Bug 1272203 (part 3) - Use NotNull in nsContentUtils::GetSurfaceData(). r=froydnj.
authorNicholas Nethercote <nnethercote@mozilla.com>
Fri, 27 May 2016 09:49:25 +1000
changeset 299470 c329d2652ad52f3261db1cc8bdbe4d68a220ab19
parent 299469 12a0df9bb7edefaee2cb9845f94757eb082b546a
child 299471 a797b1192ac89f6f11049e2ea6d87dd66fb1cedc
push id30297
push usercbook@mozilla.com
push dateMon, 30 May 2016 13:29:51 +0000
treeherderautoland@3435dd7ad71f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfroydnj
bugs1272203, 1268721
milestone49.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1272203 (part 3) - Use NotNull in nsContentUtils::GetSurfaceData(). r=froydnj. This might not look compelling in isolation, but this use of NotNull would have prevented the null dereference crash in bug 1268721.
dom/base/nsContentUtils.cpp
dom/base/nsContentUtils.h
widget/PuppetWidget.cpp
widget/nsDragServiceProxy.cpp
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -7419,17 +7419,18 @@ nsContentUtils::TransferableToIPCTransfe
             RefPtr<mozilla::gfx::DataSourceSurface> dataSurface =
               surface->GetDataSurface();
             if (!dataSurface) {
               continue;
             }
             size_t length;
             int32_t stride;
             mozilla::UniquePtr<char[]> surfaceData =
-              nsContentUtils::GetSurfaceData(dataSurface, &length, &stride);
+              nsContentUtils::GetSurfaceData(WrapNotNull(dataSurface), &length,
+                                             &stride);
 
             IPCDataTransferItem* item = aIPCDataTransfer->items().AppendElement();
             item->flavor() = flavorStr;
             // Turn item->data() into an nsCString prior to accessing it.
             item->data() = EmptyCString();
             item->data().get_nsCString().Adopt(surfaceData.release(), length);
 
             IPCDataTransferImage& imageDetails = item->imageDetails();
@@ -7523,18 +7524,19 @@ nsContentUtils::TransferableToIPCTransfe
           }
         }
       }
     }
   }
 }
 
 mozilla::UniquePtr<char[]>
-nsContentUtils::GetSurfaceData(mozilla::gfx::DataSourceSurface* aSurface,
-                               size_t* aLength, int32_t* aStride)
+nsContentUtils::GetSurfaceData(
+  NotNull<mozilla::gfx::DataSourceSurface*> aSurface,
+  size_t* aLength, int32_t* aStride)
 {
   mozilla::gfx::DataSourceSurface::MappedSurface map;
   if (NS_WARN_IF(!aSurface->Map(mozilla::gfx::DataSourceSurface::MapType::READ, &map))) {
     return nullptr;
   }
   mozilla::gfx::IntSize size = aSurface->GetSize();
   mozilla::CheckedInt32 requiredBytes =
     mozilla::CheckedInt32(map.mStride) * mozilla::CheckedInt32(size.height);
--- a/dom/base/nsContentUtils.h
+++ b/dom/base/nsContentUtils.h
@@ -27,16 +27,17 @@
 #include "nsMathUtils.h"
 #include "nsTArrayForwardDeclare.h"
 #include "Units.h"
 #include "mozilla/dom/AutocompleteInfoBinding.h"
 #include "mozilla/dom/ScriptSettings.h"
 #include "mozilla/FloatingPoint.h"
 #include "mozilla/net/ReferrerPolicy.h"
 #include "mozilla/Logging.h"
+#include "mozilla/NotNull.h"
 #include "nsIContentPolicy.h"
 
 #if defined(XP_WIN)
 // Undefine LoadImage to prevent naming conflict with Windows.
 #undef LoadImage
 #endif
 
 class imgICache;
@@ -2427,18 +2428,19 @@ public:
                                             bool aInSyncMessage,
                                             mozilla::dom::nsIContentChild* aChild,
                                             mozilla::dom::nsIContentParent* aParent);
 
   /*
    * Get the pixel data from the given source surface and return it as a buffer.
    * The length and stride will be assigned from the surface.
    */
-  static mozilla::UniquePtr<char[]> GetSurfaceData(mozilla::gfx::DataSourceSurface* aSurface,
-                                                   size_t* aLength, int32_t* aStride);
+  static mozilla::UniquePtr<char[]> GetSurfaceData(
+    mozilla::NotNull<mozilla::gfx::DataSourceSurface*> aSurface,
+    size_t* aLength, int32_t* aStride);
 
   // Helpers shared by the implementations of nsContentUtils methods and
   // nsIDOMWindowUtils methods.
   static mozilla::Modifiers GetWidgetModifiers(int32_t aModifiers);
   static nsIWidget* GetWidget(nsIPresShell* aPresShell, nsPoint* aOffset);
   static int16_t GetButtonsFlagForButton(int32_t aButton);
   static mozilla::LayoutDeviceIntPoint ToWidgetPoint(const mozilla::CSSPoint& aPoint,
                                                      const nsPoint& aOffset,
--- a/widget/PuppetWidget.cpp
+++ b/widget/PuppetWidget.cpp
@@ -985,17 +985,17 @@ PuppetWidget::SetCursor(imgIContainer* a
     surface->GetDataSurface();
   if (!dataSurface) {
     return NS_ERROR_FAILURE;
   }
 
   size_t length;
   int32_t stride;
   mozilla::UniquePtr<char[]> surfaceData =
-    nsContentUtils::GetSurfaceData(dataSurface, &length, &stride);
+    nsContentUtils::GetSurfaceData(WrapNotNull(dataSurface), &length, &stride);
 
   nsDependentCString cursorData(surfaceData.get(), length);
   mozilla::gfx::IntSize size = dataSurface->GetSize();
   if (!mTabChild->SendSetCustomCursor(cursorData, size.width, size.height, stride,
                                       static_cast<uint8_t>(dataSurface->GetFormat()),
                                       aHotspotX, aHotspotY, mUpdateCursor)) {
     return NS_ERROR_FAILURE;
   }
--- a/widget/nsDragServiceProxy.cpp
+++ b/widget/nsDragServiceProxy.cpp
@@ -50,17 +50,18 @@ nsDragServiceProxy::InvokeDragSessionImp
     if (surface) {
       RefPtr<mozilla::gfx::DataSourceSurface> dataSurface =
         surface->GetDataSurface();
       mozilla::gfx::IntSize size = dataSurface->GetSize();
       if (dataSurface) {
         size_t length;
         int32_t stride;
         mozilla::UniquePtr<char[]> surfaceData =
-          nsContentUtils::GetSurfaceData(dataSurface, &length, &stride);
+          nsContentUtils::GetSurfaceData(WrapNotNull(dataSurface), &length,
+                                         &stride);
         nsDependentCString dragImage(surfaceData.get(), length);
 
         mozilla::Unused <<
           child->SendInvokeDragSession(dataTransfers, aActionType, dragImage,
                                        size.width, size.height, stride,
                                        static_cast<uint8_t>(dataSurface->GetFormat()),
                                        dragRect.x, dragRect.y);
         StartDragSession();