author David Keeler <>
Fri, 30 Sep 2016 18:08:08 -0700
changeset 429147 6810346363585085e260d47a58cf5b7d58542d44
parent 357687 3d67e45f994a3ae1ae43479c32c2ed63bbf1a7c8
child 489668 cbb8fdf1daf98a15f7d57f6b08d273bdf96aa1a0
child 502848 2d439151440a1195efd5c770d4b9432a158ac0f1
permissions -rw-r--r--
bug 1227638 - deterministically load EV information r=Cykesiopka,mgoodwin Previously PSM would load EV information on-demand (i.e. just before verifying a certificate). This simplifies this operation, removes a dubious optimization (loading the EV information on another thread while opening a network connection), and relocates the loading operation to when we are likely to have good disk locality (i.e. when we've just loaded the built-in roots module). This also removes the now-unused MOZ_NO_EV_CERTS build flag. MozReview-Commit-ID: 8Rnl4ozF95V

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at */


#include "mozilla/Assertions.h"
#include "mozilla/Attributes.h"
#include "mozilla/ReentrancyGuard.h"
#include "nsDebug.h"

namespace mozilla {

 * This helper allows us to handle two related issues in SVG content: reference
 * loops, and reference chains that we deem to be too long.
 * SVG content may contain reference loops where an SVG effect (a clipPath,
 * say) may reference itself either directly or, perhaps more likely,
 * indirectly via a reference chain to other elements that eventually leads
 * back to itself.  This helper class allows us to detect and immediately break
 * such reference loops when applying an effect so that we can prevent
 * reference loops causing us to recurse until we run out of stack space and
 * crash.
 * SVG also allows for (non-loop) reference chains of arbitrary length, the
 * length depending entirely on the SVG content.  Some SVG authoring tools have
 * been known to create absurdly long reference chains.  (For example, bug
 * 1253590 details a case where Adobe Illustrator created an SVG with a chain
 * of 5000 clip paths which could cause us to run out of stack space and
 * crash.)  This helper class also allows us to limit the number of times we
 * recurse into a function, thereby allowing us to limit the length ofreference
 * chains.
 * Consumers that need to handle the reference loop case should add a member
 * variable (mReferencing, say) to the class that represents and applies the
 * SVG effect in question (typically an nsIFrame sub-class), initialize that
 * member to AutoReferenceLimiter::notReferencing in the class' constructor
 * (and never touch that variable again), and then add something like the
 * following at the top of the method(s) that may recurse to follow references
 * when applying an effect:
 *   AutoReferenceLimiter refLoopDetector(&mInUse, 1); // only one ref allowed
 *   if (!refLoopDetector.Reference()) {
 *     return; // reference loop
 *   }
 * Consumers that need to limit reference chain lengths should add something
 * like the following code at the top of the method(s) that may recurse to
 * follow references when applying an effect:
 *   static int16_t sChainLengthCounter = AutoReferenceLimiter::notReferencing;
 *   AutoReferenceLimiter refChainLengthLimiter(&sChainLengthCounter, MAX_LEN);
 *   if (!refChainLengthLimiter.Reference()) {
 *     return; // reference chain too long
 *   }
class MOZ_RAII AutoReferenceLimiter
  static const int16_t notReferencing = -2;

  AutoReferenceLimiter(int16_t* aRefCounter, int16_t aMaxReferenceCount)
    MOZ_ASSERT(aMaxReferenceCount > 0 &&
               aRefCounter &&
               (*aRefCounter == notReferencing ||
                (*aRefCounter >= 0 && *aRefCounter < aMaxReferenceCount)));

    if (*aRefCounter == notReferencing) {
      // initialize
      *aRefCounter = aMaxReferenceCount;
    mRefCounter = aRefCounter;
    mMaxReferenceCount = aMaxReferenceCount;

  ~AutoReferenceLimiter() {
    // If we fail this assert then there were more destructor calls than
    // Reference() calls (a consumer forgot to to call Reference()), or else
    // someone messed with the variable pointed to by mRefCounter.
    MOZ_ASSERT(*mRefCounter < mMaxReferenceCount);


    if (*mRefCounter == mMaxReferenceCount) {
      *mRefCounter = notReferencing; // reset ready for use next time

   * Returns true on success (no reference loop/reference chain length is
   * within the specified limits), else returns false on failure (there is a
   * reference loop/the reference chain has exceeded the specified limits).
  MOZ_MUST_USE bool Reference() {
    // If we fail this assertion then either a consumer failed to break a
    // reference loop/chain, or else they called Reference() more than once
    MOZ_ASSERT(*mRefCounter >= 0);


    if (*mRefCounter < 0) {
      // TODO: This is an issue with the document, not with Mozilla code. We
      // should stop using NS_WARNING and send a message to the console
      // instead (but only once per document, not over and over as we repaint).
      if (mMaxReferenceCount == 1) {
        NS_WARNING("Reference loop detected!");
      } else {
        NS_WARNING("Reference chain length limit exceeded!");
      return false;
    return true;

  int16_t* mRefCounter;
  int16_t mMaxReferenceCount;

} // namespace mozilla