Bug 966054 - MessagePort should use StructuredCloneBuffer as internal member, r=smaug

2024-09-13 09:24:08 -07:00 · 2014-03-05 03:28:20 +00:00 · 2014-03-05 03:28:20 +00:00 · aae5561a7c
commit aae5561a7c
parent 66a700605d
2 changed files with 12 additions and 44 deletions
--- a/dom/base/MessagePort.cpp
+++ b/dom/base/MessagePort.cpp
@ -55,24 +55,16 @@ class PostMessageRunnable : public nsRunnable
    NS_DECL_NSIRUNNABLE

    PostMessageRunnable()
-      : mMessage(nullptr)
-      , mMessageLen(0)
    {
    }

    ~PostMessageRunnable()
    {
-      // Ensure that the buffer is freed
-      if (mMessage) {
-        JSAutoStructuredCloneBuffer buffer;
-        buffer.adopt(mMessage, mMessageLen);
-      }
    }

-    void SetJSData(JSAutoStructuredCloneBuffer& aBuffer)
+    JSAutoStructuredCloneBuffer& Buffer()
    {
-      NS_ASSERTION(!mMessage && mMessageLen == 0, "Don't call twice!");
-      aBuffer.steal(&mMessage, &mMessageLen);
+      return mBuffer;
    }

    bool StoreISupports(nsISupports* aSupports)
@ -89,8 +81,7 @@ class PostMessageRunnable : public nsRunnable

  private:
    nsRefPtr<MessagePort> mPort;
-    uint64_t* mMessage;
-    size_t mMessageLen;
+    JSAutoStructuredCloneBuffer mBuffer;

    nsTArray<nsCOMPtr<nsISupports> > mSupportsArray;
 };
@ -225,12 +216,6 @@ PostMessageRunnable::Run()
 {
  MOZ_ASSERT(mPort);

-  // Ensure that the buffer is freed even if we fail to post the message
-  JSAutoStructuredCloneBuffer buffer;
-  buffer.adopt(mMessage, mMessageLen);
-  mMessage = nullptr;
-  mMessageLen = 0;
-
  // Get the JSContext for the target window
  nsCOMPtr<nsIScriptGlobalObject> sgo = do_QueryInterface(mPort->GetOwner());
  NS_ENSURE_STATE(sgo);
@ -247,7 +232,7 @@ PostMessageRunnable::Run()
    scInfo.mEvent = this;
    scInfo.mPort = mPort;

-    if (!buffer.read(cx, &messageData, &kPostMessageCallbacks, &scInfo)) {
+    if (!mBuffer.read(cx, &messageData, &kPostMessageCallbacks, &scInfo)) {
      return NS_ERROR_DOM_DATA_CLONE_ERR;
    }
  }
@ -364,7 +349,6 @@ MessagePort::PostMessageMoz(JSContext* aCx, JS::Handle<JS::Value> aMessage,

  // We *must* clone the data here, or the JS::Value could be modified
  // by script
-  JSAutoStructuredCloneBuffer buffer;
  StructuredCloneInfo scInfo;
  scInfo.mEvent = event;
  scInfo.mPort = this;
@ -388,14 +372,12 @@ MessagePort::PostMessageMoz(JSContext* aCx, JS::Handle<JS::Value> aMessage,
    transferable.setObject(*array);
  }

-  if (!buffer.write(aCx, aMessage, transferable, &kPostMessageCallbacks,
-                    &scInfo)) {
+  if (!event->Buffer().write(aCx, aMessage, transferable,
+                             &kPostMessageCallbacks, &scInfo)) {
    aRv.Throw(NS_ERROR_DOM_DATA_CLONE_ERR);
    return;
  }

-  event->SetJSData(buffer);
-
  if (!mEntangledPort) {
    return;
  }
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@ -7530,8 +7530,6 @@ class PostMessageEvent : public nsRunnable
                     bool aTrustedCaller)
    : mSource(aSource),
      mCallerOrigin(aCallerOrigin),
-      mMessage(nullptr),
-      mMessageLen(0),
      mTargetWindow(aTargetWindow),
      mProvidedPrincipal(aProvidedPrincipal),
      mTrustedCaller(aTrustedCaller)
@ -7541,14 +7539,12 @@ class PostMessageEvent : public nsRunnable
    
    ~PostMessageEvent()
    {
-      NS_ASSERTION(!mMessage, "Message should have been deserialized!");
      MOZ_COUNT_DTOR(PostMessageEvent);
    }

-    void SetJSData(JSAutoStructuredCloneBuffer& aBuffer)
+    JSAutoStructuredCloneBuffer& Buffer()
    {
-      NS_ASSERTION(!mMessage && mMessageLen == 0, "Don't call twice!");
-      aBuffer.steal(&mMessage, &mMessageLen);
+      return mBuffer;
    }

    bool StoreISupports(nsISupports* aSupports)
@ -7558,10 +7554,9 @@ class PostMessageEvent : public nsRunnable
    }

  private:
+    JSAutoStructuredCloneBuffer mBuffer;
    nsRefPtr<nsGlobalWindow> mSource;
    nsString mCallerOrigin;
-    uint64_t* mMessage;
-    size_t mMessageLen;
    nsRefPtr<nsGlobalWindow> mTargetWindow;
    nsCOMPtr<nsIPrincipal> mProvidedPrincipal;
    bool mTrustedCaller;
@ -7709,12 +7704,6 @@ PostMessageEvent::Run()
  // If we bailed before this point we're going to leak mMessage, but
  // that's probably better than crashing.

-  // Ensure that the buffer is freed even if we fail to post the message
-  JSAutoStructuredCloneBuffer buffer;
-  buffer.adopt(mMessage, mMessageLen);
-  mMessage = nullptr;
-  mMessageLen = 0;
-
  nsRefPtr<nsGlobalWindow> targetWindow;
  if (mTargetWindow->IsClosedOrClosing() ||
      !(targetWindow = mTargetWindow->GetCurrentInnerWindowInternal()) ||
@ -7757,7 +7746,7 @@ PostMessageEvent::Run()
    scInfo.event = this;
    scInfo.window = targetWindow;

-    if (!buffer.read(cx, &messageData, &kPostMessageCallbacks, &scInfo)) {
+    if (!mBuffer.read(cx, &messageData, &kPostMessageCallbacks, &scInfo)) {
      return NS_ERROR_DOM_DATA_CLONE_ERR;
    }
  }
@ -7938,7 +7927,6 @@ nsGlobalWindow::PostMessageMoz(JSContext* aCx, JS::Handle<JS::Value> aMessage,

  // We *must* clone the data here, or the JS::Value could be modified
  // by script
-  JSAutoStructuredCloneBuffer buffer;
  StructuredCloneInfo scInfo;
  scInfo.event = event;
  scInfo.window = this;
@ -7947,14 +7935,12 @@ nsGlobalWindow::PostMessageMoz(JSContext* aCx, JS::Handle<JS::Value> aMessage,
  JS::Rooted<JS::Value> message(aCx, aMessage);
  JS::Rooted<JS::Value> transfer(aCx, aTransfer);
  if (NS_FAILED(callerPrin->Subsumes(principal, &scInfo.subsumes)) ||
-      !buffer.write(aCx, message, transfer, &kPostMessageCallbacks,
-                    &scInfo)) {
+      !event->Buffer().write(aCx, message, transfer, &kPostMessageCallbacks,
+                             &scInfo)) {
    aError.Throw(NS_ERROR_DOM_DATA_CLONE_ERR);
    return;
  }

-  event->SetJSData(buffer);
-
  aError = NS_DispatchToCurrentThread(event);
 }