diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js index 5a832c0770..73dd295466 100644 --- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -2187,9 +2187,12 @@ function losslessDecodeURI(aURI) { // a sequence that survived decodeURI, i.e. one for: // ';', '/', '?', ':', '@', '&', '=', '+', '$', ',', '#' // (RFC 3987 section 3.2) - // 2. Re-encode whitespace so that it doesn't get eaten away - // by the location bar (bug 410726). - .replace(/%(?!3B|2F|3F|3A|40|26|3D|2B|24|2C|23)|[\r\n\t]/ig, + // 2. Re-encode select whitespace so that it doesn't get eaten + // away by the location bar (bug 410726). Re-encode all + // adjacent whitespace, to prevent spoofing attempts where + // invisible characters would push part of the URL to + // overflow the location bar (bug 1395508). + .replace(/%(?!3B|2F|3F|3A|40|26|3D|2B|24|2C|23)|[\r\n\t]|\s(?=\s)|\s$/ig, encodeURIComponent); } catch (e) {} } diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index d105d68113..59e589064d 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -6623,8 +6623,10 @@ nsDocShell::ScrollByPages(int32_t aNumPages) //***************************************************************************** NS_IMETHODIMP -nsDocShell::RefreshURI(nsIURI* aURI, int32_t aDelay, bool aRepeat, - bool aMetaRefresh) +nsDocShell::RefreshURI(nsIURI* aURI, + int32_t aDelay, bool aRepeat, + bool aMetaRefresh, + nsIPrincipal* aPrincipal) { NS_ENSURE_ARG(aURI); @@ -6659,6 +6661,7 @@ nsDocShell::RefreshURI(nsIURI* aURI, int32_t aDelay, bool aRepeat, nsCOMPtr dataRef = refreshTimer; // Get the ref count to 1 refreshTimer->mDocShell = this; + refreshTimer->mPrincipal = aPrincipal; refreshTimer->mURI = aURI; refreshTimer->mDelay = aDelay; refreshTimer->mRepeat = aRepeat; @@ -6690,7 +6693,8 @@ nsresult nsDocShell::ForceRefreshURIFromTimer(nsIURI* aURI, int32_t aDelay, bool aMetaRefresh, - nsITimer* aTimer) + nsITimer* aTimer, + nsIPrincipal* aPrincipal) { NS_PRECONDITION(aTimer, "Must have a timer here"); @@ -6708,7 +6712,7 @@ nsDocShell::ForceRefreshURIFromTimer(nsIURI* aURI, } } - return ForceRefreshURI(aURI, aDelay, aMetaRefresh); + return ForceRefreshURI(aURI, aDelay, aMetaRefresh, aPrincipal); } bool @@ -6742,7 +6746,7 @@ nsDocShell::DoAppRedirectIfNeeded(nsIURI* aURI, } NS_IMETHODIMP -nsDocShell::ForceRefreshURI(nsIURI* aURI, int32_t aDelay, bool aMetaRefresh) +nsDocShell::ForceRefreshURI(nsIURI* aURI, int32_t aDelay, bool aMetaRefresh, nsIPrincipal* aPrincipal) { NS_ENSURE_ARG(aURI); @@ -6790,11 +6794,18 @@ nsDocShell::ForceRefreshURI(nsIURI* aURI, int32_t aDelay, bool aMetaRefresh) loadInfo->SetLoadType(nsIDocShellLoadInfo::loadRefresh); } + // If the principal is null, the refresh will have a triggeringPrincipal + // derived from the referrer URI, or will be set to the system principal + // if there is no refererrer. See LoadURI() + if (aPrincipal) { + loadInfo->SetOwner(aPrincipal); // as called prior to bug 1286472 + } + /* * LoadURI(...) will cancel all refresh timers... This causes the * Timer and its refreshData instance to be released... */ - LoadURI(aURI, loadInfo, nsIWebNavigation::LOAD_FLAGS_NONE, true); + LoadURI(aURI, loadInfo, nsIWebNavigation::LOAD_FLAGS_DISALLOW_INHERIT_OWNER, true); // XXX: LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL return NS_OK; } @@ -7030,7 +7041,7 @@ nsDocShell::SetupRefreshURIFromHeader(nsIURI* aBaseURI, return NS_ERROR_FAILURE; } - rv = RefreshURI(uri, seconds * 1000, false, true); + rv = RefreshURI(uri, seconds * 1000, false, true, aPrincipal); } } } @@ -13116,7 +13127,7 @@ nsRefreshTimer::Notify(nsITimer* aTimer) // Get the delay count to determine load type uint32_t delay = 0; aTimer->GetDelay(&delay); - mDocShell->ForceRefreshURIFromTimer(mURI, delay, mMetaRefresh, aTimer); + mDocShell->ForceRefreshURIFromTimer(mURI, delay, mMetaRefresh, aTimer, mPrincipal); } return NS_OK; } diff --git a/docshell/base/nsDocShell.h b/docshell/base/nsDocShell.h index 20760f19f7..087067bd1f 100644 --- a/docshell/base/nsDocShell.h +++ b/docshell/base/nsDocShell.h @@ -116,6 +116,7 @@ public: nsRefPtr mDocShell; nsCOMPtr mURI; + nsCOMPtr mPrincipal; int32_t mDelay; bool mRepeat; bool mMetaRefresh; @@ -248,7 +249,8 @@ public: // the timer involved out of mRefreshURIList if it's there. // aTimer must not be null. nsresult ForceRefreshURIFromTimer(nsIURI* aURI, int32_t aDelay, - bool aMetaRefresh, nsITimer* aTimer); + bool aMetaRefresh, nsITimer* aTimer, + nsIPrincipal* aPrincipal); friend class OnLinkClickEvent; diff --git a/docshell/base/nsIRefreshURI.idl b/docshell/base/nsIRefreshURI.idl index f872d8b7f5..5abd829da8 100644 --- a/docshell/base/nsIRefreshURI.idl +++ b/docshell/base/nsIRefreshURI.idl @@ -18,23 +18,35 @@ interface nsIRefreshURI : nsISupports { * queued and executed when the current load finishes. * * @param aUri The uri to refresh. + * @param aPrincipal The triggeringPrincipal for the refresh load + * May be null, in which case a principal will be built based on the + * referrer URI of the previous docshell load, or will use the system + * principal when there is no referrer. * @param aMillis The number of milliseconds to wait. * @param aRepeat Flag to indicate if the uri is to be * repeatedly refreshed every aMillis milliseconds. * @param aMetaRefresh Flag to indicate if this is a Meta refresh. */ - void refreshURI(in nsIURI aURI, in long aMillis, in boolean aRepeat, - in boolean aMetaRefresh); + void refreshURI(in nsIURI aURI, + in long aMillis, in boolean aRepeat, + in boolean aMetaRefresh, + [optional] in nsIPrincipal aPrincipal); /** * Loads a URI immediately as if it were a refresh. * * @param aURI The URI to refresh. + * @param aPrincipal The triggeringPrincipal for the refresh load + * May be null, in which case a principal will be built based on the + * referrer URI of the previous docshell load, or will use the system + * principal when there is no referrer. * @param aMillis The number of milliseconds by which this refresh would * be delayed if it were not being forced. * @param aMetaRefresh Flag to indicate if this is a meta refresh. */ - void forceRefreshURI(in nsIURI aURI, in long aMillis, in boolean aMetaRefresh); + void forceRefreshURI(in nsIURI aURI, + in long aMillis, in boolean aMetaRefresh, + [optional] in nsIPrincipal aPrincipal); /** * Checks the passed in channel to see if there is a refresh header, @@ -57,10 +69,15 @@ interface nsIRefreshURI : nsISupports { * the current page finishes loading. * * @param aBaseURI base URI to resolve refresh uri with. - * @param principal the associated principal + * @param aPrincipal The triggeringPrincipal for the refresh load + * May be null, in which case a principal will be built based on the + * referrer URI of the previous docshell load, or will use the system + * principal when there is no referrer. * @param aHeader The meta refresh header string. */ - void setupRefreshURIFromHeader(in nsIURI aBaseURI, in nsIPrincipal principal, in ACString aHeader); + void setupRefreshURIFromHeader(in nsIURI aBaseURI, + in nsIPrincipal principal, + in ACString aHeader); /** * Cancels all timer loads. diff --git a/dom/events/EventStateManager.cpp b/dom/events/EventStateManager.cpp index 1d9cc6dbfc..3dbf343d85 100644 --- a/dom/events/EventStateManager.cpp +++ b/dom/events/EventStateManager.cpp @@ -3713,12 +3713,15 @@ EventStateManager::DispatchMouseOrPointerEvent(WidgetMouseEvent* aMouseEvent, return nullptr; } + nsCOMPtr targetContent = aTargetContent; + nsCOMPtr relatedContent = aRelatedContent; + nsAutoPtr dispatchEvent; CreateMouseOrPointerWidgetEvent(aMouseEvent, aMessage, - aRelatedContent, dispatchEvent); + relatedContent, dispatchEvent); nsWeakFrame previousTarget = mCurrentTarget; - mCurrentTargetContent = aTargetContent; + mCurrentTargetContent = targetContent; nsIFrame* targetFrame = nullptr; @@ -3728,22 +3731,22 @@ EventStateManager::DispatchMouseOrPointerEvent(WidgetMouseEvent* aMouseEvent, } nsEventStatus status = nsEventStatus_eIgnore; - ESMEventCB callback(aTargetContent); - EventDispatcher::Dispatch(aTargetContent, mPresContext, dispatchEvent, nullptr, + ESMEventCB callback(targetContent); + EventDispatcher::Dispatch(targetContent, mPresContext, dispatchEvent, nullptr, &status, &callback); if (mPresContext) { // Although the primary frame was checked in event callback, it may not be // the same object after event dispatch and handling, so refetch it. - targetFrame = mPresContext->GetPrimaryFrameFor(aTargetContent); + targetFrame = mPresContext->GetPrimaryFrameFor(targetContent); // If we are leaving remote content, dispatch a mouse exit event to the // remote frame. - if (aMessage == NS_MOUSE_EXIT_SYNTH && IsRemoteTarget(aTargetContent)) { + if (aMessage == NS_MOUSE_EXIT_SYNTH && IsRemoteTarget(targetContent)) { // For remote content, send a normal widget mouse exit event. nsAutoPtr remoteEvent; CreateMouseOrPointerWidgetEvent(aMouseEvent, NS_MOUSE_EXIT, - aRelatedContent, remoteEvent); + relatedContent, remoteEvent); // mCurrentTarget is set to the new target, so we must reset it to the // old target and then dispatch a cross-process event. (mCurrentTarget diff --git a/dom/html/HTMLMediaElement.cpp b/dom/html/HTMLMediaElement.cpp index d3b5408d67..a6a6c1b64d 100644 --- a/dom/html/HTMLMediaElement.cpp +++ b/dom/html/HTMLMediaElement.cpp @@ -3038,13 +3038,12 @@ public: { NS_ASSERTION(NS_IsMainThread(), "Should be on main thread."); - if (!mElement) { - return; - } + if (MOZ_UNLIKELY(!mElement)) return; // bug 1419363 + mElement->NotifyMediaStreamTracksAvailable(aStream); } private: - HTMLMediaElement* mElement; + WeakPtr mElement; }; void HTMLMediaElement::SetupSrcMediaStreamPlayback(DOMMediaStream* aStream) diff --git a/dom/html/HTMLMediaElement.h b/dom/html/HTMLMediaElement.h index e86b585b15..ea62601deb 100644 --- a/dom/html/HTMLMediaElement.h +++ b/dom/html/HTMLMediaElement.h @@ -19,6 +19,7 @@ #include "mozilla/Attributes.h" #include "mozilla/dom/Promise.h" #include "mozilla/dom/TextTrackManager.h" +#include "mozilla/WeakPtr.h" #include "MediaDecoder.h" #include "StateWatching.h" #include "nsGkAtoms.h" @@ -74,7 +75,8 @@ class HTMLMediaElement : public nsGenericHTMLElement, public nsIDOMHTMLMediaElement, public nsIObserver, public MediaDecoderOwner, - public nsIAudioChannelAgentCallback + public nsIAudioChannelAgentCallback, + public SupportsWeakPtr { public: typedef mozilla::TimeStamp TimeStamp; @@ -85,6 +87,8 @@ public: typedef mozilla::MediaDecoderOwner MediaDecoderOwner; typedef mozilla::MetadataTags MetadataTags; + MOZ_DECLARE_WEAKREFERENCE_TYPENAME(HTMLMediaElement) + CORSMode GetCORSMode() { return mCORSMode; } diff --git a/dom/media/webrtc/MediaEngineDefault.cpp b/dom/media/webrtc/MediaEngineDefault.cpp index d581a65be5..3d1f68e85a 100644 --- a/dom/media/webrtc/MediaEngineDefault.cpp +++ b/dom/media/webrtc/MediaEngineDefault.cpp @@ -79,6 +79,8 @@ MediaEngineDefaultVideoSource::Allocate(const dom::MediaTrackConstraints &aConst mOpts = aPrefs; mOpts.mWidth = mOpts.mWidth ? mOpts.mWidth : MediaEngine::DEFAULT_43_VIDEO_WIDTH; mOpts.mHeight = mOpts.mHeight ? mOpts.mHeight : MediaEngine::DEFAULT_43_VIDEO_HEIGHT; + mOpts.mWidth = std::max(160, std::min(mOpts.mWidth, 4096)); + mOpts.mHeight = std::max(90, std::min(mOpts.mHeight, 2160)); mState = kAllocated; return NS_OK; } diff --git a/gfx/thebes/gfxUserFontSet.h b/gfx/thebes/gfxUserFontSet.h index 20fce3d6ec..119a5688a7 100644 --- a/gfx/thebes/gfxUserFontSet.h +++ b/gfx/thebes/gfxUserFontSet.h @@ -590,6 +590,10 @@ public: void GetFamilyNameAndURIForLogging(nsACString& aFamilyName, nsACString& aURI); +#ifdef DEBUG + gfxUserFontSet* GetUserFontSet() const { return mFontSet; } +#endif + protected: const uint8_t* SanitizeOpenTypeData(const uint8_t* aData, uint32_t aLength, diff --git a/js/src/jit-test/tests/gc/bug-1371908.js b/js/src/jit-test/tests/gc/bug-1371908.js deleted file mode 100644 index da4540459c..0000000000 --- a/js/src/jit-test/tests/gc/bug-1371908.js +++ /dev/null @@ -1,6 +0,0 @@ -if (helperThreadCount() === 0) - quit(); -offThreadCompileScript(""); -startgc(0); -runOffThreadScript(); - diff --git a/js/src/jit-test/tests/gc/bug1146213.js b/js/src/jit-test/tests/gc/bug1146213.js deleted file mode 100644 index 14ca088275..0000000000 --- a/js/src/jit-test/tests/gc/bug1146213.js +++ /dev/null @@ -1,21 +0,0 @@ -if (!("setGCCallback" in this && - "schedulegc" in this && - "gcslice" in this && - "newGlobal" in this && - "helperThreadCount" in this)) -{ - quit(); -} - -if (helperThreadCount() == 0) - quit(); - -setGCCallback({ - action: "majorGC", -}); -schedulegc(this) -gcslice(3) -var lfGlobal = newGlobal(); -lfGlobal.offThreadCompileScript(""); -lfGlobal.runOffThreadScript(); - diff --git a/js/src/jsgc.cpp b/js/src/jsgc.cpp index 1eb3453d7f..767ce8669e 100644 --- a/js/src/jsgc.cpp +++ b/js/src/jsgc.cpp @@ -6534,10 +6534,7 @@ gc::MergeCompartments(JSCompartment* source, JSCompartment* target) JSRuntime* rt = source->runtimeFromMainThread(); - MOZ_ASSERT(!source->zone()->wasGCStarted()); - MOZ_ASSERT(!target->zone()->wasGCStarted()); - JS::AutoAssertOnGC nogc(rt); - AutoTraceSession session(rt); + AutoPrepareForTracing prepare(rt, SkipAtoms); // Cleanup tables and other state in the source compartment that will be // meaningless after merging into the target compartment. diff --git a/js/src/vm/HelperThreads.cpp b/js/src/vm/HelperThreads.cpp index 1e7ce83780..7f72ec2852 100644 --- a/js/src/vm/HelperThreads.cpp +++ b/js/src/vm/HelperThreads.cpp @@ -951,13 +951,11 @@ GlobalHelperThreadState::mergeParseTaskCompartment(JSRuntime* rt, ParseTask* par Handle global, JSCompartment* dest) { - // Finish any ongoing incremental GC that may affect the destination zone. - if (JS::IsIncrementalGCInProgress(rt) && dest->zone()->wasGCStarted()) - JS::FinishIncrementalGC(rt, JS::gcreason::API); - // After we call LeaveParseTaskZone() it's not safe to GC until we have // finished merging the contents of the parse task's compartment into the - // destination compartment. + // destination compartment. Finish any ongoing incremental GC first and + // assert that no allocation can occur. + gc::AutoFinishGC finishGC(rt); JS::AutoAssertNoAlloc noAlloc(rt); LeaveParseTaskZone(rt, parseTask); diff --git a/js/src/vm/StructuredClone.cpp b/js/src/vm/StructuredClone.cpp index 4bfc251eaa..64ea57ca07 100644 --- a/js/src/vm/StructuredClone.cpp +++ b/js/src/vm/StructuredClone.cpp @@ -29,6 +29,7 @@ #include "js/StructuredClone.h" +#include "mozilla/CheckedInt.h" #include "mozilla/Endian.h" #include "mozilla/FloatingPoint.h" @@ -1385,6 +1386,11 @@ JSStructuredCloneReader::readTypedArray(uint32_t arrayType, uint32_t nelems, Mut return false; byteOffset = n; } + if (!v.isObject() || !v.toObject().is()) { + JS_ReportErrorNumber(context(), js_GetErrorMessage, nullptr, JSMSG_SC_BAD_SERIALIZED_DATA, + "typed array must be backed by an ArrayBuffer"); + return false; + } RootedObject buffer(context(), &v.toObject()); RootedObject obj(context(), nullptr); @@ -1453,6 +1459,11 @@ JSStructuredCloneReader::readSharedTypedArray(uint32_t arrayType, uint32_t nelem if (!in.read(&n)) return false; byteOffset = n; + if (!v.isObject() || !v.toObject().is()) { + JS_ReportErrorNumber(context(), js_GetErrorMessage, nullptr, JSMSG_SC_BAD_SERIALIZED_DATA, + "DataView must be backed by an ArrayBuffer"); + return false; + } RootedObject buffer(context(), &v.toObject()); RootedObject obj(context()); @@ -1517,10 +1528,23 @@ bool JSStructuredCloneReader::readV1ArrayBuffer(uint32_t arrayType, uint32_t nelems, MutableHandleValue vp) { - MOZ_ASSERT(arrayType <= Scalar::Uint8Clamped); + if (arrayType > Scalar::Uint8Clamped) { + JS_ReportErrorNumber(context(), js_GetErrorMessage, nullptr, JSMSG_SC_BAD_SERIALIZED_DATA, + "invalid TypedArray type"); + return false; + } - uint32_t nbytes = nelems << TypedArrayShift(static_cast(arrayType)); - JSObject* obj = ArrayBufferObject::create(context(), nbytes); + mozilla::CheckedInt nbytes = + mozilla::CheckedInt(nelems) * + TypedArrayElemSize(static_cast(arrayType)); + if (!nbytes.isValid() || nbytes.value() > UINT32_MAX) { + JS_ReportErrorNumber(context(), js_GetErrorMessage, nullptr, + JSMSG_SC_BAD_SERIALIZED_DATA, + "invalid typed array size"); + return false; + } + + JSObject* obj = ArrayBufferObject::create(context(), nbytes.value()); if (!obj) return false; vp.setObject(*obj); diff --git a/layout/forms/nsNumberControlFrame.cpp b/layout/forms/nsNumberControlFrame.cpp index 9f75dc92b2..fa44452336 100644 --- a/layout/forms/nsNumberControlFrame.cpp +++ b/layout/forms/nsNumberControlFrame.cpp @@ -641,14 +641,16 @@ nsNumberControlFrame::HandleFocusEvent(WidgetEvent* aEvent) { if (aEvent->originalTarget != mTextField) { // Move focus to our text field - HTMLInputElement::FromContent(mTextField)->Focus(); + nsRefPtr textField = HTMLInputElement::FromContent(mTextField); + textField->Focus(); } } nsresult nsNumberControlFrame::HandleSelectCall() { - return HTMLInputElement::FromContent(mTextField)->Select(); + nsRefPtr textField = HTMLInputElement::FromContent(mTextField); + return textField->Select(); } #define STYLES_DISABLING_NATIVE_THEMING \ diff --git a/layout/style/FontFace.cpp b/layout/style/FontFace.cpp index 8f892e9e30..4742b07eab 100644 --- a/layout/style/FontFace.cpp +++ b/layout/style/FontFace.cpp @@ -787,6 +787,11 @@ FontFace::SetUserFontEntry(gfxUserFontEntry* aEntry) if (mUserFontEntry) { mUserFontEntry->mFontFaces.AppendElement(this); + MOZ_ASSERT(mUserFontEntry->GetUserFontSet() == + mFontFaceSet->GetUserFontSet(), + "user font entry must be associated with the same user font set " + "as the FontFace"); + // Our newly assigned user font entry might be in the process of or // finished loading, so set our status accordingly. But only do so // if we're not going "backwards" in status, which could otherwise diff --git a/layout/style/FontFace.h b/layout/style/FontFace.h index 6ff8c18fbe..c6089fa902 100644 --- a/layout/style/FontFace.h +++ b/layout/style/FontFace.h @@ -89,6 +89,8 @@ public: */ bool IsInFontFaceSet() { return mInFontFaceSet; } + FontFaceSet* GetPrimaryFontFaceSet() const { return mFontFaceSet; } + /** * Sets whether this object is in a FontFaceSet. This is called by the * FontFaceSet when Add, Remove, etc. are called. diff --git a/layout/style/FontFaceSet.cpp b/layout/style/FontFaceSet.cpp index 750bf49e4a..26bc73391d 100644 --- a/layout/style/FontFaceSet.cpp +++ b/layout/style/FontFaceSet.cpp @@ -776,7 +776,7 @@ FontFaceSet::InsertRuleFontFace(FontFace* aFontFace, uint8_t aSheetType, mUserFontSet->AddUserFontEntry(fontfamily, entry); } -already_AddRefed +/* static */ already_AddRefed FontFaceSet::FindOrCreateUserFontEntryFromFontFace(FontFace* aFontFace) { nsAutoString fontfamily; @@ -790,11 +790,13 @@ FontFaceSet::FindOrCreateUserFontEntryFromFontFace(FontFace* aFontFace) nsStyleSet::eDocSheet); } -already_AddRefed +/* static */ already_AddRefed FontFaceSet::FindOrCreateUserFontEntryFromFontFace(const nsAString& aFamilyName, FontFace* aFontFace, uint8_t aSheetType) { + FontFaceSet* set = aFontFace->GetPrimaryFontFaceSet(); + nsCSSValue val; uint32_t unit; @@ -922,7 +924,7 @@ FontFaceSet::FindOrCreateUserFontEntryFromFontFace(const nsAString& aFamilyName, face->mSourceType = gfxFontFaceSrc::eSourceType_URL; face->mURI = val.GetURLValue(); face->mReferrer = val.GetURLStructValue()->mReferrer; - face->mReferrerPolicy = mDocument->GetReferrerPolicy(); + face->mReferrerPolicy = set->mDocument->GetReferrerPolicy(); face->mOriginPrincipal = val.GetURLStructValue()->mOriginPrincipal; NS_ASSERTION(face->mOriginPrincipal, "null origin principal in @font-face rule"); @@ -983,11 +985,11 @@ FontFaceSet::FindOrCreateUserFontEntryFromFontFace(const nsAString& aFamilyName, } nsRefPtr entry = - mUserFontSet->FindOrCreateUserFontEntry(aFamilyName, srcArray, weight, - stretch, italicStyle, - featureSettings, - languageOverride, - unicodeRanges); + set->mUserFontSet->FindOrCreateUserFontEntry(aFamilyName, srcArray, weight, + stretch, italicStyle, + featureSettings, + languageOverride, + unicodeRanges); return entry.forget(); } diff --git a/layout/style/FontFaceSet.h b/layout/style/FontFaceSet.h index c32883ee2d..a7d1364b72 100644 --- a/layout/style/FontFaceSet.h +++ b/layout/style/FontFaceSet.h @@ -132,7 +132,7 @@ public: * Finds an existing entry in the user font cache or creates a new user * font entry for the given FontFace object. */ - already_AddRefed + static already_AddRefed FindOrCreateUserFontEntryFromFontFace(FontFace* aFontFace); /** @@ -234,7 +234,7 @@ private: uint8_t mSheetType; }; - already_AddRefed FindOrCreateUserFontEntryFromFontFace( + static already_AddRefed FindOrCreateUserFontEntryFromFontFace( const nsAString& aFamilyName, FontFace* aFontFace, uint8_t aSheetType); diff --git a/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp b/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp index 1e1b9e7d4a..9d9cfbe93b 100644 --- a/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp +++ b/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp @@ -2771,12 +2771,11 @@ PeerConnectionImpl::IceGatheringStateChange( return; } WrappableJSErrorResult rv; - RUN_ON_THREAD(mThread, - WrapRunnable(pco, - &PeerConnectionObserver::OnStateChange, - PCObserverStateType::IceGatheringState, - rv, static_cast(nullptr)), - NS_DISPATCH_NORMAL); + mThread->Dispatch(WrapRunnable(pco, + &PeerConnectionObserver::OnStateChange, + PCObserverStateType::IceGatheringState, + rv, static_cast(nullptr)), + NS_DISPATCH_NORMAL); if (mIceGatheringState == PCImplIceGatheringState::Complete) { SendLocalIceCandidateToContent(0, "", ""); diff --git a/toolkit/components/satchel/nsFormFillController.cpp b/toolkit/components/satchel/nsFormFillController.cpp index 43b529eaec..82c5be2bd8 100644 --- a/toolkit/components/satchel/nsFormFillController.cpp +++ b/toolkit/components/satchel/nsFormFillController.cpp @@ -503,7 +503,8 @@ NS_IMETHODIMP nsFormFillController::GetTextValue(nsAString & aTextValue) { if (mFocusedInput) { - mFocusedInput->GetValue(aTextValue); + nsCOMPtr input = mFocusedInput; + input->GetValue(aTextValue); } else { aTextValue.Truncate(); } @@ -525,24 +526,30 @@ nsFormFillController::SetTextValue(const nsAString & aTextValue) NS_IMETHODIMP nsFormFillController::GetSelectionStart(int32_t *aSelectionStart) { - if (mFocusedInput) - mFocusedInput->GetSelectionStart(aSelectionStart); + if (mFocusedInput) { + nsCOMPtr input = mFocusedInput; + input->GetSelectionStart(aSelectionStart); + } return NS_OK; } NS_IMETHODIMP nsFormFillController::GetSelectionEnd(int32_t *aSelectionEnd) { - if (mFocusedInput) - mFocusedInput->GetSelectionEnd(aSelectionEnd); + if (mFocusedInput) { + nsCOMPtr input = mFocusedInput; + input->GetSelectionEnd(aSelectionEnd); + } return NS_OK; } NS_IMETHODIMP nsFormFillController::SelectTextRange(int32_t aStartIndex, int32_t aEndIndex) { - if (mFocusedInput) - mFocusedInput->SetSelectionRange(aStartIndex, aEndIndex, EmptyString()); + if (mFocusedInput) { + nsCOMPtr input = mFocusedInput; + input->SetSelectionRange(aStartIndex, aEndIndex, EmptyString()); + } return NS_OK; }