/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "imgRequest.h" #include "ImageLogging.h" #include "imgLoader.h" #include "imgRequestProxy.h" #include "DecodePool.h" #include "ProgressTracker.h" #include "ImageFactory.h" #include "Image.h" #include "MultipartImage.h" #include "RasterImage.h" #include "nsIChannel.h" #include "nsICacheInfoChannel.h" #include "nsIDocument.h" #include "nsIThreadRetargetableRequest.h" #include "nsIInputStream.h" #include "nsIMultiPartChannel.h" #include "nsIHttpChannel.h" #include "nsIApplicationCache.h" #include "nsIApplicationCacheChannel.h" #include "nsMimeTypes.h" #include "nsIInterfaceRequestorUtils.h" #include "nsISupportsPrimitives.h" #include "nsIScriptSecurityManager.h" #include "nsContentUtils.h" #include "plstr.h" // PL_strcasestr(...) #include "prtime.h" // for PR_Now #include "nsNetUtil.h" #include "nsIProtocolHandler.h" #include "imgIRequest.h" #include "mozilla/IntegerPrintfMacros.h" #include "mozilla/Telemetry.h" using namespace mozilla; using namespace mozilla::image; #define LOG_TEST(level) (MOZ_LOG_TEST(gImgLog, (level))) NS_IMPL_ISUPPORTS(imgRequest, nsIStreamListener, nsIRequestObserver, nsIThreadRetargetableStreamListener, nsIChannelEventSink, nsIInterfaceRequestor, nsIAsyncVerifyRedirectCallback) imgRequest::imgRequest(imgLoader* aLoader, const ImageCacheKey& aCacheKey) : mLoader(aLoader) , mCacheKey(aCacheKey) , mLoadId(nullptr) , mFirstProxy(nullptr) , mValidator(nullptr) , mInnerWindowId(0) , mCORSMode(imgIRequest::CORS_NONE) , mReferrerPolicy(mozilla::net::RP_Unset) , mImageErrorCode(NS_OK) , mMutex("imgRequest") , mProgressTracker(new ProgressTracker()) , mIsMultiPartChannel(false) , mGotData(false) , mIsInCache(false) , mDecodeRequested(false) , mNewPartPending(false) , mHadInsecureRedirect(false) { LOG_FUNC(gImgLog, "imgRequest::imgRequest()"); } imgRequest::~imgRequest() { if (mLoader) { mLoader->RemoveFromUncachedImages(this); } if (mURI) { LOG_FUNC_WITH_PARAM(gImgLog, "imgRequest::~imgRequest()", "keyuri", mURI); } else LOG_FUNC(gImgLog, "imgRequest::~imgRequest()"); } nsresult imgRequest::Init(nsIURI *aURI, nsIURI *aFinalURI, bool aHadInsecureRedirect, nsIRequest *aRequest, nsIChannel *aChannel, imgCacheEntry *aCacheEntry, nsISupports* aCX, nsIPrincipal* aTriggeringPrincipal, int32_t aCORSMode, ReferrerPolicy aReferrerPolicy) { MOZ_ASSERT(NS_IsMainThread(), "Cannot use nsIURI off main thread!"); LOG_FUNC(gImgLog, "imgRequest::Init"); MOZ_ASSERT(!mImage, "Multiple calls to init"); MOZ_ASSERT(aURI, "No uri"); MOZ_ASSERT(aFinalURI, "No final uri"); MOZ_ASSERT(aRequest, "No request"); MOZ_ASSERT(aChannel, "No channel"); mProperties = do_CreateInstance("@mozilla.org/properties;1"); mURI = aURI; mFinalURI = aFinalURI; mRequest = aRequest; mChannel = aChannel; mTimedChannel = do_QueryInterface(mChannel); mTriggeringPrincipal = aTriggeringPrincipal; mCORSMode = aCORSMode; mReferrerPolicy = aReferrerPolicy; // If the original URI and the final URI are different, check whether the // original URI is secure. We deliberately don't take the final URI into // account, as it needs to be handled using more complicated rules than // earlier elements of the redirect chain. if (aURI != aFinalURI) { bool isHttps = false; bool isChrome = false; bool schemeLocal = false; if (NS_FAILED(aURI->SchemeIs("https", &isHttps)) || NS_FAILED(aURI->SchemeIs("chrome", &isChrome)) || NS_FAILED(NS_URIChainHasFlags( aURI, nsIProtocolHandler::URI_IS_LOCAL_RESOURCE , &schemeLocal)) || (!isHttps && !isChrome && !schemeLocal)) { mHadInsecureRedirect = true; } } // imgCacheValidator may have handled redirects before we were created, so we // allow the caller to let us know if any redirects were insecure. mHadInsecureRedirect = mHadInsecureRedirect || aHadInsecureRedirect; mChannel->GetNotificationCallbacks(getter_AddRefs(mPrevChannelSink)); NS_ASSERTION(mPrevChannelSink != this, "Initializing with a channel that already calls back to us!"); mChannel->SetNotificationCallbacks(this); mCacheEntry = aCacheEntry; mCacheEntry->UpdateLoadTime(); SetLoadId(aCX); // Grab the inner window ID of the loading document, if possible. nsCOMPtr doc = do_QueryInterface(aCX); if (doc) { mInnerWindowId = doc->InnerWindowID(); } return NS_OK; } void imgRequest::ClearLoader() { mLoader = nullptr; } already_AddRefed imgRequest::GetProgressTracker() const { MutexAutoLock lock(mMutex); if (mImage) { MOZ_ASSERT(!mProgressTracker, "Should have given mProgressTracker to mImage"); return mImage->GetProgressTracker(); } MOZ_ASSERT(mProgressTracker, "Should have mProgressTracker until we create mImage"); RefPtr progressTracker = mProgressTracker; MOZ_ASSERT(progressTracker); return progressTracker.forget(); } void imgRequest::SetCacheEntry(imgCacheEntry* entry) { mCacheEntry = entry; } bool imgRequest::HasCacheEntry() const { return mCacheEntry != nullptr; } void imgRequest::ResetCacheEntry() { if (HasCacheEntry()) { mCacheEntry->SetDataSize(0); } } void imgRequest::AddProxy(imgRequestProxy* proxy) { MOZ_ASSERT(proxy, "null imgRequestProxy passed in"); LOG_SCOPE_WITH_PARAM(gImgLog, "imgRequest::AddProxy", "proxy", proxy); if (!mFirstProxy) { // Save a raw pointer to the first proxy we see, for use in the network // priority logic. mFirstProxy = proxy; } // If we're empty before adding, we have to tell the loader we now have // proxies. RefPtr progressTracker = GetProgressTracker(); if (progressTracker->ObserverCount() == 0) { MOZ_ASSERT(mURI, "Trying to SetHasProxies without key uri."); if (mLoader) { mLoader->SetHasProxies(this); } } progressTracker->AddObserver(proxy); } nsresult imgRequest::RemoveProxy(imgRequestProxy* proxy, nsresult aStatus) { LOG_SCOPE_WITH_PARAM(gImgLog, "imgRequest::RemoveProxy", "proxy", proxy); // This will remove our animation consumers, so after removing // this proxy, we don't end up without proxies with observers, but still // have animation consumers. proxy->ClearAnimationConsumers(); // Let the status tracker do its thing before we potentially call Cancel() // below, because Cancel() may result in OnStopRequest being called back // before Cancel() returns, leaving the image in a different state then the // one it was in at this point. RefPtr progressTracker = GetProgressTracker(); if (!progressTracker->RemoveObserver(proxy)) { return NS_OK; } if (progressTracker->ObserverCount() == 0) { // If we have no observers, there's nothing holding us alive. If we haven't // been cancelled and thus removed from the cache, tell the image loader so // we can be evicted from the cache. if (mCacheEntry) { MOZ_ASSERT(mURI, "Removing last observer without key uri."); if (mLoader) { mLoader->SetHasNoProxies(this, mCacheEntry); } } else { LOG_MSG_WITH_PARAM(gImgLog, "imgRequest::RemoveProxy no cache entry", "uri", mURI); } /* If |aStatus| is a failure code, then cancel the load if it is still in progress. Otherwise, let the load continue, keeping 'this' in the cache with no observers. This way, if a proxy is destroyed without calling cancel on it, it won't leak and won't leave a bad pointer in the observer list. */ if (!(progressTracker->GetProgress() & FLAG_LAST_PART_COMPLETE) && NS_FAILED(aStatus)) { LOG_MSG(gImgLog, "imgRequest::RemoveProxy", "load in progress. canceling"); this->Cancel(NS_BINDING_ABORTED); } /* break the cycle from the cache entry. */ mCacheEntry = nullptr; } return NS_OK; } void imgRequest::CancelAndAbort(nsresult aStatus) { LOG_SCOPE(gImgLog, "imgRequest::CancelAndAbort"); Cancel(aStatus); // It's possible for the channel to fail to open after we've set our // notification callbacks. In that case, make sure to break the cycle between // the channel and us, because it won't. if (mChannel) { mChannel->SetNotificationCallbacks(mPrevChannelSink); mPrevChannelSink = nullptr; } } class imgRequestMainThreadCancel : public Runnable { public: imgRequestMainThreadCancel(imgRequest* aImgRequest, nsresult aStatus) : Runnable("imgRequestMainThreadCancel") , mImgRequest(aImgRequest) , mStatus(aStatus) { MOZ_ASSERT(!NS_IsMainThread(), "Create me off main thread only!"); MOZ_ASSERT(aImgRequest); } NS_IMETHOD Run() override { MOZ_ASSERT(NS_IsMainThread(), "I should be running on the main thread!"); mImgRequest->ContinueCancel(mStatus); return NS_OK; } private: RefPtr mImgRequest; nsresult mStatus; }; void imgRequest::Cancel(nsresult aStatus) { /* The Cancel() method here should only be called by this class. */ LOG_SCOPE(gImgLog, "imgRequest::Cancel"); if (NS_IsMainThread()) { ContinueCancel(aStatus); } else { RefPtr progressTracker = GetProgressTracker(); nsCOMPtr eventTarget = progressTracker->GetEventTarget(); nsCOMPtr ev = new imgRequestMainThreadCancel(this, aStatus); eventTarget->Dispatch(ev.forget(), NS_DISPATCH_NORMAL); } } void imgRequest::ContinueCancel(nsresult aStatus) { MOZ_ASSERT(NS_IsMainThread()); RefPtr progressTracker = GetProgressTracker(); progressTracker->SyncNotifyProgress(FLAG_HAS_ERROR); RemoveFromCache(); if (mRequest && !(progressTracker->GetProgress() & FLAG_LAST_PART_COMPLETE)) { mRequest->Cancel(aStatus); } } class imgRequestMainThreadEvict : public Runnable { public: explicit imgRequestMainThreadEvict(imgRequest* aImgRequest) : Runnable("imgRequestMainThreadEvict") , mImgRequest(aImgRequest) { MOZ_ASSERT(!NS_IsMainThread(), "Create me off main thread only!"); MOZ_ASSERT(aImgRequest); } NS_IMETHOD Run() override { MOZ_ASSERT(NS_IsMainThread(), "I should be running on the main thread!"); mImgRequest->ContinueEvict(); return NS_OK; } private: RefPtr mImgRequest; }; // EvictFromCache() is written to allowed to get called from any thread void imgRequest::EvictFromCache() { /* The EvictFromCache() method here should only be called by this class. */ LOG_SCOPE(gImgLog, "imgRequest::EvictFromCache"); if (NS_IsMainThread()) { ContinueEvict(); } else { NS_DispatchToMainThread(new imgRequestMainThreadEvict(this)); } } // Helper-method used by EvictFromCache() void imgRequest::ContinueEvict() { MOZ_ASSERT(NS_IsMainThread()); RemoveFromCache(); } void imgRequest::StartDecoding() { MutexAutoLock lock(mMutex); mDecodeRequested = true; } bool imgRequest::IsDecodeRequested() const { MutexAutoLock lock(mMutex); return mDecodeRequested; } nsresult imgRequest::GetURI(nsIURI** aURI) { MOZ_ASSERT(aURI); LOG_FUNC(gImgLog, "imgRequest::GetURI"); if (mURI) { *aURI = mURI; NS_ADDREF(*aURI); return NS_OK; } return NS_ERROR_FAILURE; } nsresult imgRequest::GetFinalURI(nsIURI** aURI) { MOZ_ASSERT(aURI); LOG_FUNC(gImgLog, "imgRequest::GetFinalURI"); if (mFinalURI) { *aURI = mFinalURI; NS_ADDREF(*aURI); return NS_OK; } return NS_ERROR_FAILURE; } bool imgRequest::IsScheme(const char* aScheme) const { MOZ_ASSERT(aScheme); bool isScheme = false; if (NS_WARN_IF(NS_FAILED(mURI->SchemeIs(aScheme, &isScheme)))) { return false; } return isScheme; } bool imgRequest::IsChrome() const { return IsScheme("chrome"); } bool imgRequest::IsData() const { return IsScheme("data"); } nsresult imgRequest::GetImageErrorCode() { return mImageErrorCode; } nsresult imgRequest::GetSecurityInfo(nsISupports** aSecurityInfo) { LOG_FUNC(gImgLog, "imgRequest::GetSecurityInfo"); // Missing security info means this is not a security load // i.e. it is not an error when security info is missing NS_IF_ADDREF(*aSecurityInfo = mSecurityInfo); return NS_OK; } void imgRequest::RemoveFromCache() { LOG_SCOPE(gImgLog, "imgRequest::RemoveFromCache"); bool isInCache = false; { MutexAutoLock lock(mMutex); isInCache = mIsInCache; } if (isInCache && mLoader) { // mCacheEntry is nulled out when we have no more observers. if (mCacheEntry) { mLoader->RemoveFromCache(mCacheEntry); } else { mLoader->RemoveFromCache(mCacheKey); } } mCacheEntry = nullptr; } bool imgRequest::HasConsumers() const { RefPtr progressTracker = GetProgressTracker(); return progressTracker && progressTracker->ObserverCount() > 0; } already_AddRefed imgRequest::GetImage() const { MutexAutoLock lock(mMutex); RefPtr image = mImage; return image.forget(); } int32_t imgRequest::Priority() const { int32_t priority = nsISupportsPriority::PRIORITY_NORMAL; nsCOMPtr p = do_QueryInterface(mRequest); if (p) { p->GetPriority(&priority); } return priority; } void imgRequest::AdjustPriority(imgRequestProxy* proxy, int32_t delta) { // only the first proxy is allowed to modify the priority of this image load. // // XXX(darin): this is probably not the most optimal algorithm as we may want // to increase the priority of requests that have a lot of proxies. the key // concern though is that image loads remain lower priority than other pieces // of content such as link clicks, CSS, and JS. // if (!mFirstProxy || proxy != mFirstProxy) { return; } AdjustPriorityInternal(delta); } void imgRequest::AdjustPriorityInternal(int32_t aDelta) { nsCOMPtr p = do_QueryInterface(mChannel); if (p) { p->AdjustPriority(aDelta); } } void imgRequest::BoostPriority(uint32_t aCategory) { if (!gfxPrefs::ImageLayoutNetworkPriority()) { return; } uint32_t newRequestedCategory = (mBoostCategoriesRequested & aCategory) ^ aCategory; if (!newRequestedCategory) { // priority boost for each category can only apply once. return; } MOZ_LOG(gImgLog, LogLevel::Debug, ("[this=%p] imgRequest::BoostPriority for category %x", this, newRequestedCategory)); int32_t delta = 0; if (newRequestedCategory & imgIRequest::CATEGORY_FRAME_INIT) { --delta; } if (newRequestedCategory & imgIRequest::CATEGORY_SIZE_QUERY) { --delta; } if (newRequestedCategory & imgIRequest::CATEGORY_DISPLAY) { delta += nsISupportsPriority::PRIORITY_HIGH; } AdjustPriorityInternal(delta); mBoostCategoriesRequested |= newRequestedCategory; } bool imgRequest::HasTransferredData() const { MutexAutoLock lock(mMutex); return mGotData; } void imgRequest::SetIsInCache(bool aInCache) { LOG_FUNC_WITH_PARAM(gImgLog, "imgRequest::SetIsCacheable", "aInCache", aInCache); MutexAutoLock lock(mMutex); mIsInCache = aInCache; } void imgRequest::UpdateCacheEntrySize() { if (!mCacheEntry) { return; } RefPtr image = GetImage(); SizeOfState state(moz_malloc_size_of); size_t size = image->SizeOfSourceWithComputedFallback(state); mCacheEntry->SetDataSize(size); } void imgRequest::SetCacheValidation(imgCacheEntry* aCacheEntry, nsIRequest* aRequest) { /* get the expires info */ if (aCacheEntry) { // Expiration time defaults to 0. We set the expiration time on our // entry if it hasn't been set yet. if (aCacheEntry->GetExpiryTime() == 0) { uint32_t expiration = 0; nsCOMPtr cacheChannel(do_QueryInterface(aRequest)); if (cacheChannel) { /* get the expiration time from the caching channel's token */ cacheChannel->GetCacheTokenExpirationTime(&expiration); } if (expiration == 0) { // If the channel doesn't support caching, then ensure this expires the // next time it is used. expiration = imgCacheEntry::SecondsFromPRTime(PR_Now()) - 1; } aCacheEntry->SetExpiryTime(expiration); } // Determine whether the cache entry must be revalidated when we try to use // it. Currently, only HTTP specifies this information... nsCOMPtr httpChannel(do_QueryInterface(aRequest)); if (httpChannel) { bool bMustRevalidate = false; Unused << httpChannel->IsNoStoreResponse(&bMustRevalidate); if (!bMustRevalidate) { Unused << httpChannel->IsNoCacheResponse(&bMustRevalidate); } if (!bMustRevalidate) { nsAutoCString cacheHeader; Unused << httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("Cache-Control"), cacheHeader); if (PL_strcasestr(cacheHeader.get(), "must-revalidate")) { bMustRevalidate = true; } } // Cache entries default to not needing to validate. We ensure that // multiple calls to this function don't override an earlier decision to // validate by making validation a one-way decision. if (bMustRevalidate) { aCacheEntry->SetMustValidate(bMustRevalidate); } } } } namespace { already_AddRefed GetApplicationCache(nsIRequest* aRequest) { nsresult rv; nsCOMPtr appCacheChan = do_QueryInterface(aRequest); if (!appCacheChan) { return nullptr; } bool fromAppCache; rv = appCacheChan->GetLoadedFromApplicationCache(&fromAppCache); NS_ENSURE_SUCCESS(rv, nullptr); if (!fromAppCache) { return nullptr; } nsCOMPtr appCache; rv = appCacheChan->GetApplicationCache(getter_AddRefs(appCache)); NS_ENSURE_SUCCESS(rv, nullptr); return appCache.forget(); } } // namespace bool imgRequest::CacheChanged(nsIRequest* aNewRequest) { nsCOMPtr newAppCache = GetApplicationCache(aNewRequest); // Application cache not involved at all or the same app cache involved // in both of the loads (original and new). if (newAppCache == mApplicationCache) { return false; } // In a rare case it may happen that two objects still refer // the same application cache version. if (newAppCache && mApplicationCache) { nsresult rv; nsAutoCString oldAppCacheClientId, newAppCacheClientId; rv = mApplicationCache->GetClientID(oldAppCacheClientId); NS_ENSURE_SUCCESS(rv, true); rv = newAppCache->GetClientID(newAppCacheClientId); NS_ENSURE_SUCCESS(rv, true); if (oldAppCacheClientId == newAppCacheClientId) { return false; } } // When we get here, app caches differ or app cache is involved // just in one of the loads what we also consider as a change // in a loading cache. return true; } bool imgRequest::GetMultipart() const { MutexAutoLock lock(mMutex); return mIsMultiPartChannel; } bool imgRequest::HadInsecureRedirect() const { MutexAutoLock lock(mMutex); return mHadInsecureRedirect; } /** nsIRequestObserver methods **/ NS_IMETHODIMP imgRequest::OnStartRequest(nsIRequest* aRequest, nsISupports* ctxt) { LOG_SCOPE(gImgLog, "imgRequest::OnStartRequest"); RefPtr image; // Figure out if we're multipart. nsCOMPtr multiPartChannel = do_QueryInterface(aRequest); MOZ_ASSERT(multiPartChannel || !mIsMultiPartChannel, "Stopped being multipart?"); { MutexAutoLock lock(mMutex); mNewPartPending = true; image = mImage; mIsMultiPartChannel = bool(multiPartChannel); } // If we're not multipart, we shouldn't have an image yet. if (image && !multiPartChannel) { MOZ_ASSERT_UNREACHABLE("Already have an image for a non-multipart request"); Cancel(NS_IMAGELIB_ERROR_FAILURE); return NS_ERROR_FAILURE; } /* * If mRequest is null here, then we need to set it so that we'll be able to * cancel it if our Cancel() method is called. Note that this can only * happen for multipart channels. We could simply not null out mRequest for * non-last parts, if GetIsLastPart() were reliable, but it's not. See * https://bugzilla.mozilla.org/show_bug.cgi?id=339610 */ if (!mRequest) { MOZ_ASSERT(multiPartChannel, "Should have mRequest unless we're multipart"); nsCOMPtr baseChannel; multiPartChannel->GetBaseChannel(getter_AddRefs(baseChannel)); mRequest = baseChannel; } nsCOMPtr channel(do_QueryInterface(aRequest)); if (channel) { channel->GetSecurityInfo(getter_AddRefs(mSecurityInfo)); /* Get our principal */ nsCOMPtr secMan = nsContentUtils::GetSecurityManager(); if (secMan) { nsresult rv = secMan->GetChannelResultPrincipal(channel, getter_AddRefs(mPrincipal)); if (NS_FAILED(rv)) { return rv; } } } SetCacheValidation(mCacheEntry, aRequest); mApplicationCache = GetApplicationCache(aRequest); // Shouldn't we be dead already if this gets hit? // Probably multipart/x-mixed-replace... RefPtr progressTracker = GetProgressTracker(); if (progressTracker->ObserverCount() == 0) { this->Cancel(NS_IMAGELIB_ERROR_FAILURE); } // Try to retarget OnDataAvailable to a decode thread. We must process data // URIs synchronously as per the spec however. if (!channel || IsData()) { return NS_OK; } nsCOMPtr retargetable = do_QueryInterface(aRequest); if (retargetable) { nsAutoCString mimeType; nsresult rv = channel->GetContentType(mimeType); if (NS_SUCCEEDED(rv) && !mimeType.EqualsLiteral(IMAGE_SVG_XML)) { // Retarget OnDataAvailable to the DecodePool's IO thread. nsCOMPtr target = DecodePool::Singleton()->GetIOEventTarget(); rv = retargetable->RetargetDeliveryTo(target); } MOZ_LOG(gImgLog, LogLevel::Warning, ("[this=%p] imgRequest::OnStartRequest -- " "RetargetDeliveryTo rv %" PRIu32 "=%s\n", this, static_cast(rv), NS_SUCCEEDED(rv) ? "succeeded" : "failed")); } return NS_OK; } NS_IMETHODIMP imgRequest::OnStopRequest(nsIRequest* aRequest, nsISupports* ctxt, nsresult status) { LOG_FUNC(gImgLog, "imgRequest::OnStopRequest"); MOZ_ASSERT(NS_IsMainThread(), "Can't send notifications off-main-thread"); RefPtr image = GetImage(); RefPtr strongThis = this; if (mIsMultiPartChannel && mNewPartPending) { OnDataAvailable(aRequest, ctxt, nullptr, 0, 0); } // XXXldb What if this is a non-last part of a multipart request? // xxx before we release our reference to mRequest, lets // save the last status that we saw so that the // imgRequestProxy will have access to it. if (mRequest) { mRequest = nullptr; // we no longer need the request } // stop holding a ref to the channel, since we don't need it anymore if (mChannel) { mChannel->SetNotificationCallbacks(mPrevChannelSink); mPrevChannelSink = nullptr; mChannel = nullptr; } bool lastPart = true; nsCOMPtr mpchan(do_QueryInterface(aRequest)); if (mpchan) { mpchan->GetIsLastPart(&lastPart); } bool isPartial = false; if (image && (status == NS_ERROR_NET_PARTIAL_TRANSFER)) { isPartial = true; status = NS_OK; // fake happy face } // Tell the image that it has all of the source data. Note that this can // trigger a failure, since the image might be waiting for more non-optional // data and this is the point where we break the news that it's not coming. if (image) { nsresult rv = image->OnImageDataComplete(aRequest, ctxt, status, lastPart); // If we got an error in the OnImageDataComplete() call, we don't want to // proceed as if nothing bad happened. However, we also want to give // precedence to failure status codes from necko, since presumably they're // more meaningful. if (NS_FAILED(rv) && NS_SUCCEEDED(status)) { status = rv; } } // If the request went through, update the cache entry size. Otherwise, // cancel the request, which removes us from the cache. if (image && NS_SUCCEEDED(status) && !isPartial) { // We update the cache entry size here because this is where we finish // loading compressed source data, which is part of our size calculus. UpdateCacheEntrySize(); } else if (isPartial) { // Remove the partial image from the cache. this->EvictFromCache(); } else { mImageErrorCode = status; // if the error isn't "just" a partial transfer // stops animations, removes from cache this->Cancel(status); } if (!image) { // We have to fire the OnStopRequest notifications ourselves because there's // no image capable of doing so. Progress progress = LoadCompleteProgress(lastPart, /* aError = */ false, status); RefPtr progressTracker = GetProgressTracker(); progressTracker->SyncNotifyProgress(progress); } mTimedChannel = nullptr; return NS_OK; } struct mimetype_closure { nsACString* newType; uint32_t segmentSize; }; /* prototype for these defined below */ static nsresult sniff_mimetype_callback(nsIInputStream* in, void* closure, const char* fromRawSegment, uint32_t toOffset, uint32_t count, uint32_t* writeCount); /** nsThreadRetargetableStreamListener methods **/ NS_IMETHODIMP imgRequest::CheckListenerChain() { // TODO Might need more checking here. NS_ASSERTION(NS_IsMainThread(), "Should be on the main thread!"); return NS_OK; } /** nsIStreamListener methods **/ struct NewPartResult final { explicit NewPartResult(image::Image* aExistingImage) : mImage(aExistingImage) , mIsFirstPart(!aExistingImage) , mSucceeded(false) , mShouldResetCacheEntry(false) { } nsAutoCString mContentType; nsAutoCString mContentDisposition; RefPtr mImage; const bool mIsFirstPart; bool mSucceeded; bool mShouldResetCacheEntry; }; static NewPartResult PrepareForNewPart(nsIRequest* aRequest, nsIInputStream* aInStr, uint32_t aCount, nsIURI* aURI, bool aIsMultipart, image::Image* aExistingImage, ProgressTracker* aProgressTracker, uint32_t aInnerWindowId) { NewPartResult result(aExistingImage); if (aInStr) { mimetype_closure closure; closure.newType = &result.mContentType; closure.segmentSize = 0; // Look at the first few bytes and see if we can tell what the data is from // that since servers tend to lie. :( uint32_t out; aInStr->ReadSegments(sniff_mimetype_callback, &closure, aCount, &out); // We don't support WebP but we are getting reports of Firefox being served // WebP content in the wild. In particular this appears to be a problem on // Fennec where content authors assume Android implies WebP support. The // telemetry below is intended to get a sense of how prevalent this is. // // From the Google WebP FAQ example and the Modernizr library, websites may // supply a tiny WebP image to probe for feature support using scripts. The // probes are implemented as data URIs thus we should have all the content // upfront. We don't want to consider a probe as having observed WebP since // in theory the client should do the right thing when we fail to decode it. // See https://developers.google.com/speed/webp/faq for details. bool webp = result.mContentType.EqualsLiteral(IMAGE_WEBP); bool webpProbe = false; if (webp) { // The probes from the example/library are all < 90 bytes. Round it up // just in case. const uint32_t kMaxProbeSize = 100; if (closure.segmentSize < kMaxProbeSize && NS_FAILED(aURI->SchemeIs("data", &webpProbe))) { webpProbe = false; } if (webpProbe) { Telemetry::ScalarSet(Telemetry::ScalarID::IMAGES_WEBP_PROBE_OBSERVED, true); } else { Telemetry::ScalarSet(Telemetry::ScalarID::IMAGES_WEBP_CONTENT_OBSERVED, true); } } if (!webpProbe) { Telemetry::ScalarAdd(Telemetry::ScalarID::IMAGES_WEBP_CONTENT_FREQUENCY, webp ? NS_LITERAL_STRING("webp") : NS_LITERAL_STRING("other"), 1); } } nsCOMPtr chan(do_QueryInterface(aRequest)); if (result.mContentType.IsEmpty()) { nsresult rv = chan ? chan->GetContentType(result.mContentType) : NS_ERROR_FAILURE; if (NS_FAILED(rv)) { MOZ_LOG(gImgLog, LogLevel::Error, ("imgRequest::PrepareForNewPart -- " "Content type unavailable from the channel\n")); if (!aIsMultipart) { return result; } } } if (chan) { chan->GetContentDispositionHeader(result.mContentDisposition); } MOZ_LOG(gImgLog, LogLevel::Debug, ("imgRequest::PrepareForNewPart -- Got content type %s\n", result.mContentType.get())); // XXX If server lied about mimetype and it's SVG, we may need to copy // the data and dispatch back to the main thread, AND tell the channel to // dispatch there in the future. // Create the new image and give it ownership of our ProgressTracker. if (aIsMultipart) { // Create the ProgressTracker and image for this part. RefPtr progressTracker = new ProgressTracker(); RefPtr partImage = image::ImageFactory::CreateImage(aRequest, progressTracker, result.mContentType, aURI, /* aIsMultipart = */ true, aInnerWindowId); if (result.mIsFirstPart) { // First part for a multipart channel. Create the MultipartImage wrapper. MOZ_ASSERT(aProgressTracker, "Shouldn't have given away tracker yet"); aProgressTracker->SetIsMultipart(); result.mImage = image::ImageFactory::CreateMultipartImage(partImage, aProgressTracker); } else { // Transition to the new part. auto multipartImage = static_cast(aExistingImage); multipartImage->BeginTransitionToPart(partImage); // Reset our cache entry size so it doesn't keep growing without bound. result.mShouldResetCacheEntry = true; } } else { MOZ_ASSERT(!aExistingImage, "New part for non-multipart channel?"); MOZ_ASSERT(aProgressTracker, "Shouldn't have given away tracker yet"); // Create an image using our progress tracker. result.mImage = image::ImageFactory::CreateImage(aRequest, aProgressTracker, result.mContentType, aURI, /* aIsMultipart = */ false, aInnerWindowId); } MOZ_ASSERT(result.mImage); if (!result.mImage->HasError() || aIsMultipart) { // We allow multipart images to fail to initialize (which generally // indicates a bad content type) without cancelling the load, because // subsequent parts might be fine. result.mSucceeded = true; } return result; } class FinishPreparingForNewPartRunnable final : public Runnable { public: FinishPreparingForNewPartRunnable(imgRequest* aImgRequest, NewPartResult&& aResult) : Runnable("FinishPreparingForNewPartRunnable") , mImgRequest(aImgRequest) , mResult(aResult) { MOZ_ASSERT(aImgRequest); } NS_IMETHOD Run() override { mImgRequest->FinishPreparingForNewPart(mResult); return NS_OK; } private: RefPtr mImgRequest; NewPartResult mResult; }; void imgRequest::FinishPreparingForNewPart(const NewPartResult& aResult) { MOZ_ASSERT(NS_IsMainThread()); mContentType = aResult.mContentType; SetProperties(aResult.mContentType, aResult.mContentDisposition); if (aResult.mIsFirstPart) { // Notify listeners that we have an image. RefPtr progressTracker = GetProgressTracker(); progressTracker->OnImageAvailable(); MOZ_ASSERT(progressTracker->HasImage()); } if (aResult.mShouldResetCacheEntry) { ResetCacheEntry(); } if (IsDecodeRequested()) { aResult.mImage->StartDecoding(imgIContainer::FLAG_NONE); } } NS_IMETHODIMP imgRequest::OnDataAvailable(nsIRequest* aRequest, nsISupports* aContext, nsIInputStream* aInStr, uint64_t aOffset, uint32_t aCount) { LOG_SCOPE_WITH_PARAM(gImgLog, "imgRequest::OnDataAvailable", "count", aCount); NS_ASSERTION(aRequest, "imgRequest::OnDataAvailable -- no request!"); RefPtr image; RefPtr progressTracker; bool isMultipart = false; bool newPartPending = false; // Retrieve and update our state. { MutexAutoLock lock(mMutex); mGotData = true; image = mImage; progressTracker = mProgressTracker; isMultipart = mIsMultiPartChannel; newPartPending = mNewPartPending; mNewPartPending = false; } // If this is a new part, we need to sniff its content type and create an // appropriate image. if (newPartPending) { NewPartResult result = PrepareForNewPart(aRequest, aInStr, aCount, mURI, isMultipart, image, progressTracker, mInnerWindowId); bool succeeded = result.mSucceeded; if (result.mImage) { image = result.mImage; nsCOMPtr eventTarget; // Update our state to reflect this new part. { MutexAutoLock lock(mMutex); mImage = image; // We only get an event target if we are not on the main thread, because // we have to dispatch in that case. If we are on the main thread, but // on a different scheduler group than ProgressTracker would give us, // that is okay because nothing in imagelib requires that, just our // listeners (which have their own checks). if (!NS_IsMainThread()) { eventTarget = mProgressTracker->GetEventTarget(); MOZ_ASSERT(eventTarget); } mProgressTracker = nullptr; } // Some property objects are not threadsafe, and we need to send // OnImageAvailable on the main thread, so finish on the main thread. if (!eventTarget) { MOZ_ASSERT(NS_IsMainThread()); FinishPreparingForNewPart(result); } else { nsCOMPtr runnable = new FinishPreparingForNewPartRunnable(this, std::move(result)); eventTarget->Dispatch(runnable.forget(), NS_DISPATCH_NORMAL); } } if (!succeeded) { // Something went wrong; probably a content type issue. Cancel(NS_IMAGELIB_ERROR_FAILURE); return NS_BINDING_ABORTED; } } // Notify the image that it has new data. if (aInStr) { nsresult rv = image->OnImageDataAvailable(aRequest, aContext, aInStr, aOffset, aCount); if (NS_FAILED(rv)) { MOZ_LOG(gImgLog, LogLevel::Warning, ("[this=%p] imgRequest::OnDataAvailable -- " "copy to RasterImage failed\n", this)); Cancel(NS_IMAGELIB_ERROR_FAILURE); return NS_BINDING_ABORTED; } } return NS_OK; } void imgRequest::SetProperties(const nsACString& aContentType, const nsACString& aContentDisposition) { /* set our mimetype as a property */ nsCOMPtr contentType = do_CreateInstance("@mozilla.org/supports-cstring;1"); if (contentType) { contentType->SetData(aContentType); mProperties->Set("type", contentType); } /* set our content disposition as a property */ if (!aContentDisposition.IsEmpty()) { nsCOMPtr contentDisposition = do_CreateInstance("@mozilla.org/supports-cstring;1"); if (contentDisposition) { contentDisposition->SetData(aContentDisposition); mProperties->Set("content-disposition", contentDisposition); } } } static nsresult sniff_mimetype_callback(nsIInputStream* in, void* data, const char* fromRawSegment, uint32_t toOffset, uint32_t count, uint32_t* writeCount) { mimetype_closure* closure = static_cast(data); NS_ASSERTION(closure, "closure is null!"); closure->segmentSize = count; if (count > 0) { imgLoader::GetMimeTypeFromContent(fromRawSegment, count, *closure->newType); } *writeCount = 0; return NS_ERROR_FAILURE; } /** nsIInterfaceRequestor methods **/ NS_IMETHODIMP imgRequest::GetInterface(const nsIID & aIID, void** aResult) { if (!mPrevChannelSink || aIID.Equals(NS_GET_IID(nsIChannelEventSink))) { return QueryInterface(aIID, aResult); } NS_ASSERTION(mPrevChannelSink != this, "Infinite recursion - don't keep track of channel sinks that are us!"); return mPrevChannelSink->GetInterface(aIID, aResult); } /** nsIChannelEventSink methods **/ NS_IMETHODIMP imgRequest::AsyncOnChannelRedirect(nsIChannel* oldChannel, nsIChannel* newChannel, uint32_t flags, nsIAsyncVerifyRedirectCallback* callback) { NS_ASSERTION(mRequest && mChannel, "Got a channel redirect after we nulled out mRequest!"); NS_ASSERTION(mChannel == oldChannel, "Got a channel redirect for an unknown channel!"); NS_ASSERTION(newChannel, "Got a redirect to a NULL channel!"); SetCacheValidation(mCacheEntry, oldChannel); // Prepare for callback mRedirectCallback = callback; mNewRedirectChannel = newChannel; nsCOMPtr sink(do_GetInterface(mPrevChannelSink)); if (sink) { nsresult rv = sink->AsyncOnChannelRedirect(oldChannel, newChannel, flags, this); if (NS_FAILED(rv)) { mRedirectCallback = nullptr; mNewRedirectChannel = nullptr; } return rv; } (void) OnRedirectVerifyCallback(NS_OK); return NS_OK; } NS_IMETHODIMP imgRequest::OnRedirectVerifyCallback(nsresult result) { NS_ASSERTION(mRedirectCallback, "mRedirectCallback not set in callback"); NS_ASSERTION(mNewRedirectChannel, "mNewRedirectChannel not set in callback"); if (NS_FAILED(result)) { mRedirectCallback->OnRedirectVerifyCallback(result); mRedirectCallback = nullptr; mNewRedirectChannel = nullptr; return NS_OK; } mChannel = mNewRedirectChannel; mTimedChannel = do_QueryInterface(mChannel); mNewRedirectChannel = nullptr; if (LOG_TEST(LogLevel::Debug)) { LOG_MSG_WITH_PARAM(gImgLog, "imgRequest::OnChannelRedirect", "old", mFinalURI ? mFinalURI->GetSpecOrDefault().get() : ""); } // If the previous URI is a non-HTTPS URI, record that fact for later use by // security code, which needs to know whether there is an insecure load at any // point in the redirect chain. bool isHttps = false; bool isChrome = false; bool schemeLocal = false; if (NS_FAILED(mFinalURI->SchemeIs("https", &isHttps)) || NS_FAILED(mFinalURI->SchemeIs("chrome", &isChrome)) || NS_FAILED(NS_URIChainHasFlags(mFinalURI, nsIProtocolHandler::URI_IS_LOCAL_RESOURCE, &schemeLocal)) || (!isHttps && !isChrome && !schemeLocal)) { MutexAutoLock lock(mMutex); // The csp directive upgrade-insecure-requests performs an internal redirect // to upgrade all requests from http to https before any data is fetched from // the network. Do not pollute mHadInsecureRedirect in case of such an internal // redirect. nsCOMPtr loadInfo = mChannel->GetLoadInfo(); bool upgradeInsecureRequests = loadInfo ? loadInfo->GetUpgradeInsecureRequests() || loadInfo->GetBrowserUpgradeInsecureRequests() : false; if (!upgradeInsecureRequests) { mHadInsecureRedirect = true; } } // Update the final URI. mChannel->GetURI(getter_AddRefs(mFinalURI)); if (LOG_TEST(LogLevel::Debug)) { LOG_MSG_WITH_PARAM(gImgLog, "imgRequest::OnChannelRedirect", "new", mFinalURI ? mFinalURI->GetSpecOrDefault().get() : ""); } // Make sure we have a protocol that returns data rather than opens an // external application, e.g. 'mailto:'. bool doesNotReturnData = false; nsresult rv = NS_URIChainHasFlags(mFinalURI, nsIProtocolHandler::URI_DOES_NOT_RETURN_DATA, &doesNotReturnData); if (NS_SUCCEEDED(rv) && doesNotReturnData) { rv = NS_ERROR_ABORT; } if (NS_FAILED(rv)) { mRedirectCallback->OnRedirectVerifyCallback(rv); mRedirectCallback = nullptr; return NS_OK; } mRedirectCallback->OnRedirectVerifyCallback(NS_OK); mRedirectCallback = nullptr; return NS_OK; }