It crashes if it fails to create the unprivileged junk scope, which is not
great when it's being used by a fallible function.
Differential Revision: https://phabricator.services.mozilla.com/D90753
Among other things, there were some misuses of std::forward, and
GenericErrorResult was (presumably accidentally) instatiated with
references as the template argument type, e.g. const nsresult&,
which circumvented the check for not calling it with NS_OK in
ResultExtensions.h
Differential Revision: https://phabricator.services.mozilla.com/D90561
This adds a rate limit to methods and setters of the History and Location
for non-system callers.
The rate limit is counted per BrowsingContext and can be controlled by prefs.
This patch is based on the original rate limit patch by :freesamael.
Differential Revision: https://phabricator.services.mozilla.com/D90136
Among other things, there were some misuses of std::forward, and
GenericErrorResult was (presumably accidentally) instatiated with
references as the template argument type, e.g. const nsresult&,
which circumvented the check for not calling it with NS_OK in
ResultExtensions.h
Differential Revision: https://phabricator.services.mozilla.com/D90561
Now requesting/releasing pointer lock in content process will send IPC to let
parent process know which content process request a lock, so parent process
could dispatch mouse event to the right content process. And if there is already
a content proess had a lock, parent process will reject lock request from other
content proesses.
Differential Revision: https://phabricator.services.mozilla.com/D90313
To force navigation to block on the long running script it needs to be
loading a page on the same domain as the blocking script, otherwise
fission and Session history in the parent will happily change
remoteness to another process and load immediately.
Depends on D90825
Differential Revision: https://phabricator.services.mozilla.com/D90826
Now requesting/releasing pointer lock in content process will send IPC to let
parent process know which content process request a lock, so parent process
could dispatch mouse event to the right content process. And if there is already
a content proess had a lock, parent process will reject lock request from other
content proesses.
Differential Revision: https://phabricator.services.mozilla.com/D90313
Fix ""error: member access into incomplete type 'mozilla::layers::IGPUVideoSurfaceManager" build bustage with --disable-accessibility"
we don't want to fully declare the class in the header as it would require to leak most of gfx headers.
Differential Revision: https://phabricator.services.mozilla.com/D90776
Changes to nsIScrollableFrame.h cause the world to rebuild which I find annoying.
This removes the inclusion into Element.h which is responsible for the
world-rebuilding and is relatively easy to eliminate. A bunch of usages of
nsIScrollableFrame get moved from .h files into .cpp files and I include the
header into .cpp files as needed.
Differential Revision: https://phabricator.services.mozilla.com/D90735
This requires adding the flag as a synced field on the BrowsingContext, and
checking it in a few more places. Attempts to open a new window in this racy
manner will now raise an exception.
This should avoid the issue from bug 1658854 by blocking the buggy attempts to
load before the nested event loop has been exited.
Differential Revision: https://phabricator.services.mozilla.com/D87927
As we saw in bug 1598119, 32-bit nop-space patches aren't compatible with clang 11's CFG because they return to the second instruction of the hooked function.
The `FunctionHook`s for plugins were pulling raw function pointers out of the interceptor stubs, so they didn't get the benefit of the stub's `operator()` that already has the CFG annotation.
As a bandaid, this patch marks all users of `BasicFunctionHook::OriginalFunction()` with the CFG annotation as well. A more thorough fix might be to somehow pass through to the stub's `operator()`, but we need something before merge day and I'm not confident in being able to do that regression-free in time.
Differential Revision: https://phabricator.services.mozilla.com/D90629
We unfortunately can't use the AsyncShutdownService in either the GPU or RDD process.
So we add a little utility class AsyncBlockers that will resolve its promise once all services have deregistered from it.
We use it to temporily suspend the RDDParent or GPUParent from killing the process, up to 10s.
This allows for cleaner shutdown as the parent process doesn't guarantee the order in which processes are killed (even though it should).
Differential Revision: https://phabricator.services.mozilla.com/D90487
The RDD process gets shutdown following a NS_XPCOM_SHUTDOWN_OBSERVER_ID notification.
Notifications are processed in LIFO order, since the RDD process is started on demand it would have typically be registered after a content process.
We must ensure that the RDD get shutdown after all content processes so that it can receive notifications that the RemoteDecoderManagerChilds are shutting down.
Differential Revision: https://phabricator.services.mozilla.com/D90485