Closed Bug 950308 Opened 11 years ago Closed 11 years ago

TextTrackList, TextTrackCue, TextTrack should probably BindToOwner themselves

Categories

(Core :: Audio/Video, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla31

People

(Reporter: bzbarsky, Assigned: reyre)

References

Details

Attachments

(1 file, 6 obsolete files)

It looks like nsDOMEventTargetHelper subclasses that are bound to a window should tell the superclass that via BindToOwner. TextTrackList doesn't do that. Olli, how serious a problem is this?
Flags: needinfo?(bugs)
Blocks: 950309
No longer blocks: 950309
It used to be a security issue, these days it is preventing certain CC/memory management optimizations. Also, GetParentObject() returns null, except in this case where we store mGlobal and override DETH's GetParentObject.
Flags: needinfo?(bugs)
Assignee: nobody → rick.eyre
This is a partial patch, haven't fixed TextTrackCue yet. I'd like to get some feedback to see if I'm heading in the right direction for this. Also, I'm having a hard time figuring out how to implement this for TextTrackCue. TextTrackCue gets inited with a GlobalObject from the JS Bindings, but I'm not sure how to convert a GlobalObject to an nsPIDOMWindow object, which DOMEventTargetHelper needs for its ctor. Is there already a way to do this, or do I need to build something new?
Attachment #8400795 - Flags: feedback?(bugs)
nsCOMPtr<PIDOMWindow> w = do_QueryInterface(aGlobal.GetAsSupports()); should work.
Thanks for the information Olli. This should be good for review.
Attachment #8400795 - Attachment is obsolete: true
Attachment #8400795 - Flags: feedback?(bugs)
Attachment #8400912 - Flags: review?(bugs)
Comment on attachment 8400912 [details] [diff] [review] v2: TextTrack, TextTrackCue, TextTrackList should BindToOwner r=smaug >- mTrack = new TextTrack(OwnerDoc()->GetParentObject(), kind, label, srcLang, >+ mTrack = new TextTrack(OwnerDoc()->GetWindow(), kind, label, srcLang, You want GetInnerWindow >+ nsPIDOMWindow* ownerWindow = mMediaElement->OwnerDoc()->GetWindow(); GetInnerWindow() >+TextTrack::TextTrack(nsPIDOMWindow* aOwnerWindow, > TextTrackKind aKind, > const nsAString& aLabel, > const nsAString& aLanguage, > TextTrackMode aMode, > TextTrackReadyState aReadyState, > TextTrackSource aTextTrackSource) >- : mParent(aParent) >+ : DOMEventTargetHelper(aOwnerWindow) Did you actually test this patch in a debug build? Since as far as I see, you'd get assertions when passing outer window to DETH constructor
Attachment #8400912 - Flags: review?(bugs) → review-
Thanks for review. (In reply to Olli Pettay [:smaug] from comment #5) > Did you actually test this patch in a debug build? > Since as far as I see, you'd get assertions when passing outer window to > DETH constructor Nope, not in a debug build.
Made sure to test this one on a debug build.
Attachment #8400912 - Attachment is obsolete: true
Attachment #8401055 - Flags: review?(bugs)
Comment on attachment 8401055 [details] [diff] [review] v3: TextTrack, TextTrackCue, TextTrackList should BindToOwner r=smaug nsDOMEventTargetHelper(nsPIDOMWindow* aWindow) calls SetIsDOMBinding() so you could remove those from your ctors. >+TextTrackCue::TextTrackCue(nsPIDOMWindow* aOwnerWindow, > double aStartTime, > double aEndTime, > const nsAString& aText, > ErrorResult& aRv) >- : mText(aText) >+ : DOMEventTargetHelper(aOwnerWindow) >+ , mText(aText) > , mStartTime(aStartTime) > , mEndTime(aEndTime) > , mReset(false) > { > SetDefaultCueSettings(); >- MOZ_ASSERT(aGlobal); >+ MOZ_ASSERT(aOwnerWindow); Oh, now I realize... first), it is possible to hit this assertion because element->OwnerDoc()->GetInnerWindow() may return null when the document has been unloaded, and you access its elements from another window. but second), how should this all work if one does var a = document.implementation.createHTMLDocument().createElement("audio") and then access the track stuff from 'a'? For that case not using GetInnerWindow(), but GetScriptHandlingObject(bool& aHasHadScriptHandlingObject) would be more consistent with other stuff. You need to QI that return value to nsPIDOMWindow. But the main question is that what should happen if that method returns null and aHasHadScriptHandlingObject becomes true. Usually we don't let one to create an object in such case, see for example nsDocument::CloneDocHelper, and for consistency it would be good to do the same here too. Sorry that I didn't think about this yesterday. Otherwise this looks good.
Attachment #8401055 - Flags: review?(bugs) → review-
(In reply to Olli Pettay [:smaug] from comment #8) > Oh, now I realize... first), it is possible to hit this assertion because > element->OwnerDoc()->GetInnerWindow() may return null when the document has > been unloaded, and > you access its elements from another window. > but second), how should this all work if one does > var a = document.implementation.createHTMLDocument().createElement("audio") > and then access the track stuff from 'a'? How do you detect that this is the case? Would it just be that GetInnerWindow() would return null and so we would use GetScriptHandlingObject() instead? > Sorry that I didn't think about this yesterday. No worries!
Use GetScriptHandlingObject(), and not GetInnerWindow()
Hope this addresses the issues.
Attachment #8401055 - Attachment is obsolete: true
Attachment #8402791 - Flags: review?(bugs)
Attachment #8402791 - Attachment is obsolete: true
Attachment #8402791 - Flags: review?(bugs)
Attachment #8403338 - Flags: review?(bugs)
Comment on attachment 8403338 [details] [diff] [review] v4: TextTrack, TextTrackCue, TextTrackList should BindToOwner r=smaug Because element.track may now return null, you need to make it nullable in http://mxr.mozilla.org/mozilla-central/source/dom/webidl/HTMLTrackElement.webidl#29 And looks like we might access various member variables of TextTrackManager without checking whether they are null. Somewhat annoying to fix, I know.
Attachment #8403338 - Flags: review?(bugs) → review-
Thanks for review Olli. I've made the Track attribute on the HTMLTrackElement IDL nullable and put in the pointer guards.
Attachment #8403338 - Attachment is obsolete: true
Attachment #8404042 - Flags: review?(bugs)
Attachment #8404042 - Flags: review?(bugs) → review+
Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
Depends on: 1108721
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: