ma1 pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser

Commits:

2 changed files:

Changes:

  • docshell/base/BrowsingContext.cpp
    ... ... @@ -578,9 +578,20 @@ mozilla::ipc::IPCResult BrowsingContext::CreateFromIPC(
    578 578 
       context->mRequestContextId = aInit.mRequestContextId;
    579 579 
       // NOTE: Private browsing ID is set by `SetOriginAttributes`.
    580 580
    581 
    +  if (const char* failure =
    582 
    +          context->BrowsingContextCoherencyChecks(aOriginProcess)) {
    583 
    +    mozilla::ipc::IProtocol* actor = aOriginProcess;
    584 
    +    if (!actor) {
    585 
    +      actor = ContentChild::GetSingleton();
    586 
    +    }
    587 
    +    return IPC_FAIL_UNSAFE_PRINTF(actor, "Incoherent BrowsingContext: %s",
    588 
    +                                  failure);
    589 
    +  }
    590 
    +
    581 591 
       Register(context);
    582 592
    583 
    -  return context->Attach(/* aFromIPC */ true, aOriginProcess);
    593 
    +  context->Attach(/* aFromIPC */ true, aOriginProcess);
    594 
    +  return IPC_OK();
    584 595 
     }
    585 596
    586 597 
     BrowsingContext::BrowsingContext(WindowContext* aParentWindow,
    ... ... @@ -795,8 +806,64 @@ void BrowsingContext::Embed() {
    795 806 
       }
    796 807 
     }
    797 808
    798 
    -mozilla::ipc::IPCResult BrowsingContext::Attach(bool aFromIPC,
    799 
    -                                                ContentParent* aOriginProcess) {
    809 
    +const char* BrowsingContext::BrowsingContextCoherencyChecks(
    810 
    +    ContentParent* aOriginProcess) {
    811 
    +#define COHERENCY_ASSERT(condition) \
    812 
    +  if (!(condition)) return "Assertion " #condition " failed";
    813 
    +
    814 
    +  if (mGroup->IsPotentiallyCrossOriginIsolated() !=
    815 
    +      (Top()->GetOpenerPolicy() ==
    816 
    +       nsILoadInfo::OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP)) {
    817 
    +    return "Invalid CrossOriginIsolated state";
    818 
    +  }
    819 
    +
    820 
    +  if (aOriginProcess && !IsContent()) {
    821 
    +    return "Content cannot create chrome BCs";
    822 
    +  }
    823 
    +
    824 
    +  // LoadContext should generally match our opener or parent.
    825 
    +  if (IsContent()) {
    826 
    +    if (RefPtr<BrowsingContext> opener = GetOpener()) {
    827 
    +      COHERENCY_ASSERT(opener->mType == mType);
    828 
    +      COHERENCY_ASSERT(opener->mGroup == mGroup);
    829 
    +      COHERENCY_ASSERT(opener->mUseRemoteTabs == mUseRemoteTabs);
    830 
    +      COHERENCY_ASSERT(opener->mUseRemoteSubframes == mUseRemoteSubframes);
    831 
    +      COHERENCY_ASSERT(opener->mPrivateBrowsingId == mPrivateBrowsingId);
    832 
    +      COHERENCY_ASSERT(
    833 
    +          opener->mOriginAttributes.EqualsIgnoringFPD(mOriginAttributes));
    834 
    +    }
    835 
    +  }
    836 
    +  if (RefPtr<BrowsingContext> parent = GetParent()) {
    837 
    +    COHERENCY_ASSERT(parent->mType == mType);
    838 
    +    COHERENCY_ASSERT(parent->mGroup == mGroup);
    839 
    +    COHERENCY_ASSERT(parent->mUseRemoteTabs == mUseRemoteTabs);
    840 
    +    COHERENCY_ASSERT(parent->mUseRemoteSubframes == mUseRemoteSubframes);
    841 
    +    COHERENCY_ASSERT(parent->mPrivateBrowsingId == mPrivateBrowsingId);
    842 
    +    COHERENCY_ASSERT(
    843 
    +        parent->mOriginAttributes.EqualsIgnoringFPD(mOriginAttributes));
    844 
    +  }
    845 
    +
    846 
    +  // UseRemoteSubframes and UseRemoteTabs must match.
    847 
    +  if (mUseRemoteSubframes && !mUseRemoteTabs) {
    848 
    +    return "Cannot set useRemoteSubframes without also setting useRemoteTabs";
    849 
    +  }
    850 
    +
    851 
    +  // Double-check OriginAttributes/Private Browsing
    852 
    +  // Chrome browsing contexts must not have a private browsing OriginAttribute
    853 
    +  // Content browsing contexts must maintain the equality:
    854 
    +  // mOriginAttributes.mPrivateBrowsingId == mPrivateBrowsingId
    855 
    +  if (IsChrome()) {
    856 
    +    COHERENCY_ASSERT(mOriginAttributes.mPrivateBrowsingId == 0);
    857 
    +  } else {
    858 
    +    COHERENCY_ASSERT(mOriginAttributes.mPrivateBrowsingId ==
    859 
    +                     mPrivateBrowsingId);
    860 
    +  }
    861 
    +#undef COHERENCY_ASSERT
    862 
    +
    863 
    +  return nullptr;
    864 
    +}
    865 
    +
    866 
    +void BrowsingContext::Attach(bool aFromIPC, ContentParent* aOriginProcess) {
    800 867 
       MOZ_DIAGNOSTIC_ASSERT(!mEverAttached);
    801 868 
       MOZ_DIAGNOSTIC_ASSERT_IF(aFromIPC, aOriginProcess || XRE_IsContentProcess());
    802 869 
       mEverAttached = true;
    ... ... @@ -815,25 +882,15 @@ mozilla::ipc::IPCResult BrowsingContext::Attach(bool aFromIPC,
    815 882 
       MOZ_DIAGNOSTIC_ASSERT(mGroup);
    816 883 
       MOZ_DIAGNOSTIC_ASSERT(!mIsDiscarded);
    817 884
    818 
    -  if (mGroup->IsPotentiallyCrossOriginIsolated() !=
    819 
    -      (Top()->GetOpenerPolicy() ==
    820 
    -       nsILoadInfo::OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP)) {
    821 
    -    MOZ_DIAGNOSTIC_ASSERT(aFromIPC);
    822 
    -    if (aFromIPC) {
    823 
    -      auto* actor = aOriginProcess
    824 
    -                        ? static_cast<mozilla::ipc::IProtocol*>(aOriginProcess)
    825 
    -                        : static_cast<mozilla::ipc::IProtocol*>(
    826 
    -                              ContentChild::GetSingleton());
    827 
    -      return IPC_FAIL(
    828 
    -          actor,
    829 
    -          "Invalid CrossOriginIsolated state in BrowsingContext::Attach call");
    830 
    -    } else {
    831 
    -      MOZ_CRASH(
    832 
    -          "Invalid CrossOriginIsolated state in BrowsingContext::Attach call");
    885 
    +#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
    886 
    +  // We'll already have checked this if `aFromIPC` is set before calling this
    887 
    +  // function.
    888 
    +  if (!aFromIPC) {
    889 
    +    if (const char* failure = BrowsingContextCoherencyChecks(aOriginProcess)) {
    890 
    +      MOZ_CRASH_UNSAFE_PRINTF("Incoherent BrowsingContext: %s", failure);
    833 891 
         }
    834 892 
       }
    835 
    -
    836 
    -  AssertCoherentLoadContext();
    893 
    +#endif
    837 894
    838 895 
       // Add ourselves either to our parent or BrowsingContextGroup's child list.
    839 896 
       // Important: We shouldn't return IPC_FAIL after this point, since the
    ... ... @@ -915,7 +972,6 @@ mozilla::ipc::IPCResult BrowsingContext::Attach(bool aFromIPC,
    915 972 
       if (XRE_IsParentProcess()) {
    916 973 
         Canonical()->CanonicalAttach();
    917 974 
       }
    918 
    -  return IPC_OK();
    919 975 
     }
    920 976
    921 977 
     void BrowsingContext::Detach(bool aFromIPC) {
    ... ... @@ -1768,40 +1824,6 @@ nsresult BrowsingContext::SetOriginAttributes(const OriginAttributes& aAttrs) {
    1768 1824 
       return NS_OK;
    1769 1825 
     }
    1770 1826
    1771 
    -void BrowsingContext::AssertCoherentLoadContext() {
    1772 
    -#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
    1773 
    -  // LoadContext should generally match our opener or parent.
    1774 
    -  if (IsContent()) {
    1775 
    -    if (RefPtr<BrowsingContext> opener = GetOpener()) {
    1776 
    -      MOZ_DIAGNOSTIC_ASSERT(opener->mType == mType);
    1777 
    -      MOZ_DIAGNOSTIC_ASSERT(opener->mGroup == mGroup);
    1778 
    -      MOZ_DIAGNOSTIC_ASSERT(opener->mUseRemoteTabs == mUseRemoteTabs);
    1779 
    -      MOZ_DIAGNOSTIC_ASSERT(opener->mUseRemoteSubframes == mUseRemoteSubframes);
    1780 
    -      MOZ_DIAGNOSTIC_ASSERT(opener->mPrivateBrowsingId == mPrivateBrowsingId);
    1781 
    -      MOZ_DIAGNOSTIC_ASSERT(
    1782 
    -          opener->mOriginAttributes.EqualsIgnoringFPD(mOriginAttributes));
    1783 
    -    }
    1784 
    -  }
    1785 
    -  if (RefPtr<BrowsingContext> parent = GetParent()) {
    1786 
    -    MOZ_DIAGNOSTIC_ASSERT(parent->mType == mType);
    1787 
    -    MOZ_DIAGNOSTIC_ASSERT(parent->mGroup == mGroup);
    1788 
    -    MOZ_DIAGNOSTIC_ASSERT(parent->mUseRemoteTabs == mUseRemoteTabs);
    1789 
    -    MOZ_DIAGNOSTIC_ASSERT(parent->mUseRemoteSubframes == mUseRemoteSubframes);
    1790 
    -    MOZ_DIAGNOSTIC_ASSERT(parent->mPrivateBrowsingId == mPrivateBrowsingId);
    1791 
    -    MOZ_DIAGNOSTIC_ASSERT(
    1792 
    -        parent->mOriginAttributes.EqualsIgnoringFPD(mOriginAttributes));
    1793 
    -  }
    1794 
    -
    1795 
    -  // UseRemoteSubframes and UseRemoteTabs must match.
    1796 
    -  MOZ_DIAGNOSTIC_ASSERT(
    1797 
    -      !mUseRemoteSubframes || mUseRemoteTabs,
    1798 
    -      "Cannot set useRemoteSubframes without also setting useRemoteTabs");
    1799 
    -
    1800 
    -  // Double-check OriginAttributes/Private Browsing
    1801 
    -  AssertOriginAttributesMatchPrivateBrowsing();
    1802 
    -#endif
    1803 
    -}
    1804 
    -
    1805 1827 
     void BrowsingContext::AssertOriginAttributesMatchPrivateBrowsing() {
    1806 1828 
       // Chrome browsing contexts must not have a private browsing OriginAttribute
    1807 1829 
       // Content browsing contexts must maintain the equality:

  • docshell/base/BrowsingContext.h
    ... ... @@ -984,7 +984,18 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache {
    984 984 
                                            bool aHasPostData);
    985 985
    986 986 
      private:
    987 
    -  mozilla::ipc::IPCResult Attach(bool aFromIPC, ContentParent* aOriginProcess);
    987 
    +  // Assert that this BrowsingContext is coherent relative to related
    988 
    +  // BrowsingContexts. This will be run before the BrowsingContext is attached.
    989 
    +  //
    990 
    +  // A non-null string return value indicates that there was a coherency check
    991 
    +  // failure, which will be handled with either a crash or IPC failure.
    992 
    +  //
    993 
    +  // If provided, `aOriginProcess` is the process which is responsible for the
    994 
    +  // creation of this BrowsingContext.
    995 
    +  [[nodiscard]] const char* BrowsingContextCoherencyChecks(
    996 
    +      ContentParent* aOriginProcess);
    997 
    +
    998 
    +  void Attach(bool aFromIPC, ContentParent* aOriginProcess);
    988 999
    989 1000 
       // Recomputes whether we can execute scripts in this BrowsingContext based on
    990 1001 
       // the value of AllowJavascript() and whether scripts are allowed in the
    ... ... @@ -998,10 +1009,6 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache {
    998 1009
    999 1010 
       void AssertOriginAttributesMatchPrivateBrowsing();
    1000 1011
    1001 
    -  // Assert that the BrowsingContext's LoadContext flags appear coherent
    1002 
    -  // relative to related BrowsingContexts.
    1003 
    -  void AssertCoherentLoadContext();
    1004 
    -
    1005 1012 
       friend class ::nsOuterWindowProxy;
    1006 1013 
       friend class ::nsGlobalWindowOuter;
    1007 1014 
       friend class WindowContext;


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help