ma1 pushed to branch base-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser
Commits: b2d3f133 by Timothy Nikkel at 2024-08-06T15:54:56+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin
If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel.
Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - c7378d88 by Jon Coppeard at 2024-08-06T15:55:02+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain
Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - -
6 changed files:
- image/test/browser/browser.toml - + image/test/browser/browser_bug1899180.js - + image/test/browser/helper1899180.html - js/src/gc/Zone.cpp - + js/src/jit-test/tests/debug/bug-1904011.js - toolkit/components/antitracking/StoragePrincipalHelper.cpp
Changes:
===================================== image/test/browser/browser.toml ===================================== @@ -15,6 +15,9 @@ skip-if = ["true"] # Bug 1207012 - Permaorange from an uncaught exception that i ["browser_bug1869938.js"] support-files = ["helper1869938.html"]
+["browser_bug1899180.js"] +support-files = ["helper1899180.html"] + ["browser_docshell_type_editor.js"]
["browser_image.js"]
===================================== image/test/browser/browser_bug1899180.js ===================================== @@ -0,0 +1,49 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * This test opens a private browsing window, then opens a content page in it + * that loads an svg image that contains an image to an external protocol. + * This tests that we don't hit an assert in this situation. + */ + +add_task(async function test() { + function httpURL(filename) { + let chromeURL = getRootDirectory(gTestPath) + filename; + return chromeURL.replace( + "chrome://mochitests/content/", + "http://mochi.test:8888/" + ); + } + + let win = await BrowserTestUtils.openNewBrowserWindow({ private: true }); + + let tab = (win.gBrowser.selectedTab = BrowserTestUtils.addTab( + win.gBrowser, + "about:blank" + )); + + await BrowserTestUtils.browserLoaded(tab.linkedBrowser); + + const pageUrl = httpURL("helper1899180.html"); + + BrowserTestUtils.startLoadingURIString(tab.linkedBrowser, pageUrl); + + await BrowserTestUtils.browserLoaded(tab.linkedBrowser); + + await new Promise(resolve => { + waitForFocus(resolve, win); + }); + + // do a couple rafs here to ensure its loaded and displayed + await new Promise(r => requestAnimationFrame(r)); + await new Promise(r => requestAnimationFrame(r)); + + await BrowserTestUtils.closeWindow(win); + + win = null; + tab = null; + + ok(true, "we got here and didn't crash/assert"); +});
===================================== image/test/browser/helper1899180.html ===================================== @@ -0,0 +1,5 @@ +<!DOCTYPE html> +<html> +<!-- just an svg that contains an image whose src points to a protocol that firefox doesn't support --> +<img src='data:image/svg+xml;charset=UTF-8,<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 120 120"><image width="10" height="10" xlink:href="C:\doesntmatter.png"/></svg>'/> +</html>
===================================== js/src/gc/Zone.cpp ===================================== @@ -906,7 +906,13 @@ void Zone::clearScriptCounts(Realm* realm) { // Clear all hasScriptCounts_ flags of BaseScript, in order to release all // ScriptCounts entries of the given realm. for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() != realm) { continue; } @@ -927,7 +933,13 @@ void Zone::clearScriptLCov(Realm* realm) { }
for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() == realm) { i.remove(); }
===================================== js/src/jit-test/tests/debug/bug-1904011.js ===================================== @@ -0,0 +1,15 @@ +// |jit-test| --fuzzing-safe; --ion-offthread-compile=off +gczeal(0); + +let g = newGlobal({newCompartment: true}); +let dbg = new Debugger(g); + +dbg.collectCoverageInfo = true; +g.eval("0"); + +// Start a GC in the debugger's zone and yield after sweeping objects. +schedulezone(g); +gczeal(22); +startgc(100); + +dbg.collectCoverageInfo = false;
===================================== toolkit/components/antitracking/StoragePrincipalHelper.cpp ===================================== @@ -447,7 +447,7 @@ bool StoragePrincipalHelper::GetOriginAttributes( nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); loadInfo->GetOriginAttributes(&aAttributes);
- bool isPrivate = false; + bool isPrivate = aAttributes.mPrivateBrowsingId > 0; nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel); if (pbChannel) { nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate); @@ -456,7 +456,9 @@ bool StoragePrincipalHelper::GetOriginAttributes( // Some channels may not implement nsIPrivateBrowsingChannel nsCOMPtr<nsILoadContext> loadContext; NS_QueryNotificationCallbacks(aChannel, loadContext); - isPrivate = loadContext && loadContext->UsePrivateBrowsing(); + if (loadContext) { + isPrivate = loadContext->UsePrivateBrowsing(); + } } aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate);
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ac2dbd4...