[tbb-commits] [Git][tpo/applications/tor-browser][tor-browser-128.1.0esr-14.0-1] 2 commits: Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load...
ma1 (@ma1)
git at gitlab.torproject.org
Mon Aug 5 08:43:30 UTC 2024
ma1 pushed to branch tor-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser
Commits:
7bd25966 by Timothy Nikkel at 2024-08-05T10:37:44+02:00
Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin
If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel.
Differential Revision: https://phabricator.services.mozilla.com/D212083
- - - - -
88158de9 by Jon Coppeard at 2024-08-05T10:40:09+02:00
Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain
Differential Revision: https://phabricator.services.mozilla.com/D214799
- - - - -
6 changed files:
- image/test/browser/browser.toml
- + image/test/browser/browser_bug1899180.js
- + image/test/browser/helper1899180.html
- js/src/gc/Zone.cpp
- + js/src/jit-test/tests/debug/bug-1904011.js
- toolkit/components/antitracking/StoragePrincipalHelper.cpp
Changes:
=====================================
image/test/browser/browser.toml
=====================================
@@ -15,6 +15,9 @@ skip-if = ["true"] # Bug 1207012 - Permaorange from an uncaught exception that i
["browser_bug1869938.js"]
support-files = ["helper1869938.html"]
+["browser_bug1899180.js"]
+support-files = ["helper1899180.html"]
+
["browser_docshell_type_editor.js"]
["browser_image.js"]
=====================================
image/test/browser/browser_bug1899180.js
=====================================
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This test opens a private browsing window, then opens a content page in it
+ * that loads an svg image that contains an image to an external protocol.
+ * This tests that we don't hit an assert in this situation.
+ */
+
+add_task(async function test() {
+ function httpURL(filename) {
+ let chromeURL = getRootDirectory(gTestPath) + filename;
+ return chromeURL.replace(
+ "chrome://mochitests/content/",
+ "http://mochi.test:8888/"
+ );
+ }
+
+ let win = await BrowserTestUtils.openNewBrowserWindow({ private: true });
+
+ let tab = (win.gBrowser.selectedTab = BrowserTestUtils.addTab(
+ win.gBrowser,
+ "about:blank"
+ ));
+
+ await BrowserTestUtils.browserLoaded(tab.linkedBrowser);
+
+ const pageUrl = httpURL("helper1899180.html");
+
+ BrowserTestUtils.startLoadingURIString(tab.linkedBrowser, pageUrl);
+
+ await BrowserTestUtils.browserLoaded(tab.linkedBrowser);
+
+ await new Promise(resolve => {
+ waitForFocus(resolve, win);
+ });
+
+ // do a couple rafs here to ensure its loaded and displayed
+ await new Promise(r => requestAnimationFrame(r));
+ await new Promise(r => requestAnimationFrame(r));
+
+ await BrowserTestUtils.closeWindow(win);
+
+ win = null;
+ tab = null;
+
+ ok(true, "we got here and didn't crash/assert");
+});
=====================================
image/test/browser/helper1899180.html
=====================================
@@ -0,0 +1,5 @@
+<!DOCTYPE html>
+<html>
+<!-- just an svg that contains an image whose src points to a protocol that firefox doesn't support -->
+<img src='data:image/svg+xml;charset=UTF-8,<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 120 120"><image width="10" height="10" xlink:href="C:\doesntmatter.png"/></svg>'/>
+</html>
=====================================
js/src/gc/Zone.cpp
=====================================
@@ -906,7 +906,13 @@ void Zone::clearScriptCounts(Realm* realm) {
// Clear all hasScriptCounts_ flags of BaseScript, in order to release all
// ScriptCounts entries of the given realm.
for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) {
- BaseScript* script = i.get().key();
+ const HeapPtr<BaseScript*>& script = i.get().key();
+ if (IsAboutToBeFinalized(script)) {
+ // Dead scripts may be present during incremental GC until script
+ // finalizers have been run.
+ continue;
+ }
+
if (script->realm() != realm) {
continue;
}
@@ -927,7 +933,13 @@ void Zone::clearScriptLCov(Realm* realm) {
}
for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) {
- BaseScript* script = i.get().key();
+ const HeapPtr<BaseScript*>& script = i.get().key();
+ if (IsAboutToBeFinalized(script)) {
+ // Dead scripts may be present during incremental GC until script
+ // finalizers have been run.
+ continue;
+ }
+
if (script->realm() == realm) {
i.remove();
}
=====================================
js/src/jit-test/tests/debug/bug-1904011.js
=====================================
@@ -0,0 +1,15 @@
+// |jit-test| --fuzzing-safe; --ion-offthread-compile=off
+gczeal(0);
+
+let g = newGlobal({newCompartment: true});
+let dbg = new Debugger(g);
+
+dbg.collectCoverageInfo = true;
+g.eval("0");
+
+// Start a GC in the debugger's zone and yield after sweeping objects.
+schedulezone(g);
+gczeal(22);
+startgc(100);
+
+dbg.collectCoverageInfo = false;
=====================================
toolkit/components/antitracking/StoragePrincipalHelper.cpp
=====================================
@@ -447,7 +447,7 @@ bool StoragePrincipalHelper::GetOriginAttributes(
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
loadInfo->GetOriginAttributes(&aAttributes);
- bool isPrivate = false;
+ bool isPrivate = aAttributes.mPrivateBrowsingId > 0;
nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel);
if (pbChannel) {
nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate);
@@ -456,7 +456,9 @@ bool StoragePrincipalHelper::GetOriginAttributes(
// Some channels may not implement nsIPrivateBrowsingChannel
nsCOMPtr<nsILoadContext> loadContext;
NS_QueryNotificationCallbacks(aChannel, loadContext);
- isPrivate = loadContext && loadContext->UsePrivateBrowsing();
+ if (loadContext) {
+ isPrivate = loadContext->UsePrivateBrowsing();
+ }
}
aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate);
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/693e125ea60ae5a9a46b2ad0f8a92fd9885ce7bb...88158de968426db0ae52948a618a1c9eca6ab40a
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/693e125ea60ae5a9a46b2ad0f8a92fd9885ce7bb...88158de968426db0ae52948a618a1c9eca6ab40a
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20240805/f80e7fb0/attachment-0001.htm>
More information about the tbb-commits
mailing list