Fix for bug 308328 (crash in [@ nsDocument::GetPrincipal] when closing browser). r/sr=bz.

2005-10-14 09:07:29 +00:00 · 2005-10-14 09:07:29 +00:00 · ef98abb585
--- a/content/base/public/nsContentUtils.h
+++ b/content/base/public/nsContentUtils.h
@ -280,7 +280,11 @@ public:
  static nsIXTFService* GetXTFService();
 #endif

-  static nsIScriptSecurityManager* SecurityManager()
+  /**
+   * Get the cache security manager service. Can return null if the layout
+   * module has been shut down.
+   */
+  static nsIScriptSecurityManager* GetSecurityManager()
  {
    return sSecurityManager;
  }
--- a/content/base/src/nsContentAreaDragDrop.cpp
+++ b/content/base/src/nsContentAreaDragDrop.cpp
@ -574,7 +574,7 @@ nsContentAreaDragDrop::DragDrop(nsIDOMEvent* inMouseEvent)
          nsCAutoString sourceUriStr;
          sourceUri->GetSpec(sourceUriStr);

-          rv = nsContentUtils::SecurityManager()->
+          rv = nsContentUtils::GetSecurityManager()->
            CheckLoadURIStr(sourceUriStr, NS_ConvertUTF16toUTF8(url),
                            nsIScriptSecurityManager::STANDARD);

--- a/content/base/src/nsContentSink.cpp
+++ b/content/base/src/nsContentSink.cpp
@ -335,7 +335,7 @@ nsContentSink::ProcessHeaderData(nsIAtom* aHeader, const nsAString& aValue,
    }

    nsCOMPtr<nsIPrincipal> systemPrincipal;
-    nsContentUtils::SecurityManager()->
+    nsContentUtils::GetSecurityManager()->
      GetSystemPrincipal(getter_AddRefs(systemPrincipal));
    NS_ASSERTION(systemPrincipal, "No system principal");
    
--- a/content/base/src/nsDocument.cpp
+++ b/content/base/src/nsDocument.cpp
@ -542,7 +542,7 @@ nsDOMImplementation::CreateDocumentType(const nsAString& aQualifiedName,
  NS_ENSURE_TRUE(name, NS_ERROR_OUT_OF_MEMORY);

  nsCOMPtr<nsIPrincipal> principal;
-  rv = nsContentUtils::SecurityManager()->
+  rv = nsContentUtils::GetSecurityManager()->
    GetCodebasePrincipal(mBaseURI, getter_AddRefs(principal));
  NS_ENSURE_SUCCESS(rv, rv);
    
@ -1207,7 +1207,11 @@ nsDocument::GetPrincipal()
 {
  if (!mPrincipal) {
    nsIScriptSecurityManager *securityManager =
-      nsContentUtils::SecurityManager();
+      nsContentUtils::GetSecurityManager();
+
+    if (!securityManager) {
+      return nsnull;
+    }

    NS_WARN_IF_FALSE(mDocumentURI, "no URI!");
    nsresult rv =
@ -1263,7 +1267,7 @@ nsDocument::SetBaseURI(nsIURI* aURI)
    NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
    
    nsIScriptSecurityManager* securityManager =
-      nsContentUtils::SecurityManager();
+      nsContentUtils::GetSecurityManager();
    rv = securityManager->
      CheckLoadURIWithPrincipal(principal, aURI,
                                nsIScriptSecurityManager::STANDARD);
--- a/content/base/src/nsFrameLoader.cpp
+++ b/content/base/src/nsFrameLoader.cpp
@ -136,7 +136,7 @@ nsFrameLoader::LoadURI(nsIURI* aURI)
  NS_ENSURE_TRUE(loadInfo, NS_ERROR_FAILURE);

  // Check for security
-  nsIScriptSecurityManager *secMan = nsContentUtils::SecurityManager();
+  nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();

  // Get referring URL
  nsCOMPtr<nsIURI> referrer;
--- a/content/base/src/nsGenericElement.cpp
+++ b/content/base/src/nsGenericElement.cpp
@ -2417,7 +2417,7 @@ nsGenericElement::GetBaseURI() const
                 doc->GetDocumentCharacterSet().get(), parentBase);
  if (NS_SUCCEEDED(rv)) {
    // do a security check, almost the same as nsDocument::SetBaseURL()
-    rv = nsContentUtils::SecurityManager()->
+    rv = nsContentUtils::GetSecurityManager()->
      CheckLoadURIWithPrincipal(doc->GetPrincipal(), ourBase,
                                nsIScriptSecurityManager::STANDARD);
  }
--- a/content/base/src/nsObjectLoadingContent.cpp
+++ b/content/base/src/nsObjectLoadingContent.cpp
@ -643,7 +643,7 @@ nsObjectLoadingContent::ObjectURIChanged(nsIURI* aURI,
  // Null URIs happen when the URL to load is specified via other means than the
  // data/src attribute, for example via custom <param> elements.
  if (aURI) {
-    nsIScriptSecurityManager* secMan = nsContentUtils::SecurityManager();
+    nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
    NS_ASSERTION(secMan, "No security manager!?");
    nsresult rv = secMan->CheckLoadURIWithPrincipal(doc->GetPrincipal(), aURI, 0);
    if (NS_FAILED(rv)) {
--- a/content/base/src/nsRange.cpp
+++ b/content/base/src/nsRange.cpp
@ -2433,7 +2433,8 @@ nsRange::CreateContextualFragment(const nsAString& aFragment,
        nsCOMPtr<nsIPrincipal> sysPrin;
        nsCOMPtr<nsIPrincipal> subjectPrin;

-        nsIScriptSecurityManager *secMan = nsContentUtils::SecurityManager();
+        nsIScriptSecurityManager *secMan =
+          nsContentUtils::GetSecurityManager();

        // Just to compare, not to use!
        result = secMan->GetSystemPrincipal(getter_AddRefs(sysPrin));
--- a/content/base/src/nsScriptLoader.cpp
+++ b/content/base/src/nsScriptLoader.cpp
@ -85,7 +85,7 @@ IntersectPrincipalCerts(nsIPrincipal *aOld, nsIPrincipal *aNew)
      aOld->GetURI(getter_AddRefs(uri));
      aOld->GetDomain(getter_AddRefs(domain));

-      nsContentUtils::SecurityManager()->GetCodebasePrincipal(uri, &principal);
+      nsContentUtils::GetSecurityManager()->GetCodebasePrincipal(uri, &principal);
      if (principal && domain) {
        principal->SetDomain(domain);
      }
@ -507,7 +507,7 @@ nsScriptLoader::ProcessScriptElement(nsIScriptElement *aElement,
    if (!docPrincipal) {
      return FireErrorNotification(NS_ERROR_UNEXPECTED, aElement, aObserver);
    }
-    rv = nsContentUtils::SecurityManager()->
+    rv = nsContentUtils::GetSecurityManager()->
      CheckLoadURIWithPrincipal(docPrincipal, scriptURI,
                                nsIScriptSecurityManager::ALLOW_CHROME);

--- a/content/base/src/nsSyncLoadService.cpp
+++ b/content/base/src/nsSyncLoadService.cpp
@ -332,7 +332,7 @@ nsSyncLoader::LoadDocument(nsIChannel* aChannel,
        NS_ENSURE_SUCCESS(rv, rv);

        nsIScriptSecurityManager *securityManager =
-            nsContentUtils::SecurityManager();
+            nsContentUtils::GetSecurityManager();

        rv = securityManager->CheckLoadURI(aLoaderURI, docURI,
                                           nsIScriptSecurityManager::STANDARD);
@ -527,8 +527,10 @@ nsSyncLoader::OnChannelRedirect(nsIChannel *aOldChannel,
    rv = aNewChannel->GetURI(getter_AddRefs(newURI)); // The new URI
    NS_ENSURE_SUCCESS(rv, rv);

-    rv = nsContentUtils::SecurityManager()->CheckSameOriginURI(oldURI, newURI);
+    nsIScriptSecurityManager *securityManager =
+        nsContentUtils::GetSecurityManager();

+    rv = securityManager->CheckSameOriginURI(oldURI, newURI);
    NS_ENSURE_SUCCESS(rv, rv);

    mChannel = aNewChannel;
--- a/content/events/src/nsDOMEvent.cpp
+++ b/content/events/src/nsDOMEvent.cpp
@ -507,7 +507,7 @@ nsDOMEvent::InitEvent(const nsAString& aEventTypeArg, PRBool aCanBubbleArg, PRBo
    // Ensure the caller is permitted to dispatch trusted DOM events.

    PRBool enabled = PR_FALSE;
-    nsContentUtils::SecurityManager()->
+    nsContentUtils::GetSecurityManager()->
      IsCapabilityEnabled("UniversalBrowserWrite", &enabled);

    if (!enabled) {
--- a/content/events/src/nsEventListenerManager.cpp
+++ b/content/events/src/nsEventListenerManager.cpp
@ -1462,7 +1462,7 @@ nsEventListenerManager::RegisterScriptEventListener(nsIScriptContext *aContext,
        STRING_TO_JSVAL(::JS_InternString(cx, "addEventListener"));
    }

-    rv = nsContentUtils::SecurityManager()->
+    rv = nsContentUtils::GetSecurityManager()->
      CheckPropertyAccess(cx, jsobj,
                          "EventTarget",
                          sAddListenerID,
--- a/content/events/src/nsEventStateManager.cpp
+++ b/content/events/src/nsEventStateManager.cpp
@ -4558,7 +4558,7 @@ nsEventStateManager::DispatchNewEvent(nsISupports* aTarget,
    if (!trusted) {
      //Check security state to determine if dispatcher is trusted
      nsIScriptSecurityManager *securityManager =
-        nsContentUtils::SecurityManager();
+        nsContentUtils::GetSecurityManager();

      PRBool enabled;
      nsresult res =
--- a/content/html/content/src/nsHTMLFormElement.cpp
+++ b/content/html/content/src/nsHTMLFormElement.cpp
@ -1374,7 +1374,7 @@ nsHTMLFormElement::GetActionURL(nsIURI** aActionURL)
  // Get security manager, check to see if access to action URI is allowed.
  //
  nsIScriptSecurityManager *securityManager =
-      nsContentUtils::SecurityManager();
+      nsContentUtils::GetSecurityManager();
  rv = securityManager->
    CheckLoadURIWithPrincipal(document->GetPrincipal(), actionURL,
                              nsIScriptSecurityManager::STANDARD);
--- a/content/html/content/src/nsHTMLInputElement.cpp
+++ b/content/html/content/src/nsHTMLInputElement.cpp
@ -666,7 +666,7 @@ nsHTMLInputElement::SetValue(const nsAString& aValue)
  // OK and gives pages a way to clear a file input if necessary.
  if (mType == NS_FORM_INPUT_FILE && !aValue.IsEmpty()) {
    nsIScriptSecurityManager *securityManager =
-      nsContentUtils::SecurityManager();
+      nsContentUtils::GetSecurityManager();

    PRBool enabled;
    nsresult rv =
--- a/content/html/document/src/nsHTMLContentSink.cpp
+++ b/content/html/document/src/nsHTMLContentSink.cpp
@ -1991,8 +1991,8 @@ IsScriptEnabled(nsIDocument *aDoc, nsIDocShell *aContainer)
  NS_ENSURE_TRUE(cx, PR_TRUE);

  PRBool enabled = PR_TRUE;
-  nsContentUtils::SecurityManager()->CanExecuteScripts(cx, principal,
-                                                       &enabled);
+  nsContentUtils::GetSecurityManager()->CanExecuteScripts(cx, principal,
+                                                          &enabled);
  return enabled;
 }

@ -3607,7 +3607,7 @@ HTMLContentSink::ProcessBaseHref(const nsAString& aBaseHref)
    // NAV compatibility quirk

    nsIScriptSecurityManager *securityManager =
-      nsContentUtils::SecurityManager();
+      nsContentUtils::GetSecurityManager();

    rv = securityManager->
      CheckLoadURIWithPrincipal(mDocument->GetPrincipal(), baseHrefURI,
--- a/content/html/document/src/nsHTMLDocument.cpp
+++ b/content/html/document/src/nsHTMLDocument.cpp
@ -1849,7 +1849,7 @@ nsHTMLDocument::OpenCommon(const nsACString& aContentType, PRBool aReplace)
  }

  nsCOMPtr<nsIPrincipal> callerPrincipal;
-  nsContentUtils::SecurityManager()->
+  nsContentUtils::GetSecurityManager()->
    GetSubjectPrincipal(getter_AddRefs(callerPrincipal));

  // The URI for the document after this call. Get it from the calling
@ -2246,7 +2246,7 @@ nsHTMLDocument::ScriptWriteCommon(PRBool aNewlineTerminate)
    // document for security purposes. Thus a document.write of a script tag
    // ends up producing a script with the same principals as the script
    // that performed the write.
-    nsIScriptSecurityManager *secMan = nsContentUtils::SecurityManager();
+    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();

    nsCOMPtr<nsIPrincipal> subject;
    rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
@ -3550,7 +3550,7 @@ nsHTMLDocument::SetDesignMode(const nsAString & aDesignMode)
  if (!url.Equals("about:blank")) {
    // If we're 'about:blank' then we don't care who can edit us.
    // If we're not about:blank, then we need to check sameOrigin.
-    rv = nsContentUtils::SecurityManager()->CheckSameOrigin(nsnull,
+    rv = nsContentUtils::GetSecurityManager()->CheckSameOrigin(nsnull,
                                                            mDocumentURI);
    if (NS_FAILED(rv))
      return rv;
@ -3824,7 +3824,7 @@ nsHTMLDocument::DoClipboardSecurityCheck(PRBool aPaste)

    NS_NAMED_LITERAL_CSTRING(classNameStr, "Clipboard");

-    nsIScriptSecurityManager *secMan = nsContentUtils::SecurityManager();
+    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();

    if (aPaste) {
      if (nsHTMLDocument::sPasteInternal_id == JSVAL_VOID) {
--- a/content/html/document/src/nsWyciwygChannel.cpp
+++ b/content/html/document/src/nsWyciwygChannel.cpp
@ -208,7 +208,7 @@ nsWyciwygChannel::GetOwner(nsISupports **aOwner)
    NS_ENSURE_TRUE(mOriginalURI, NS_ERROR_FAILURE);

    nsCOMPtr<nsIPrincipal> principal;
-    nsIScriptSecurityManager *secMan = nsContentUtils::SecurityManager();
+    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
    rv = secMan->GetCodebasePrincipal(mOriginalURI, getter_AddRefs(principal));
    if (NS_SUCCEEDED(rv)) {
      mOwner = principal;
--- a/content/xbl/src/nsXBLBinding.cpp
+++ b/content/xbl/src/nsXBLBinding.cpp
@ -1203,6 +1203,11 @@ nsXBLBinding::AllowScripts()
  // Nasty hack.  Use the JSContext of the bound node, since the
  // security manager API expects to get the docshell type from
  // that.  But use the nsIPrincipal of our document.
+  nsIScriptSecurityManager* mgr = nsContentUtils::GetSecurityManager();
+  if (!mgr) {
+    return PR_FALSE;
+  }
+
  nsIDocument* doc = mBoundElement->GetOwnerDoc();
  if (!doc) {
    return PR_FALSE;
@ -1227,8 +1232,6 @@ nsXBLBinding::AllowScripts()
    return PR_FALSE;
  }

-  nsIScriptSecurityManager* mgr = nsContentUtils::SecurityManager();
-
  PRBool canExecute;
  nsresult rv = mgr->CanExecuteScripts(cx, principal, &canExecute);
  return NS_SUCCEEDED(rv) && canExecute;
--- a/content/xbl/src/nsXBLProtoImplMethod.cpp
+++ b/content/xbl/src/nsXBLProtoImplMethod.cpp
@ -330,7 +330,8 @@ nsXBLProtoImplAnonymousMethod::Execute(nsIContent* aBoundElement)
  nsCxPusher pusher(aBoundElement);

  // Check whether it's OK to call the method.
-  rv = nsContentUtils::SecurityManager()->CheckFunctionAccess(cx, method, thisObject);
+  rv = nsContentUtils::GetSecurityManager()->CheckFunctionAccess(cx, method,
+                                                                 thisObject);

  JSBool ok = JS_TRUE;
  if (NS_SUCCEEDED(rv)) {
--- a/content/xbl/src/nsXBLService.cpp
+++ b/content/xbl/src/nsXBLService.cpp
@ -552,7 +552,7 @@ nsXBLService::LoadBindings(nsIContent* aContent, nsIURI* aURL, PRBool aAugmentFl

  // Not everything with a chrome URI has a system principal.  See bug 160042.
  if (NS_FAILED(rv) || !isChrome) {
-    nsIScriptSecurityManager *secMan = nsContentUtils::SecurityManager();
+    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();

    rv = secMan->
      CheckLoadURIWithPrincipal(document->GetPrincipal(), aURL,
--- a/content/xml/document/src/nsXMLContentSink.cpp
+++ b/content/xml/document/src/nsXMLContentSink.cpp
@ -639,7 +639,7 @@ nsXMLContentSink::ProcessStyleLink(nsIContent* aElement,
    NS_ENSURE_SUCCESS(rv, rv);

    // Do security check
-    nsIScriptSecurityManager *secMan = nsContentUtils::SecurityManager();
+    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
    rv = secMan->
      CheckLoadURIWithPrincipal(mDocument->GetPrincipal(), url,
                                nsIScriptSecurityManager::ALLOW_CHROME);
--- a/content/xml/document/src/nsXMLDocument.cpp
+++ b/content/xml/document/src/nsXMLDocument.cpp
@ -276,7 +276,7 @@ nsXMLDocument::OnChannelRedirect(nsIChannel *aOldChannel,
  if (NS_FAILED(rv)) 
    return rv;

-  nsIScriptSecurityManager *secMan = nsContentUtils::SecurityManager();
+  nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();

  if (mScriptContext && !mCrossSiteAccessEnabled) {
    nsCOMPtr<nsIJSContextStack> stack(do_GetService("@mozilla.org/js/xpc/ContextStack;1", & rv));
--- a/content/xul/content/src/nsXULPopupListener.cpp
+++ b/content/xul/content/src/nsXULPopupListener.cpp
@ -243,8 +243,11 @@ XULPopupListenerImpl::PreLaunchPopup(nsIDOMEvent* aMouseEvent)
                                              getter_AddRefs(doc),
                                              getter_AddRefs(prin));
      if (prin) {
+        nsIScriptSecurityManager *securityManager =
+            nsContentUtils::GetSecurityManager();
+
        nsCOMPtr<nsIPrincipal> system;
-        nsContentUtils::SecurityManager()->GetSystemPrincipal(getter_AddRefs(system));
+        securityManager->GetSystemPrincipal(getter_AddRefs(system));
        if (prin != system) {
          // This isn't chrome.  Cancel the preventDefault() and
          // let the event go forth.
--- a/content/xul/document/src/nsXULPrototypeDocument.cpp
+++ b/content/xul/document/src/nsXULPrototypeDocument.cpp
@ -668,7 +668,7 @@ nsXULPrototypeDocument::GetDocumentPrincipal()
    NS_PRECONDITION(mNodeInfoManager, "missing nodeInfoManager");
    if (!mDocumentPrincipal) {
        nsIScriptSecurityManager *securityManager =
-            nsContentUtils::SecurityManager();
+            nsContentUtils::GetSecurityManager();
        nsresult rv = NS_OK;

        // XXX This should be handled by the security manager, see bug 160042
--- a/layout/style/nsCSSLoader.cpp
+++ b/layout/style/nsCSSLoader.cpp
@ -879,7 +879,7 @@ CSSLoaderImpl::CheckLoadAllowed(nsIURI* aSourceURI,
  LOG(("CSSLoaderImpl::CheckLoadAllowed"));
  
  // Check with the security manager
-  nsIScriptSecurityManager *secMan = nsContentUtils::SecurityManager();
+  nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
  nsresult rv = secMan->CheckLoadURI(aSourceURI, aTargetURI,
                                     nsIScriptSecurityManager::ALLOW_CHROME);
  if (NS_FAILED(rv)) { // failure is normal here; don't warn
--- a/layout/style/nsCSSStyleSheet.cpp
+++ b/layout/style/nsCSSStyleSheet.cpp
@ -2172,8 +2172,9 @@ nsCSSStyleSheet::GetCssRules(nsIDOMCSSRuleList** aCssRules)
    return NS_ERROR_FAILURE;

  // Get the security manager and do the same-origin check
-  rv = nsContentUtils::SecurityManager()->CheckSameOrigin(cx,
-                                                          mInner->mSheetURI);
+  nsIScriptSecurityManager *securityManager =
+    nsContentUtils::GetSecurityManager();
+  rv = securityManager->CheckSameOrigin(cx, mInner->mSheetURI);
  if (NS_FAILED(rv)) {
    return rv;
  }