This combines some of your ideas from D8074, in which I think is quite a big improvement to the overall code.
The code for nsTransferable::GetTransferData, especially nsIFlavorDataProvider is a bit wonky, because I tried to preserve the current behavior.
Differential Revision: https://phabricator.services.mozilla.com/D9599
--HG--
extra : moz-landing-system : lando
This combines some of your ideas from D8074, in which I think is quite a big improvement to the overall code.
The code for nsTransferable::GetTransferData, especially nsIFlavorDataProvider is a bit wonky, because I tried to preserve the current behavior.
Differential Revision: https://phabricator.services.mozilla.com/D9599
--HG--
extra : moz-landing-system : lando
DataStruct cannot safely be copied if its mCacheFD member is set.
Currently there is no code for this case, but to avoid problems later,
mark the copy and assignment constructors private and delete them.
A move-constructor was added to compensate for the deleted copy
constructor. nsTransferable::AddDataFlavor uses this new constructor
instead of the previous implicit default copy constructor.
MozReview-Commit-ID: 3N5xjFXOUKB
--HG--
extra : rebase_source : dc609f20c7048b3630fa99fe2deef3f5be155334
Ensure that only DataStruct::mData + mDataLen, XOR
DataStruct::mCacheFD is used.
(Previously it was possible that all of these members were populated,
which is a waste of memory.)
The effect of this change is visible when SetTransferData is called
multiple times with the same flavor, but with one below the threshold
for storing in-memory, and the other above (=store in a file).
MozReview-Commit-ID: 4UlkKAYsjf
--HG--
extra : rebase_source : 75398f84f039bdf2ff0195342f3db8efbdce6d3d
The cache file is never directly exposed to consumers of DataStruct,
so it does not make sense to keep the clipboardcache file around
forever.
The only change in this commit is to switch from using a filename to
using a file descriptor. In the destructor, the FD is explicitly closed
(which releases the file data). nsAnonymousTemporaryFile takes care
of removing the file when the destructor is not called (e.g. crashes).
Previously, the clipboard cache was stored in a file called:
TmpD/clipboardcache-N
As of this commit, the clipboard cache is stored at:
TmpD/mozilla-temp-randomN (macOS and Linux)
TmpD/mozilla-temp-files/mozilla-temp-randomN (Windows)
(see xpcom/io/nsAnonymousTemporaryFile.{h,cpp} for more details)
To verify that these files are really gone:
1. Create a document with 500k+ characters, open it in Firefox.
2. Copy its content - this will trigger the clipboard cache.
3. Look for the open file descriptor of the deleted file:
( macOS and Linux: )
lsof +L1 | grep mozilla-temp
4. Copy anything (under the 500k threshold), or quit/kill Firefox.
5. Repeat step 3 and observe that the number of file descriptors
has decreased.
MozReview-Commit-ID: 85GlKQrNUl5
--HG--
extra : rebase_source : 6937143639d6a6280ffe8b53b4c2fa4b1e7ef55d
Ensure that only DataStruct::mData + mDataLen, XOR
DataStruct::mCacheFD is used.
(Previously it was possible that all of these members were populated,
which is a waste of memory.)
The effect of this change is visible when SetTransferData is called
multiple times with the same flavor, but with one below the threshold
for storing in-memory, and the other above (=store in a file).
MozReview-Commit-ID: 4UlkKAYsjf
--HG--
extra : rebase_source : fff484301dc87f12685575084993b6bf877f9a9b
The cache file is never directly exposed to consumers of DataStruct,
so it does not make sense to keep the clipboardcache file around
forever.
The only change in this commit is to switch from using a filename to
using a file descriptor. In the destructor, the FD is explicitly closed
(which releases the file data). nsAnonymousTemporaryFile takes care
of removing the file when the destructor is not called (e.g. crashes).
Previously, the clipboard cache was stored in a file called:
TmpD/clipboardcache-N
As of this commit, the clipboard cache is stored at:
TmpD/mozilla-temp-randomN (macOS and Linux)
TmpD/mozilla-temp-files/mozilla-temp-randomN (Windows)
(see xpcom/io/nsAnonymousTemporaryFile.{h,cpp} for more details)
To verify that these files are really gone:
1. Create a document with 500k+ characters, open it in Firefox.
2. Copy its content - this will trigger the clipboard cache.
3. Look for the open file descriptor of the deleted file:
( macOS and Linux: )
lsof +L1 | grep mozilla-temp
4. Copy anything (under the 500k threshold), or quit/kill Firefox.
5. Repeat step 3 and observe that the number of file descriptors
has decreased.
MozReview-Commit-ID: 85GlKQrNUl5
--HG--
extra : rebase_source : b0c6e9540e53ad5e713a9db55f3001d7f53c308a
Ensure that only DataStruct::mData + mDataLen, XOR
DataStruct::mCacheFD is used.
(Previously it was possible that all of these members were populated,
which is a waste of memory.)
The effect of this change is visible when SetTransferData is called
multiple times with the same flavor, but with one below the threshold
for storing in-memory, and the other above (=store in a file).
MozReview-Commit-ID: 4UlkKAYsjf
--HG--
extra : rebase_source : c9a5a7a3f5a6f3e6ab1bfb8662372cbbac837a00
The cache file is never directly exposed to consumers of DataStruct,
so it does not make sense to keep the clipboardcache file around
forever.
The only change in this commit is to switch from using a filename to
using a file descriptor. In the destructor, the FD is explicitly closed
(which releases the file data). nsAnonymousTemporaryFile takes care
of removing the file when the destructor is not called (e.g. crashes).
Previously, the clipboard cache was stored in a file called:
TmpD/clipboardcache-N
As of this commit, the clipboard cache is stored at:
TmpD/mozilla-temp-randomN (macOS and Linux)
TmpD/mozilla-temp-files/mozilla-temp-randomN (Windows)
(see xpcom/io/nsAnonymousTemporaryFile.{h,cpp} for more details)
To verify that these files are really gone:
1. Create a document with 500k+ characters, open it in Firefox.
2. Copy its content - this will trigger the clipboard cache.
3. Look for the open file descriptor of the deleted file:
( macOS and Linux: )
lsof +L1 | grep mozilla-temp
4. Copy anything (under the 500k threshold), or quit/kill Firefox.
5. Repeat step 3 and observe that the number of file descriptors
has decreased.
MozReview-Commit-ID: 85GlKQrNUl5
--HG--
extra : rebase_source : eb05c1d4600f62373aa1b7e472154b57b99e6bf8
We should not be declaring forward declarations for nsString classes directly,
instead we should use nsStringFwd.h. This will make changing the underlying
types easier.
--HG--
extra : rebase_source : b2c7554e8632f078167ff2f609392e63a136c299
This converts |nsITransferable.flavorsTransferableCanExport| and
|nsITransferable.flavorsTransferableCanImport| to return a |nsIArray|.
|nsIFormatConverter.getInputDataFlavors| and
|nsIFormatConverter.getOutputDataFlavors| are updated as well.
This patch mitigates violation of private browsing disk access. The DataStruct API and implementation is modified to obey private browsing design when used by objects such as nsTransferable (during clipboard data caching for example.)
Without this patch, a user is misled by use of private browsing when copying (or in some case just selecting) large blocks of text. A condition (presently hard coded at one million bytes kLargeDatasetSize) produces a cache file on disk regardless of whether private browsing is in use. This violates Mozilla's design (documented online at https://support.mozilla.org/kb/private-browsing-browse-web-without-saving-info/ and https://wiki.mozilla.org/PrivateBrowsing) This patch simply corrects the violation, discovered and resolved by the Tor Browser community.
Tom Schuster
Csoregi Natalia
Rob Wu
Wes Kocher
Sebastian Hengst
Eric Rahm
Masatoshi Kimura
Hector Zhao
Jonathan Kingston
Randell Jesup
Andrea Marchesini
Michael Schloh von Bennewitz
Mason Chang