search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1682766 [wpt PR 26921] - Fix nullptr dereference accessing PolicyContainer in...
[gecko.git] / image / imgLoader.h
blobd8ecdab41dd4c4b0a722bd66e3cff44474574b33
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 *
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef mozilla_image_imgLoader_h
8 #define mozilla_image_imgLoader_h
9
10 #include "mozilla/Attributes.h"
11 #include "mozilla/CORSMode.h"
12 #include "mozilla/Mutex.h"
13 #include "mozilla/UniquePtr.h"
14
15 #include "imgILoader.h"
16 #include "imgICache.h"
17 #include "nsWeakReference.h"
18 #include "nsIContentSniffer.h"
19 #include "nsRefPtrHashtable.h"
20 #include "nsExpirationTracker.h"
21 #include "ImageCacheKey.h"
22 #include "imgRequest.h"
23 #include "nsIProgressEventSink.h"
24 #include "nsIChannel.h"
25 #include "nsIThreadRetargetableStreamListener.h"
26 #include "imgIRequest.h"
27
28 class imgLoader;
29 class imgRequestProxy;
30 class imgINotificationObserver;
31 class nsILoadGroup;
32 class imgCacheExpirationTracker;
33 class imgMemoryReporter;
34
35 namespace mozilla {
36 namespace dom {
37 class Document;
38 }
39 } // namespace mozilla
40
41 class imgCacheEntry {
42 public:
43 imgCacheEntry(imgLoader* loader, imgRequest* request,
44 bool aForcePrincipalCheck);
45 ~imgCacheEntry();
46
47 nsrefcnt AddRef() {
48 MOZ_ASSERT(int32_t(mRefCnt) >= 0, "illegal refcnt");
49 NS_ASSERT_OWNINGTHREAD(imgCacheEntry);
50 ++mRefCnt;
51 NS_LOG_ADDREF(this, mRefCnt, "imgCacheEntry", sizeof(*this));
52 return mRefCnt;
53 }
54
55 nsrefcnt Release() {
56 MOZ_ASSERT(0 != mRefCnt, "dup release");
57 NS_ASSERT_OWNINGTHREAD(imgCacheEntry);
58 --mRefCnt;
59 NS_LOG_RELEASE(this, mRefCnt, "imgCacheEntry");
60 if (mRefCnt == 0) {
61 mRefCnt = 1; /* stabilize */
62 delete this;
63 return 0;
64 }
65 return mRefCnt;
66 }
67
68 uint32_t GetDataSize() const { return mDataSize; }
69 void SetDataSize(uint32_t aDataSize) {
70 int32_t oldsize = mDataSize;
71 mDataSize = aDataSize;
72 UpdateCache(mDataSize - oldsize);
73 }
74
75 int32_t GetTouchedTime() const { return mTouchedTime; }
76 void SetTouchedTime(int32_t time) {
77 mTouchedTime = time;
78 Touch(/* updateTime = */ false);
79 }
80
81 uint32_t GetLoadTime() const { return mLoadTime; }
82
83 void UpdateLoadTime();
84
85 int32_t GetExpiryTime() const { return mExpiryTime; }
86 void SetExpiryTime(int32_t aExpiryTime) {
87 mExpiryTime = aExpiryTime;
88 Touch();
89 }
90
91 bool GetMustValidate() const { return mMustValidate; }
92 void SetMustValidate(bool aValidate) {
93 mMustValidate = aValidate;
94 Touch();
95 }
96
97 already_AddRefed<imgRequest> GetRequest() const {
98 RefPtr<imgRequest> req = mRequest;
99 return req.forget();
100 }
101
102 bool Evicted() const { return mEvicted; }
103
104 nsExpirationState* GetExpirationState() { return &mExpirationState; }
105
106 bool HasNoProxies() const { return mHasNoProxies; }
107
108 bool ForcePrincipalCheck() const { return mForcePrincipalCheck; }
109
110 imgLoader* Loader() const { return mLoader; }
111
112 private: // methods
113 friend class imgLoader;
114 friend class imgCacheQueue;
115 void Touch(bool updateTime = true);
116 void UpdateCache(int32_t diff = 0);
117 void SetEvicted(bool evict) { mEvicted = evict; }
118 void SetHasNoProxies(bool hasNoProxies);
119
120 // Private, unimplemented copy constructor.
121 imgCacheEntry(const imgCacheEntry&);
122
123 private: // data
124 nsAutoRefCnt mRefCnt;
125 NS_DECL_OWNINGTHREAD
126
127 imgLoader* mLoader;
128 RefPtr<imgRequest> mRequest;
129 uint32_t mDataSize;
130 int32_t mTouchedTime;
131 uint32_t mLoadTime;
132 int32_t mExpiryTime;
133 nsExpirationState mExpirationState;
134 bool mMustValidate : 1;
135 bool mEvicted : 1;
136 bool mHasNoProxies : 1;
137 bool mForcePrincipalCheck : 1;
138 };
139
140 #include <vector>
141
142 #define NS_IMGLOADER_CID \
143 { /* c1354898-e3fe-4602-88a7-c4520c21cb4e */ \
144 0xc1354898, 0xe3fe, 0x4602, { \
145 0x88, 0xa7, 0xc4, 0x52, 0x0c, 0x21, 0xcb, 0x4e \
146 } \
147 }
148
149 class imgCacheQueue {
150 public:
151 imgCacheQueue();
152 void Remove(imgCacheEntry*);
153 void Push(imgCacheEntry*);
154 void MarkDirty();
155 bool IsDirty();
156 already_AddRefed<imgCacheEntry> Pop();
157 void Refresh();
158 uint32_t GetSize() const;
159 void UpdateSize(int32_t diff);
160 uint32_t GetNumElements() const;
161 bool Contains(imgCacheEntry* aEntry) const;
162 typedef nsTArray<RefPtr<imgCacheEntry>> queueContainer;
163 typedef queueContainer::iterator iterator;
164 typedef queueContainer::const_iterator const_iterator;
165
166 iterator begin();
167 const_iterator begin() const;
168 iterator end();
169 const_iterator end() const;
170
171 private:
172 queueContainer mQueue;
173 bool mDirty;
174 uint32_t mSize;
175 };
176
177 enum class AcceptedMimeTypes : uint8_t {
178 IMAGES,
179 IMAGES_AND_DOCUMENTS,
180 };
181
182 class imgLoader final : public imgILoader,
183 public nsIContentSniffer,
184 public imgICache,
185 public nsSupportsWeakReference,
186 public nsIObserver {
187 virtual ~imgLoader();
188
189 public:
190 typedef mozilla::image::ImageCacheKey ImageCacheKey;
191 typedef nsRefPtrHashtable<nsGenericHashKey<ImageCacheKey>, imgCacheEntry>
192 imgCacheTable;
193 typedef nsTHashtable<nsPtrHashKey<imgRequest>> imgSet;
194 typedef mozilla::Mutex Mutex;
195
196 NS_DECL_ISUPPORTS
197 NS_DECL_IMGILOADER
198 NS_DECL_NSICONTENTSNIFFER
199 NS_DECL_IMGICACHE
200 NS_DECL_NSIOBSERVER
201
202 /**
203 * Get the normal image loader instance that is used by gecko code, creating
204 * it if necessary.
205 */
206 static imgLoader* NormalLoader();
207
208 /**
209 * Get the Private Browsing image loader instance that is used by gecko code,
210 * creating it if necessary.
211 */
212 static imgLoader* PrivateBrowsingLoader();
213
214 /**
215 * Gecko code should use NormalLoader() or PrivateBrowsingLoader() to get the
216 * appropriate image loader.
217 *
218 * This constructor is public because the XPCOM module code that creates
219 * instances of "@mozilla.org/image/loader;1" / "@mozilla.org/image/cache;1"
220 * for nsIComponentManager.createInstance()/nsIServiceManager.getService()
221 * calls (now only made by add-ons) needs access to it.
222 *
223 * XXX We would like to get rid of the nsIServiceManager.getService (and
224 * nsIComponentManager.createInstance) method of creating imgLoader objects,
225 * but there are add-ons that are still using it. These add-ons don't
226 * actually do anything useful with the loaders that they create since nobody
227 * who creates an imgLoader using this method actually QIs to imgILoader and
228 * loads images. They all just QI to imgICache and either call clearCache()
229 * or findEntryProperties(). Since they're doing this on an imgLoader that
230 * has never loaded images, these calls are useless. It seems likely that
231 * the code that is doing this is just legacy code left over from a time when
232 * there was only one imgLoader instance for the entire process. (Nowadays
233 * the correct method to get an imgILoader/imgICache is to call
234 * imgITools::getImgCacheForDocument/imgITools::getImgLoaderForDocument.)
235 * All the same, even though what these add-ons are doing is a no-op,
236 * removing the nsIServiceManager.getService method of creating/getting an
237 * imgLoader objects would cause an exception in these add-ons that could
238 * break things.
239 */
240 imgLoader();
241 nsresult Init();
242
243 [[nodiscard]] nsresult LoadImage(
244 nsIURI* aURI, nsIURI* aInitialDocumentURI, nsIReferrerInfo* aReferrerInfo,
245 nsIPrincipal* aLoadingPrincipal, uint64_t aRequestContextID,
246 nsILoadGroup* aLoadGroup, imgINotificationObserver* aObserver,
247 nsINode* aContext, mozilla::dom::Document* aLoadingDocument,
248 nsLoadFlags aLoadFlags, nsISupports* aCacheKey,
249 nsContentPolicyType aContentPolicyType, const nsAString& initiatorType,
250 bool aUseUrgentStartForChannel, bool aLinkPreload,
251 imgRequestProxy** _retval);
252
253 [[nodiscard]] nsresult LoadImageWithChannel(
254 nsIChannel* channel, imgINotificationObserver* aObserver,
255 mozilla::dom::Document* aLoadingDocument, nsIStreamListener** listener,
256 imgRequestProxy** _retval);
257
258 static nsresult GetMimeTypeFromContent(const char* aContents,
259 uint32_t aLength,
260 nsACString& aContentType);
261
262 /**
263 * Returns true if the given mime type may be interpreted as an image.
264 *
265 * Some MIME types may be interpreted as both images and documents. (At the
266 * moment only "image/svg+xml" falls into this category, but there may be more
267 * in the future.) Callers which want this function to return true for such
268 * MIME types should pass AcceptedMimeTypes::IMAGES_AND_DOCUMENTS for
269 * @aAccept.
270 *
271 * @param aMimeType The MIME type to evaluate.
272 * @param aAcceptedMimeTypes Which kinds of MIME types to treat as images.
273 */
274 static bool SupportImageWithMimeType(
275 const char* aMimeType,
276 AcceptedMimeTypes aAccept = AcceptedMimeTypes::IMAGES);
277
278 static void GlobalInit(); // for use by the factory
279 static void Shutdown(); // for use by the factory
280 static void ShutdownMemoryReporter();
281
282 nsresult ClearChromeImageCache();
283 nsresult ClearImageCache();
284 void MinimizeCaches();
285
286 nsresult InitCache();
287
288 bool RemoveFromCache(const ImageCacheKey& aKey);
289
290 // Enumeration describing if a given entry is in the cache queue or not.
291 // There are some cases we know the entry is definitely not in the queue.
292 enum class QueueState { MaybeExists, AlreadyRemoved };
293
294 bool RemoveFromCache(imgCacheEntry* entry,
295 QueueState aQueueState = QueueState::MaybeExists);
296
297 bool PutIntoCache(const ImageCacheKey& aKey, imgCacheEntry* aEntry);
298
299 void AddToUncachedImages(imgRequest* aRequest);
300 void RemoveFromUncachedImages(imgRequest* aRequest);
301
302 // Returns true if we should prefer evicting cache entry |two| over cache
303 // entry |one|.
304 // This mixes units in the worst way, but provides reasonable results.
305 inline static bool CompareCacheEntries(const RefPtr<imgCacheEntry>& one,
306 const RefPtr<imgCacheEntry>& two) {
307 if (!one) {
308 return false;
309 }
310 if (!two) {
311 return true;
312 }
313
314 const double sizeweight = 1.0 - sCacheTimeWeight;
315
316 // We want large, old images to be evicted first (depending on their
317 // relative weights). Since a larger time is actually newer, we subtract
318 // time's weight, so an older image has a larger weight.
319 double oneweight = double(one->GetDataSize()) * sizeweight -
320 double(one->GetTouchedTime()) * sCacheTimeWeight;
321 double twoweight = double(two->GetDataSize()) * sizeweight -
322 double(two->GetTouchedTime()) * sCacheTimeWeight;
323
324 return oneweight < twoweight;
325 }
326
327 void VerifyCacheSizes();
328
329 // The image loader maintains a hash table of all imgCacheEntries. However,
330 // only some of them will be evicted from the cache: those who have no
331 // imgRequestProxies watching their imgRequests.
332 //
333 // Once an imgRequest has no imgRequestProxies, it should notify us by
334 // calling HasNoObservers(), and null out its cache entry pointer.
335 //
336 // Upon having a proxy start observing again, it should notify us by calling
337 // HasObservers(). The request's cache entry will be re-set before this
338 // happens, by calling imgRequest::SetCacheEntry() when an entry with no
339 // observers is re-requested.
340 bool SetHasNoProxies(imgRequest* aRequest, imgCacheEntry* aEntry);
341 bool SetHasProxies(imgRequest* aRequest);
342
343 // This method converts imgIRequest::CORS_* values to mozilla::CORSMode
344 // values.
345 static mozilla::CORSMode ConvertToCORSMode(uint32_t aImgCORS);
346
347 private: // methods
348 static already_AddRefed<imgLoader> CreateImageLoader();
349
350 bool PreferLoadFromCache(nsIURI* aURI) const;
351
352 bool ValidateEntry(
353 imgCacheEntry* aEntry, nsIURI* aURI, nsIURI* aInitialDocumentURI,
354 nsIReferrerInfo* aReferrerInfo, nsILoadGroup* aLoadGroup,
355 imgINotificationObserver* aObserver,
356 mozilla::dom::Document* aLoadingDocument, nsLoadFlags aLoadFlags,
357 nsContentPolicyType aLoadPolicyType, bool aCanMakeNewChannel,
358 bool* aNewChannelCreated, imgRequestProxy** aProxyRequest,
359 nsIPrincipal* aTriggeringPrincipal, int32_t aCORSMode, bool aLinkPreload);
360
361 bool ValidateRequestWithNewChannel(
362 imgRequest* request, nsIURI* aURI, nsIURI* aInitialDocumentURI,
363 nsIReferrerInfo* aReferrerInfo, nsILoadGroup* aLoadGroup,
364 imgINotificationObserver* aObserver,
365 mozilla::dom::Document* aLoadingDocument, uint64_t aInnerWindowId,
366 nsLoadFlags aLoadFlags, nsContentPolicyType aContentPolicyType,
367 imgRequestProxy** aProxyRequest, nsIPrincipal* aLoadingPrincipal,
368 int32_t aCORSMode, bool aLinkPreload, bool* aNewChannelCreated);
369
370 // aURI may be different from imgRequest's URI in the case of blob URIs, as we
371 // can share requests with different URIs.
372 nsresult CreateNewProxyForRequest(imgRequest* aRequest, nsIURI* aURI,
373 nsILoadGroup* aLoadGroup,
374 mozilla::dom::Document* aLoadingDocument,
375 imgINotificationObserver* aObserver,
376 nsLoadFlags aLoadFlags,
377 imgRequestProxy** _retval);
378
379 nsresult EvictEntries(imgCacheTable& aCacheToClear);
380 nsresult EvictEntries(imgCacheQueue& aQueueToClear);
381
382 imgCacheTable& GetCache(bool aForChrome);
383 imgCacheTable& GetCache(const ImageCacheKey& aKey);
384 imgCacheQueue& GetCacheQueue(bool aForChrome);
385 imgCacheQueue& GetCacheQueue(const ImageCacheKey& aKey);
386 void CacheEntriesChanged(bool aForChrome, int32_t aSizeDiff = 0);
387 void CheckCacheLimits(imgCacheTable& cache, imgCacheQueue& queue);
388
389 private: // data
390 friend class imgCacheEntry;
391 friend class imgMemoryReporter;
392
393 imgCacheTable mCache;
394 imgCacheQueue mCacheQueue;
395
396 imgCacheTable mChromeCache;
397 imgCacheQueue mChromeCacheQueue;
398
399 // Hash set of every imgRequest for this loader that isn't in mCache or
400 // mChromeCache. The union over all imgLoader's of mCache, mChromeCache, and
401 // mUncachedImages should be every imgRequest that is alive. These are weak
402 // pointers so we rely on the imgRequest destructor to remove itself.
403 imgSet mUncachedImages;
404 // The imgRequest can have refs to them held on non-main thread, so we need
405 // a mutex because we modify the uncached images set from the imgRequest
406 // destructor.
407 Mutex mUncachedImagesMutex;
408
409 static double sCacheTimeWeight;
410 static uint32_t sCacheMaxSize;
411 static imgMemoryReporter* sMemReporter;
412
413 mozilla::UniquePtr<imgCacheExpirationTracker> mCacheTracker;
414 bool mRespectPrivacy;
415 };
416
417 /**
418 * proxy stream listener class used to handle multipart/x-mixed-replace
419 */
420
421 #include "nsCOMPtr.h"
422 #include "nsIStreamListener.h"
423 #include "nsIThreadRetargetableStreamListener.h"
424
425 class ProxyListener : public nsIStreamListener,
426 public nsIThreadRetargetableStreamListener {
427 public:
428 explicit ProxyListener(nsIStreamListener* dest);
429
430 /* additional members */
431 NS_DECL_THREADSAFE_ISUPPORTS
432 NS_DECL_NSISTREAMLISTENER
433 NS_DECL_NSITHREADRETARGETABLESTREAMLISTENER
434 NS_DECL_NSIREQUESTOBSERVER
435
436 private:
437 virtual ~ProxyListener();
438
439 nsCOMPtr<nsIStreamListener> mDestListener;
440 };
441
442 /**
443 * A class that implements nsIProgressEventSink and forwards all calls to it to
444 * the original notification callbacks of the channel. Also implements
445 * nsIInterfaceRequestor and gives out itself for nsIProgressEventSink calls,
446 * and forwards everything else to the channel's notification callbacks.
447 */
448 class nsProgressNotificationProxy final : public nsIProgressEventSink,
449 public nsIChannelEventSink,
450 public nsIInterfaceRequestor {
451 public:
452 nsProgressNotificationProxy(nsIChannel* channel, imgIRequest* proxy)
453 : mImageRequest(proxy) {
454 channel->GetNotificationCallbacks(getter_AddRefs(mOriginalCallbacks));
455 }
456
457 NS_DECL_ISUPPORTS
458 NS_DECL_NSIPROGRESSEVENTSINK
459 NS_DECL_NSICHANNELEVENTSINK
460 NS_DECL_NSIINTERFACEREQUESTOR
461 private:
462 ~nsProgressNotificationProxy() = default;
463
464 nsCOMPtr<nsIInterfaceRequestor> mOriginalCallbacks;
465 nsCOMPtr<nsIRequest> mImageRequest;
466 };
467
468 /**
469 * validate checker
470 */
471
472 #include "nsCOMArray.h"
473
474 class imgCacheValidator : public nsIStreamListener,
475 public nsIThreadRetargetableStreamListener,
476 public nsIChannelEventSink,
477 public nsIInterfaceRequestor,
478 public nsIAsyncVerifyRedirectCallback {
479 public:
480 imgCacheValidator(nsProgressNotificationProxy* progress, imgLoader* loader,
481 imgRequest* aRequest, mozilla::dom::Document* aDocument,
482 uint64_t aInnerWindowId,
483 bool forcePrincipalCheckForCacheEntry);
484
485 void AddProxy(imgRequestProxy* aProxy);
486 void RemoveProxy(imgRequestProxy* aProxy);
487
488 NS_DECL_THREADSAFE_ISUPPORTS
489 NS_DECL_NSITHREADRETARGETABLESTREAMLISTENER
490 NS_DECL_NSISTREAMLISTENER
491 NS_DECL_NSIREQUESTOBSERVER
492 NS_DECL_NSICHANNELEVENTSINK
493 NS_DECL_NSIINTERFACEREQUESTOR
494 NS_DECL_NSIASYNCVERIFYREDIRECTCALLBACK
495
496 private:
497 void UpdateProxies(bool aCancelRequest, bool aSyncNotify);
498 virtual ~imgCacheValidator();
499
500 nsCOMPtr<nsIStreamListener> mDestListener;
501 RefPtr<nsProgressNotificationProxy> mProgressProxy;
502 nsCOMPtr<nsIAsyncVerifyRedirectCallback> mRedirectCallback;
503 nsCOMPtr<nsIChannel> mRedirectChannel;
504
505 RefPtr<imgRequest> mRequest;
506 AutoTArray<RefPtr<imgRequestProxy>, 4> mProxies;
507
508 RefPtr<imgRequest> mNewRequest;
509 RefPtr<imgCacheEntry> mNewEntry;
510
511 RefPtr<mozilla::dom::Document> mDocument;
512 uint64_t mInnerWindowId;
513
514 imgLoader* mImgLoader;
515
516 bool mHadInsecureRedirect;
517 };
518
519 #endif // mozilla_image_imgLoader_h