(childLayer); + if (!childLayer) { + return false; + } + ContainerLayerComposite* container = ShadowContainer(orc)->AsContainerLayerComposite(); + if (!container) { + return false; + } + container->RemoveChild(childLayer); break; } case Edit::TOpRepositionChild: { MOZ_LAYERS_LOG(("[ParentSide] RepositionChild")); const OpRepositionChild& orc = edit.get_OpRepositionChild(); - ShadowContainer(orc)->AsContainerLayerComposite()->RepositionChild( - ShadowChild(orc)->AsLayer(), ShadowAfter(orc)->AsLayer()); + Layer* child = ShadowChild(orc)->AsLayer(); + if (!child) { + return false; + } + ContainerLayerComposite* container = ShadowContainer(orc)->AsContainerLayerComposite(); + if (!container) { + return false; + } + container->RepositionChild(child, ShadowAfter(orc)->AsLayer()); break; } case Edit::TOpRaiseToTopChild: { MOZ_LAYERS_LOG(("[ParentSide] RaiseToTopChild")); const OpRaiseToTopChild& rtc = edit.get_OpRaiseToTopChild(); - ShadowContainer(rtc)->AsContainerLayerComposite()->RepositionChild( - ShadowChild(rtc)->AsLayer(), nullptr); + Layer* child = ShadowChild(rtc)->AsLayer(); + if (!child) { + return false; + } + ContainerLayerComposite* container = ShadowContainer(rtc)->AsContainerLayerComposite(); + if (!container) { + return false; + } + container->RepositionChild(child, nullptr); break; } case Edit::TCompositableOperation: { @@ -444,7 +482,9 @@ LayerTransactionParent::RecvUpdate(const InfallibleTArray& cset, } case Edit::TOpAttachCompositable: { const OpAttachCompositable& op = edit.get_OpAttachCompositable(); - Attach(cast(op.layerParent()), cast(op.compositableParent()), false); + if (!Attach(cast(op.layerParent()), cast(op.compositableParent()), false)) { + return false; + } cast(op.compositableParent())->SetCompositorID( mLayerManager->GetCompositor()->GetCompositorID()); break; @@ -453,7 +493,9 @@ LayerTransactionParent::RecvUpdate(const InfallibleTArray& cset, const OpAttachAsyncCompositable& op = edit.get_OpAttachAsyncCompositable(); CompositableParent* compositableParent = CompositableMap::Get(op.containerID()); MOZ_ASSERT(compositableParent, "CompositableParent not found in the map"); - Attach(cast(op.layerParent()), compositableParent, true); + if (!Attach(cast(op.layerParent()), compositableParent, true)) { + return false; + } compositableParent->SetCompositorID(mLayerManager->GetCompositor()->GetCompositorID()); break; } @@ -499,7 +541,12 @@ LayerTransactionParent::RecvGetOpacity(PLayerParent* aParent, return false; } - *aOpacity = cast(aParent)->AsLayer()->GetLocalOpacity(); + Layer* layer = cast(aParent)->AsLayer(); + if (!layer) { + return false; + } + + *aOpacity = layer->GetLocalOpacity(); return true; } @@ -515,6 +562,9 @@ LayerTransactionParent::RecvGetTransform(PLayerParent* aParent, // from the shadow transform by undoing the translations in // AsyncCompositionManager::SampleValue. Layer* layer = cast(aParent)->AsLayer(); + if (!layer) { + return false; + } gfx::To3DMatrix(layer->AsLayerComposite()->GetShadowTransform(), *aTransform); if (ContainerLayer* c = layer->AsContainerLayer()) { aTransform->ScalePost(1.0f/c->GetInheritedXScale(), @@ -542,13 +592,19 @@ LayerTransactionParent::RecvGetTransform(PLayerParent* aParent, return true; } -void +bool LayerTransactionParent::Attach(ShadowLayerParent* aLayerParent, CompositableParent* aCompositable, bool aIsAsyncVideo) { - LayerComposite* layer = aLayerParent->AsLayer()->AsLayerComposite(); - MOZ_ASSERT(layer); + Layer* baselayer = aLayerParent->AsLayer(); + if (!baselayer) { + return false; + } + LayerComposite* layer = baselayer->AsLayerComposite(); + if (!layer) { + return false; + } Compositor* compositor = static_cast(aLayerParent->AsLayer()->Manager())->GetCompositor(); @@ -557,7 +613,7 @@ LayerTransactionParent::Attach(ShadowLayerParent* aLayerParent, MOZ_ASSERT(compositable); if (!layer->SetCompositableHost(compositable)) { // not all layer types accept a compositable, see bug 967824 - return; + return false; } compositable->Attach(aLayerParent->AsLayer(), compositor, @@ -565,6 +621,8 @@ LayerTransactionParent::Attach(ShadowLayerParent* aLayerParent, ? CompositableHost::ALLOW_REATTACH | CompositableHost::KEEP_ATTACHED : CompositableHost::NO_FLAGS); + + return true; } bool diff --git a/gfx/layers/ipc/LayerTransactionParent.h b/gfx/layers/ipc/LayerTransactionParent.h index 688b030c6985..e5058769e1a2 100644 --- a/gfx/layers/ipc/LayerTransactionParent.h +++ b/gfx/layers/ipc/LayerTransactionParent.h @@ -111,7 +111,7 @@ protected: const TextureFlags& aFlags) MOZ_OVERRIDE; virtual bool DeallocPTextureParent(PTextureParent* actor) MOZ_OVERRIDE; - void Attach(ShadowLayerParent* aLayerParent, + bool Attach(ShadowLayerParent* aLayerParent, CompositableParent* aCompositable, bool aIsAsyncVideo);