Closed
Bug 950308
Opened 11 years ago
Closed 11 years ago
TextTrackList, TextTrackCue, TextTrack should probably BindToOwner themselves
Categories
(Core :: Audio/Video, defect)
Tracking
()
RESOLVED
FIXED
mozilla31
People
(Reporter: bzbarsky, Assigned: reyre)
References
Details
Attachments
(1 file, 6 obsolete files)
It looks like nsDOMEventTargetHelper subclasses that are bound to a window should tell the superclass that via BindToOwner. TextTrackList doesn't do that.
Olli, how serious a problem is this?
Flags: needinfo?(bugs)
Comment 1•11 years ago
|
||
It used to be a security issue, these days it is preventing certain CC/memory management optimizations.
Also, GetParentObject() returns null, except in this case where we store mGlobal and override
DETH's GetParentObject.
Flags: needinfo?(bugs)
Assignee | ||
Updated•11 years ago
|
Assignee: nobody → rick.eyre
Assignee | ||
Comment 2•11 years ago
|
||
This is a partial patch, haven't fixed TextTrackCue yet. I'd like to get some feedback to see if I'm heading in the right direction for this.
Also, I'm having a hard time figuring out how to implement this for TextTrackCue. TextTrackCue gets inited with a GlobalObject from the JS Bindings, but I'm not sure how to convert a GlobalObject to an nsPIDOMWindow object, which DOMEventTargetHelper needs for its ctor. Is there already a way to do this, or do I need to build something new?
Attachment #8400795 -
Flags: feedback?(bugs)
Comment 3•11 years ago
|
||
nsCOMPtr<PIDOMWindow> w = do_QueryInterface(aGlobal.GetAsSupports());
should work.
Assignee | ||
Comment 4•11 years ago
|
||
Thanks for the information Olli. This should be good for review.
Attachment #8400795 -
Attachment is obsolete: true
Attachment #8400795 -
Flags: feedback?(bugs)
Attachment #8400912 -
Flags: review?(bugs)
Comment 5•11 years ago
|
||
Comment on attachment 8400912 [details] [diff] [review]
v2: TextTrack, TextTrackCue, TextTrackList should BindToOwner r=smaug
>- mTrack = new TextTrack(OwnerDoc()->GetParentObject(), kind, label, srcLang,
>+ mTrack = new TextTrack(OwnerDoc()->GetWindow(), kind, label, srcLang,
You want GetInnerWindow
>+ nsPIDOMWindow* ownerWindow = mMediaElement->OwnerDoc()->GetWindow();
GetInnerWindow()
>+TextTrack::TextTrack(nsPIDOMWindow* aOwnerWindow,
> TextTrackKind aKind,
> const nsAString& aLabel,
> const nsAString& aLanguage,
> TextTrackMode aMode,
> TextTrackReadyState aReadyState,
> TextTrackSource aTextTrackSource)
>- : mParent(aParent)
>+ : DOMEventTargetHelper(aOwnerWindow)
Did you actually test this patch in a debug build?
Since as far as I see, you'd get assertions when passing outer window to DETH constructor
Attachment #8400912 -
Flags: review?(bugs) → review-
Assignee | ||
Comment 6•11 years ago
|
||
Thanks for review.
(In reply to Olli Pettay [:smaug] from comment #5)
> Did you actually test this patch in a debug build?
> Since as far as I see, you'd get assertions when passing outer window to
> DETH constructor
Nope, not in a debug build.
Assignee | ||
Comment 7•11 years ago
|
||
Made sure to test this one on a debug build.
Attachment #8400912 -
Attachment is obsolete: true
Attachment #8401055 -
Flags: review?(bugs)
Comment 8•11 years ago
|
||
Comment on attachment 8401055 [details] [diff] [review]
v3: TextTrack, TextTrackCue, TextTrackList should BindToOwner r=smaug
nsDOMEventTargetHelper(nsPIDOMWindow* aWindow) calls
SetIsDOMBinding() so you could remove those from your ctors.
>+TextTrackCue::TextTrackCue(nsPIDOMWindow* aOwnerWindow,
> double aStartTime,
> double aEndTime,
> const nsAString& aText,
> ErrorResult& aRv)
>- : mText(aText)
>+ : DOMEventTargetHelper(aOwnerWindow)
>+ , mText(aText)
> , mStartTime(aStartTime)
> , mEndTime(aEndTime)
> , mReset(false)
> {
> SetDefaultCueSettings();
>- MOZ_ASSERT(aGlobal);
>+ MOZ_ASSERT(aOwnerWindow);
Oh, now I realize... first), it is possible to hit this assertion because
element->OwnerDoc()->GetInnerWindow() may return null when the document has been unloaded, and
you access its elements from another window.
but second), how should this all work if one does
var a = document.implementation.createHTMLDocument().createElement("audio")
and then access the track stuff from 'a'?
For that case not using GetInnerWindow(), but GetScriptHandlingObject(bool& aHasHadScriptHandlingObject)
would be more consistent with other stuff.
You need to QI that return value to nsPIDOMWindow.
But the main question is that what should happen if that method returns null and aHasHadScriptHandlingObject becomes true.
Usually we don't let one to create an object in such case, see for example nsDocument::CloneDocHelper, and for consistency it would be good to do the same here too.
Sorry that I didn't think about this yesterday.
Otherwise this looks good.
Attachment #8401055 -
Flags: review?(bugs) → review-
Assignee | ||
Comment 9•11 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #8)
> Oh, now I realize... first), it is possible to hit this assertion because
> element->OwnerDoc()->GetInnerWindow() may return null when the document has
> been unloaded, and
> you access its elements from another window.
> but second), how should this all work if one does
> var a = document.implementation.createHTMLDocument().createElement("audio")
> and then access the track stuff from 'a'?
How do you detect that this is the case? Would it just be that GetInnerWindow() would return null and so we would use GetScriptHandlingObject() instead?
> Sorry that I didn't think about this yesterday.
No worries!
Comment 10•11 years ago
|
||
Use GetScriptHandlingObject(), and not GetInnerWindow()
Assignee | ||
Comment 11•11 years ago
|
||
Hope this addresses the issues.
Attachment #8401055 -
Attachment is obsolete: true
Attachment #8402791 -
Flags: review?(bugs)
Assignee | ||
Comment 12•11 years ago
|
||
Attachment #8402791 -
Attachment is obsolete: true
Attachment #8402791 -
Flags: review?(bugs)
Attachment #8403338 -
Flags: review?(bugs)
Comment 13•11 years ago
|
||
Comment on attachment 8403338 [details] [diff] [review]
v4: TextTrack, TextTrackCue, TextTrackList should BindToOwner r=smaug
Because element.track may now return null, you need to make
it nullable in http://mxr.mozilla.org/mozilla-central/source/dom/webidl/HTMLTrackElement.webidl#29
And looks like we might access various member variables of
TextTrackManager without checking whether they are null.
Somewhat annoying to fix, I know.
Attachment #8403338 -
Flags: review?(bugs) → review-
Assignee | ||
Comment 14•11 years ago
|
||
Thanks for review Olli. I've made the Track attribute on the HTMLTrackElement IDL nullable and put in the pointer guards.
Attachment #8403338 -
Attachment is obsolete: true
Attachment #8404042 -
Flags: review?(bugs)
Updated•11 years ago
|
Attachment #8404042 -
Flags: review?(bugs) → review+
Assignee | ||
Comment 15•11 years ago
|
||
Rebasing against m-c.
Try looks good: https://tbpl.mozilla.org/?tree=Try&rev=72007c6dcc9f
Attachment #8404042 -
Attachment is obsolete: true
Assignee | ||
Updated•11 years ago
|
Keywords: checkin-needed
Comment 16•11 years ago
|
||
Keywords: checkin-needed
Comment 17•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
You need to log in
before you can comment on or make changes to this bug.
Description
•