Closed
Bug 1237025
Opened 9 years ago
Closed 9 years ago
View Image Info context menu option uses unsafe cpows
Categories
(Firefox :: Page Info Window, defect)
Firefox
Page Info Window
Tracking
()
RESOLVED
FIXED
Firefox 46
People
(Reporter: mconley, Assigned: gw280)
References
Details
(Whiteboard: [e10s-45-uplift])
Attachments
(2 files, 1 obsolete file)
|
4.88 KB,
patch
|
mconley
:
review+
|
Details | Diff | Splinter Review |
|
4.15 KB,
patch
|
gw280
:
review+
RyanVM
:
feedback+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
STR:
1) With an e10s enabled browser, visit the attachment
2 [review]) Open the Browser Console
3) Right click on the item and choose "View Image Info"
ER:
No "unsafe cpow usage" warnings in the console.
AR:
Several "unsafe cpow usage" warnings in the console.
|
||
Updated•9 years ago
|
Assignee: nobody → mconley
|
Assignee | |
Updated•9 years ago
|
Assignee: mconley → gwright
|
Reporter | |
Comment 1•9 years ago
|
||
Hey gw280, just a heads up that my patch in bug 1238180 should take care of the first unsafe CPOW that gets used in nsContextMenu.js. There are still a few that'll be used for View Image Info from inside pageInfo.js, however.
|
|
||
Updated•9 years ago
|
Whiteboard: [e10s-45-uplift]
|
|
Assignee | |
Comment 2•9 years ago
|
||
Attachment #8709732 -
Flags: review?(mconley)
|
|
Assignee | |
Comment 3•9 years ago
|
||
I think we can just pass null in nsContextMenu.js; I couldn't see any reason why it makes any difference for us to pass in this.target.ownerDocument.defaultView.top.document or not.
|
|
Reporter | |
Comment 4•9 years ago
|
||
Comment on attachment 8709732 [details] [diff] [review]
0001-Bug-1237025-Stop-using-CPOWs-for-View-Image-Info-con.patch
Review of attachment 8709732 [details] [diff] [review]:
-----------------------------------------------------------------
This is the right idea, but I think there's an edge case where this will not work. See below - I have a suggestion that I think will simplify this. Thanks gw280!
::: browser/base/content/pageinfo/pageInfo.js
@@ +504,5 @@
> radioGroup.focus();
> +
> + getImageInfo.then(function(data) {
> + if (data) {
> + gImageElement = {currentSrc: data.currentSrc,
This could, theoretically, result in us getting gImageElement too late. gImageElement is used here:
https://dxr.mozilla.org/mozilla-central/rev/6764bc656c1d146962d53710d734c2ac87c2306f/browser/base/content/pageinfo/pageInfo.js#632
Which is run when we add an image row to the Media tab - the adding of which is done asynchronously once loadPageInfo is called (and the information is only used so that we select the right image in the list). For a small list of images (say a single image), we could end up adding the image row to the Media tab before getImageInfo resolves, which would result in us not selecting the image as intended.
What I'd suggest instead is that we send down the imageElement CPOW with the PageInfo:getData message that goes down here:
https://dxr.mozilla.org/mozilla-central/rev/6764bc656c1d146962d53710d734c2ac87c2306f/browser/base/content/pageinfo/pageInfo.js#363
Then send up the image data to the parent again here: https://dxr.mozilla.org/mozilla-central/rev/6764bc656c1d146962d53710d734c2ac87c2306f/browser/base/content/content.js#1053
Which is guaranteed to be received before the media stuff starts coming up from here: https://dxr.mozilla.org/mozilla-central/rev/6764bc656c1d146962d53710d734c2ac87c2306f/browser/base/content/content.js#1056
Attachment #8709732 -
Flags: review?(mconley) → review-
|
||
Comment 5•9 years ago
|
||
FYI, this is going to need a rebased patch for Aurora.
Flags: needinfo?(gwright)
|
|
Assignee | |
Comment 7•9 years ago
|
||
Attachment #8709732 -
Attachment is obsolete: true
Attachment #8711176 -
Flags: review?(mconley)
|
|
Reporter | |
Comment 8•9 years ago
|
||
Comment on attachment 8711176 [details] [diff] [review]
0001-Bug-1237025-Stop-using-CPOWs-for-View-Image-Info-con.patch
Review of attachment 8711176 [details] [diff] [review]:
-----------------------------------------------------------------
Looks good, thanks gw280! Note that I didn't test this locally, so I assume you've manually tested to ensure that there are no more unsafe CPOW usage warnings here.
Please address / rebut my nits, and then land away.
::: browser/base/content/content.js
@@ +936,5 @@
>
> + getImageInfo: function(imageElement) {
> + let imageInfo = null;
> + if (imageElement) {
> + imageInfo = {currentSrc: imageElement.currentSrc,
Style nit - please format like this:
imageInfo = {
currentSrc: imageElement.currentSrc,
width: imageElement.width,
height: imageElement.height,
imageText: imageElement.title || imageElement.alt,
};
::: browser/base/content/pageinfo/pageInfo.js
@@ +377,5 @@
> gDocInfo = docInfo;
>
> + let imageInfo = pageInfoData.imageInfo;
> + if (imageInfo) {
> + gImageElement = {currentSrc: imageInfo.currentSrc,
If we're not ever going to do anything with imageInfo outside this block, might as well just set gImageElement to imageInfo here.
In fact, since imageInfo is null in the case where we passed an invalid image element, this whole block can probably be simplified to:
gImageElement = pageInfoData.imageInfo;
Attachment #8711176 -
Flags: review?(mconley) → review+
|
|
Assignee | |
Comment 10•9 years ago
|
||
Final patch which landed. Carrying r+, and requesting aurora uplift.
Approval Request Comment
[Feature/regressing bug #]: not a regression
[User impact if declined]: unsafe CPOWs when using the context menu's view image info option, so potential for jank or deadlock
[Describe test coverage new/current, TreeHerder]: m-c
[Risks and why]: low risk, just some small changes to remove CPOW usage by sending async messages across to the content process to gather relevant image data for us.
[String/UUID change made/needed]: none
Attachment #8711184 -
Flags: review+
Attachment #8711184 -
Flags: approval-mozilla-aurora?
|
||
Comment 11•9 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox46:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 46
|
|
||
Comment 12•9 years ago
|
||
Comment on attachment 8711184 [details] [diff] [review]
0001-Bug-1237025-Stop-using-CPOWs-for-View-Image-Info-con.patch
Looks good on Try.
Attachment #8711184 -
Flags: feedback+
|
||
Updated•9 years ago
|
status-firefox45:
--- → affected
|
|
||
Comment 13•9 years ago
|
||
Comment on attachment 8711184 [details] [diff] [review]
0001-Bug-1237025-Stop-using-CPOWs-for-View-Image-Info-con.patch
Improve the stability, taking it.
Attachment #8711184 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
||
Comment 14•9 years ago
|
||
| bugherder uplift | ||
|
||
Comment 15•9 years ago
|
||
[bugday-20160323]
Status: RESOLVED,FIXED -> UNVERIFIED
Comments:
STR: Not clear.
Developer specific testing
Component:
Name Firefox
Version 46.0b9
Build ID 20160322075646
Update Channel beta
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
OS Windows 7 SP1 x86_64
Expected Results:
Developer specific testing
Actual Results:
As expected
You need to log in
before you can comment on or make changes to this bug.
Description
•