Closed Bug 950308 Opened 11 years ago Closed 10 years ago

TextTrackList, TextTrackCue, TextTrack should probably BindToOwner themselves

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla31

People

(Reporter: bzbarsky, Assigned: reyre)

References

Details

Attachments

(1 file, 6 obsolete files)

v6: TextTrack, TextTrackCue, TextTrackList should BindToOwner r=smaug
21.55 KB, patch
Details | Diff | Splinter Review 
It looks like nsDOMEventTargetHelper subclasses that are bound to a window should tell the superclass that via BindToOwner.  TextTrackList doesn't do that.

Olli, how serious a problem is this?
Flags: needinfo?(bugs)
Blocks: 950309
No longer blocks: 950309
It used to be a security issue, these days it is preventing certain CC/memory management optimizations.
Also, GetParentObject() returns null, except in this case where we store mGlobal and override
DETH's GetParentObject.
Flags: needinfo?(bugs)
Assignee: nobody → rick.eyre
This is a partial patch, haven't fixed TextTrackCue yet. I'd like to get some feedback to see if I'm heading in the right direction for this.

Also, I'm having a hard time figuring out how to implement this for TextTrackCue. TextTrackCue gets inited with a GlobalObject from the JS Bindings, but I'm not sure how to convert a GlobalObject to an nsPIDOMWindow object, which DOMEventTargetHelper needs for its ctor. Is there already a way to do this, or do I need to build something new?
Attachment #8400795 - Flags: feedback?(bugs)
nsCOMPtr<PIDOMWindow> w = do_QueryInterface(aGlobal.GetAsSupports());
should work.
Thanks for the information Olli. This should be good for review.
Attachment #8400795 - Attachment is obsolete: true
Attachment #8400795 - Flags: feedback?(bugs)
Attachment #8400912 - Flags: review?(bugs)
Comment on attachment 8400912 [details] [diff] [review]
v2: TextTrack, TextTrackCue, TextTrackList should BindToOwner r=smaug

>-  mTrack = new TextTrack(OwnerDoc()->GetParentObject(), kind, label, srcLang,
>+  mTrack = new TextTrack(OwnerDoc()->GetWindow(), kind, label, srcLang,
You want GetInnerWindow

>+  nsPIDOMWindow* ownerWindow = mMediaElement->OwnerDoc()->GetWindow();
GetInnerWindow()

>+TextTrack::TextTrack(nsPIDOMWindow* aOwnerWindow,
>                      TextTrackKind aKind,
>                      const nsAString& aLabel,
>                      const nsAString& aLanguage,
>                      TextTrackMode aMode,
>                      TextTrackReadyState aReadyState,
>                      TextTrackSource aTextTrackSource)
>-  : mParent(aParent)
>+  : DOMEventTargetHelper(aOwnerWindow)

Did you actually test this patch in a debug build?
Since as far as I see, you'd get assertions when passing outer window to DETH constructor
Attachment #8400912 - Flags: review?(bugs) → review-
Thanks for review.

(In reply to Olli Pettay [:smaug] from comment #5)

> Did you actually test this patch in a debug build?
> Since as far as I see, you'd get assertions when passing outer window to
> DETH constructor

Nope, not in a debug build.
Made sure to test this one on a debug build.
Attachment #8400912 - Attachment is obsolete: true
Attachment #8401055 - Flags: review?(bugs)
Comment on attachment 8401055 [details] [diff] [review]
v3: TextTrack, TextTrackCue, TextTrackList should BindToOwner r=smaug

nsDOMEventTargetHelper(nsPIDOMWindow* aWindow) calls
SetIsDOMBinding() so you could remove those from your ctors.

>+TextTrackCue::TextTrackCue(nsPIDOMWindow* aOwnerWindow,
>                            double aStartTime,
>                            double aEndTime,
>                            const nsAString& aText,
>                            ErrorResult& aRv)
>-  : mText(aText)
>+  : DOMEventTargetHelper(aOwnerWindow)
>+  , mText(aText)
>   , mStartTime(aStartTime)
>   , mEndTime(aEndTime)
>   , mReset(false)
> {
>   SetDefaultCueSettings();
>-  MOZ_ASSERT(aGlobal);
>+  MOZ_ASSERT(aOwnerWindow);
Oh, now I realize... first), it is possible to hit this assertion because
element->OwnerDoc()->GetInnerWindow() may return null when the document has been unloaded, and
you access its elements from another window.
but second), how should this all work if one does
var a = document.implementation.createHTMLDocument().createElement("audio")
and then access the track stuff from 'a'?

For that case not using GetInnerWindow(), but GetScriptHandlingObject(bool& aHasHadScriptHandlingObject)
would be more consistent with other stuff.
You need to QI that return value to nsPIDOMWindow.
But the main question is that what should happen if that method returns null and aHasHadScriptHandlingObject becomes true.
Usually we don't let one to create an object in such case, see for example nsDocument::CloneDocHelper, and for consistency it would be good to do the same here too.
Sorry that I didn't think about this yesterday.

Otherwise this looks good.
Attachment #8401055 - Flags: review?(bugs) → review-
(In reply to Olli Pettay [:smaug] from comment #8)

> Oh, now I realize... first), it is possible to hit this assertion because
> element->OwnerDoc()->GetInnerWindow() may return null when the document has
> been unloaded, and
> you access its elements from another window.
> but second), how should this all work if one does
> var a = document.implementation.createHTMLDocument().createElement("audio")
> and then access the track stuff from 'a'?

How do you detect that this is the case? Would it just be that GetInnerWindow() would return null and so we would use GetScriptHandlingObject() instead?

> Sorry that I didn't think about this yesterday.

No worries!
Use GetScriptHandlingObject(), and not GetInnerWindow()
Hope this addresses the issues.
Attachment #8401055 - Attachment is obsolete: true
Attachment #8402791 - Flags: review?(bugs)

        Attachment #8402791 -
        Attachment is obsolete: true

        Attachment #8402791 -
        Flags: review?(bugs)

        Attachment #8403338 -
        Flags: review?(bugs)

    
    

    
  
Comment on attachment 8403338 [details] [diff] [review]
v4: TextTrack, TextTrackCue, TextTrackList should BindToOwner r=smaug

Because element.track may now return null, you need to make
it nullable in http://mxr.mozilla.org/mozilla-central/source/dom/webidl/HTMLTrackElement.webidl#29
And looks like we might access various member variables of 
TextTrackManager without checking whether they are null.
Somewhat annoying to fix, I know.

        Attachment #8403338 -
        Flags: review?(bugs) → review-

    
    

    
  


  
Thanks for review Olli. I've made the Track attribute on the HTMLTrackElement IDL nullable and put in the pointer guards.

        Attachment #8403338 -
        Attachment is obsolete: true

        Attachment #8404042 -
        Flags: review?(bugs)

        Attachment #8404042 -
        Flags: review?(bugs) → review+

    
  
Keywords: checkin-needed

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/351a8f7d3512
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31

    
  
Depends on: 1108721

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: