search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1845715 - Check for failure when getting RegExp match result template r=iain
[gecko.git] / parser / html / nsHtml5StreamParser.cpp
blob6b45e569b6d51a4d2f665fd689b924a3b53b7a6a
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set sw=2 ts=2 et tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "nsHtml5StreamParser.h"
8
9 #include <stdlib.h>
10 #include <string.h>
11 #include <algorithm>
12 #include <new>
13 #include <type_traits>
14 #include <utility>
15 #include "ErrorList.h"
16 #include "GeckoProfiler.h"
17 #include "js/GCAPI.h"
18 #include "mozilla/ArrayIterator.h"
19 #include "mozilla/Buffer.h"
20 #include "mozilla/CheckedInt.h"
21 #include "mozilla/DebugOnly.h"
22 #include "mozilla/Encoding.h"
23 #include "mozilla/EncodingDetector.h"
24 #include "mozilla/Likely.h"
25 #include "mozilla/Maybe.h"
26 #include "mozilla/SchedulerGroup.h"
27 #include "mozilla/ScopeExit.h"
28 #include "mozilla/Services.h"
29 #include "mozilla/StaticPrefs_html5.h"
30 #include "mozilla/StaticPrefs_intl.h"
31 #include "mozilla/TaskCategory.h"
32 #include "mozilla/TextUtils.h"
33
34 #include "mozilla/UniquePtrExtensions.h"
35 #include "mozilla/Unused.h"
36 #include "mozilla/dom/BindingDeclarations.h"
37 #include "mozilla/dom/BrowsingContext.h"
38 #include "mozilla/dom/DebuggerUtilsBinding.h"
39 #include "mozilla/dom/DocGroup.h"
40 #include "mozilla/dom/Document.h"
41 #include "mozilla/mozalloc.h"
42 #include "mozilla/Vector.h"
43 #include "nsContentSink.h"
44 #include "nsContentUtils.h"
45 #include "nsCycleCollectionTraversalCallback.h"
46 #include "nsHtml5AtomTable.h"
47 #include "nsHtml5ByteReadable.h"
48 #include "nsHtml5Highlighter.h"
49 #include "nsHtml5Module.h"
50 #include "nsHtml5OwningUTF16Buffer.h"
51 #include "nsHtml5Parser.h"
52 #include "nsHtml5Speculation.h"
53 #include "nsHtml5StreamParserPtr.h"
54 #include "nsHtml5Tokenizer.h"
55 #include "nsHtml5TreeBuilder.h"
56 #include "nsHtml5TreeOpExecutor.h"
57 #include "nsHtml5TreeOpStage.h"
58 #include "nsIChannel.h"
59 #include "nsIContentSink.h"
60 #include "nsID.h"
61 #include "nsIDTD.h"
62 #include "nsIDocShell.h"
63 #include "nsIEventTarget.h"
64 #include "nsIHttpChannel.h"
65 #include "nsIInputStream.h"
66 #include "nsINestedURI.h"
67 #include "nsIObserverService.h"
68 #include "nsIRequest.h"
69 #include "nsIRunnable.h"
70 #include "nsIScriptError.h"
71 #include "nsIThread.h"
72 #include "nsIThreadRetargetableRequest.h"
73 #include "nsIThreadRetargetableStreamListener.h"
74 #include "nsITimer.h"
75 #include "nsIURI.h"
76 #include "nsJSEnvironment.h"
77 #include "nsLiteralString.h"
78 #include "nsNetUtil.h"
79 #include "nsString.h"
80 #include "nsTPromiseFlatString.h"
81 #include "nsThreadUtils.h"
82 #include "nsXULAppAPI.h"
83
84 extern "C" {
85 // Defined in intl/encoding_glue/src/lib.rs
86 const mozilla::Encoding* xmldecl_parse(const uint8_t* buf, size_t buf_len);
87 };
88
89 using namespace mozilla;
90 using namespace mozilla::dom;
91
92 /*
93 * Note that nsHtml5StreamParser implements cycle collecting AddRef and
94 * Release. Therefore, nsHtml5StreamParser must never be refcounted from
95 * the parser thread!
96 *
97 * To work around this limitation, runnables posted by the main thread to the
98 * parser thread hold their reference to the stream parser in an
99 * nsHtml5StreamParserPtr. Upon creation, nsHtml5StreamParserPtr addrefs the
100 * object it holds
101 * just like a regular nsRefPtr. This is OK, since the creation of the
102 * runnable and the nsHtml5StreamParserPtr happens on the main thread.
103 *
104 * When the runnable is done on the parser thread, the destructor of
105 * nsHtml5StreamParserPtr runs there. It doesn't call Release on the held object
106 * directly. Instead, it posts another runnable back to the main thread where
107 * that runnable calls Release on the wrapped object.
108 *
109 * When posting runnables in the other direction, the runnables have to be
110 * created on the main thread when nsHtml5StreamParser is instantiated and
111 * held for the lifetime of the nsHtml5StreamParser. This works, because the
112 * same runnabled can be dispatched multiple times and currently runnables
113 * posted from the parser thread to main thread don't need to wrap any
114 * runnable-specific data. (In the other direction, the runnables most notably
115 * wrap the byte data of the stream.)
116 */
117 NS_IMPL_CYCLE_COLLECTING_ADDREF(nsHtml5StreamParser)
118 NS_IMPL_CYCLE_COLLECTING_RELEASE(nsHtml5StreamParser)
119
120 NS_INTERFACE_TABLE_HEAD(nsHtml5StreamParser)
121 NS_INTERFACE_TABLE(nsHtml5StreamParser, nsISupports)
122 NS_INTERFACE_TABLE_TO_MAP_SEGUE_CYCLE_COLLECTION(nsHtml5StreamParser)
123 NS_INTERFACE_MAP_END
124
125 NS_IMPL_CYCLE_COLLECTION_CLASS(nsHtml5StreamParser)
126
127 NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(nsHtml5StreamParser)
128 tmp->DropTimer();
129 NS_IMPL_CYCLE_COLLECTION_UNLINK(mRequest)
130 NS_IMPL_CYCLE_COLLECTION_UNLINK(mOwner)
131 tmp->mExecutorFlusher = nullptr;
132 tmp->mLoadFlusher = nullptr;
133 tmp->mExecutor = nullptr;
134 NS_IMPL_CYCLE_COLLECTION_UNLINK_END
135
136 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(nsHtml5StreamParser)
137 NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mRequest)
138 NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mOwner)
139 // hack: count the strongly owned edge wrapped in the runnable
140 if (tmp->mExecutorFlusher) {
141 NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "mExecutorFlusher->mExecutor");
142 cb.NoteXPCOMChild(static_cast<nsIContentSink*>(tmp->mExecutor));
143 }
144 // hack: count the strongly owned edge wrapped in the runnable
145 if (tmp->mLoadFlusher) {
146 NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "mLoadFlusher->mExecutor");
147 cb.NoteXPCOMChild(static_cast<nsIContentSink*>(tmp->mExecutor));
148 }
149 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
150
151 class nsHtml5ExecutorFlusher : public Runnable {
152 private:
153 RefPtr<nsHtml5TreeOpExecutor> mExecutor;
154
155 public:
156 explicit nsHtml5ExecutorFlusher(nsHtml5TreeOpExecutor* aExecutor)
157 : Runnable("nsHtml5ExecutorFlusher"), mExecutor(aExecutor) {}
158 NS_IMETHOD Run() override {
159 if (!mExecutor->isInList()) {
160 Document* doc = mExecutor->GetDocument();
161 if (XRE_IsContentProcess() &&
162 nsContentUtils::
163 HighPriorityEventPendingForTopLevelDocumentBeforeContentfulPaint(
164 doc)) {
165 // Possible early paint pending, reuse the runnable and try to
166 // call RunFlushLoop later.
167 nsCOMPtr<nsIRunnable> flusher = this;
168 if (NS_SUCCEEDED(
169 doc->Dispatch(TaskCategory::Network, flusher.forget()))) {
170 PROFILER_MARKER_UNTYPED("HighPrio blocking parser flushing(1)", DOM);
171 return NS_OK;
172 }
173 }
174 mExecutor->RunFlushLoop();
175 }
176 return NS_OK;
177 }
178 };
179
180 class nsHtml5LoadFlusher : public Runnable {
181 private:
182 RefPtr<nsHtml5TreeOpExecutor> mExecutor;
183
184 public:
185 explicit nsHtml5LoadFlusher(nsHtml5TreeOpExecutor* aExecutor)
186 : Runnable("nsHtml5LoadFlusher"), mExecutor(aExecutor) {}
187 NS_IMETHOD Run() override {
188 mExecutor->FlushSpeculativeLoads();
189 return NS_OK;
190 }
191 };
192
193 nsHtml5StreamParser::nsHtml5StreamParser(nsHtml5TreeOpExecutor* aExecutor,
194 nsHtml5Parser* aOwner,
195 eParserMode aMode)
196 : mBomState(eBomState::BOM_SNIFFING_NOT_STARTED),
197 mCharsetSource(kCharsetUninitialized),
198 mEncodingSwitchSource(kCharsetUninitialized),
199 mEncoding(X_USER_DEFINED_ENCODING), // Obviously bogus value to notice if
200 // not updated
201 mNeedsEncodingSwitchTo(nullptr),
202 mSeenEligibleMetaCharset(false),
203 mChardetEof(false),
204 #ifdef DEBUG
205 mStartedFeedingDetector(false),
206 mStartedFeedingDevTools(false),
207 #endif
208 mReparseForbidden(false),
209 mForceAutoDetection(false),
210 mChannelHadCharset(false),
211 mLookingForMetaCharset(false),
212 mStartsWithLtQuestion(false),
213 mLookingForXmlDeclarationForXmlViewSource(false),
214 mTemplatePushedOrHeadPopped(false),
215 mGtBuffer(nullptr),
216 mGtPos(0),
217 mLastBuffer(nullptr), // Will be filled when starting
218 mExecutor(aExecutor),
219 mTreeBuilder(new nsHtml5TreeBuilder(
220 (aMode == VIEW_SOURCE_HTML || aMode == VIEW_SOURCE_XML)
221 ? nullptr
222 : mExecutor->GetStage(),
223 mExecutor->GetStage(), aMode == NORMAL)),
224 mTokenizer(
225 new nsHtml5Tokenizer(mTreeBuilder.get(), aMode == VIEW_SOURCE_XML)),
226 mTokenizerMutex("nsHtml5StreamParser mTokenizerMutex"),
227 mOwner(aOwner),
228 mLastWasCR(false),
229 mStreamState(eHtml5StreamState::STREAM_NOT_STARTED),
230 mSpeculating(false),
231 mAtEOF(false),
232 mSpeculationMutex("nsHtml5StreamParser mSpeculationMutex"),
233 mSpeculationFailureCount(0),
234 mNumBytesBuffered(0),
235 mTerminated(false),
236 mInterrupted(false),
237 mEventTarget(nsHtml5Module::GetStreamParserEventTarget()),
238 mExecutorFlusher(new nsHtml5ExecutorFlusher(aExecutor)),
239 mLoadFlusher(new nsHtml5LoadFlusher(aExecutor)),
240 mInitialEncodingWasFromParentFrame(false),
241 mHasHadErrors(false),
242 mDetectorHasSeenNonAscii(false),
243 mDecodingLocalFileWithoutTokenizing(false),
244 mBufferingBytes(false),
245 mFlushTimer(NS_NewTimer(mEventTarget)),
246 mFlushTimerMutex("nsHtml5StreamParser mFlushTimerMutex"),
247 mFlushTimerArmed(false),
248 mFlushTimerEverFired(false),
249 mMode(aMode) {
250 NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
251 #ifdef DEBUG
252 mAtomTable.SetPermittedLookupEventTarget(mEventTarget);
253 #endif
254 mTokenizer->setInterner(&mAtomTable);
255 mTokenizer->setEncodingDeclarationHandler(this);
256
257 if (aMode == VIEW_SOURCE_HTML || aMode == VIEW_SOURCE_XML) {
258 nsHtml5Highlighter* highlighter =
259 new nsHtml5Highlighter(mExecutor->GetStage());
260 mTokenizer->EnableViewSource(highlighter); // takes ownership
261 mTreeBuilder->EnableViewSource(highlighter); // doesn't own
262 }
263
264 // There's a zeroing operator new for everything else
265 }
266
267 nsHtml5StreamParser::~nsHtml5StreamParser() {
268 NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
269 mTokenizer->end();
270 #ifdef DEBUG
271 {
272 mozilla::MutexAutoLock flushTimerLock(mFlushTimerMutex);
273 MOZ_ASSERT(!mFlushTimer, "Flush timer was not dropped before dtor!");
274 }
275 mRequest = nullptr;
276 mUnicodeDecoder = nullptr;
277 mFirstBuffer = nullptr;
278 mExecutor = nullptr;
279 mTreeBuilder = nullptr;
280 mTokenizer = nullptr;
281 mOwner = nullptr;
282 #endif
283 }
284
285 nsresult nsHtml5StreamParser::GetChannel(nsIChannel** aChannel) {
286 NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
287 return mRequest ? CallQueryInterface(mRequest, aChannel)
288 : NS_ERROR_NOT_AVAILABLE;
289 }
290
291 std::tuple<NotNull<const Encoding*>, nsCharsetSource>
292 nsHtml5StreamParser::GuessEncoding(bool aInitial) {
293 MOZ_ASSERT(
294 mCharsetSource != kCharsetFromFinalUserForcedAutoDetection &&
295 mCharsetSource !=
296 kCharsetFromFinalAutoDetectionWouldHaveBeenUTF8InitialWasASCII &&
297 mCharsetSource !=
298 kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8Generic &&
299 mCharsetSource !=
300 kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8GenericInitialWasASCII &&
301 mCharsetSource !=
302 kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8Content &&
303 mCharsetSource !=
304 kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8ContentInitialWasASCII &&
305 mCharsetSource !=
306 kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8DependedOnTLD &&
307 mCharsetSource !=
308 kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8DependedOnTLDInitialWasASCII &&
309 mCharsetSource != kCharsetFromFinalAutoDetectionFile);
310 auto ifHadBeenForced = mDetector->Guess(EmptyCString(), true);
311 auto encoding =
312 mForceAutoDetection
313 ? ifHadBeenForced
314 : mDetector->Guess(mTLD, mDecodingLocalFileWithoutTokenizing);
315 nsCharsetSource source =
316 aInitial
317 ? (mForceAutoDetection
318 ? kCharsetFromInitialUserForcedAutoDetection
319 : (mDecodingLocalFileWithoutTokenizing
320 ? kCharsetFromFinalAutoDetectionFile
321 : kCharsetFromInitialAutoDetectionWouldNotHaveBeenUTF8Generic))
322 : (mForceAutoDetection
323 ? kCharsetFromFinalUserForcedAutoDetection
324 : (mDecodingLocalFileWithoutTokenizing
325 ? kCharsetFromFinalAutoDetectionFile
326 : kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8Generic));
327 if (source == kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8Generic) {
328 if (encoding == ISO_2022_JP_ENCODING) {
329 if (EncodingDetector::TldMayAffectGuess(mTLD)) {
330 source = kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8Content;
331 }
332 } else if (!mDetectorHasSeenNonAscii) {
333 source = kCharsetFromInitialAutoDetectionASCII; // deliberately Initial
334 } else if (ifHadBeenForced == UTF_8_ENCODING) {
335 MOZ_ASSERT(mCharsetSource == kCharsetFromInitialAutoDetectionASCII ||
336 mCharsetSource ==
337 kCharsetFromInitialAutoDetectionWouldHaveBeenUTF8 ||
338 mEncoding == ISO_2022_JP_ENCODING);
339 source = kCharsetFromFinalAutoDetectionWouldHaveBeenUTF8InitialWasASCII;
340 } else if (encoding != ifHadBeenForced) {
341 if (mCharsetSource == kCharsetFromInitialAutoDetectionASCII) {
342 source =
343 kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8DependedOnTLDInitialWasASCII;
344 } else {
345 source =
346 kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8DependedOnTLD;
347 }
348 } else if (EncodingDetector::TldMayAffectGuess(mTLD)) {
349 if (mCharsetSource == kCharsetFromInitialAutoDetectionASCII) {
350 source =
351 kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8ContentInitialWasASCII;
352 } else {
353 source = kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8Content;
354 }
355 } else if (mCharsetSource == kCharsetFromInitialAutoDetectionASCII) {
356 source =
357 kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8GenericInitialWasASCII;
358 }
359 } else if (source ==
360 kCharsetFromInitialAutoDetectionWouldNotHaveBeenUTF8Generic) {
361 if (encoding == ISO_2022_JP_ENCODING) {
362 if (EncodingDetector::TldMayAffectGuess(mTLD)) {
363 source = kCharsetFromInitialAutoDetectionWouldNotHaveBeenUTF8Content;
364 }
365 } else if (!mDetectorHasSeenNonAscii) {
366 source = kCharsetFromInitialAutoDetectionASCII;
367 } else if (ifHadBeenForced == UTF_8_ENCODING) {
368 source = kCharsetFromInitialAutoDetectionWouldHaveBeenUTF8;
369 } else if (encoding != ifHadBeenForced) {
370 source =
371 kCharsetFromInitialAutoDetectionWouldNotHaveBeenUTF8DependedOnTLD;
372 } else if (EncodingDetector::TldMayAffectGuess(mTLD)) {
373 source = kCharsetFromInitialAutoDetectionWouldNotHaveBeenUTF8Content;
374 }
375 }
376 return {encoding, source};
377 }
378
379 void nsHtml5StreamParser::FeedDetector(Span<const uint8_t> aBuffer) {
380 #ifdef DEBUG
381 mStartedFeedingDetector = true;
382 #endif
383 MOZ_ASSERT(!mChardetEof);
384 mDetectorHasSeenNonAscii = mDetector->Feed(aBuffer, false);
385 }
386
387 void nsHtml5StreamParser::DetectorEof() {
388 #ifdef DEBUG
389 mStartedFeedingDetector = true;
390 #endif
391 if (mChardetEof) {
392 return;
393 }
394 mChardetEof = true;
395 mDetectorHasSeenNonAscii = mDetector->Feed(Span<const uint8_t>(), true);
396 }
397
398 void nsHtml5StreamParser::SetViewSourceTitle(nsIURI* aURL) {
399 MOZ_ASSERT(NS_IsMainThread());
400
401 BrowsingContext* browsingContext =
402 mExecutor->GetDocument()->GetBrowsingContext();
403 if (browsingContext && browsingContext->WatchedByDevTools()) {
404 mURIToSendToDevtools = aURL;
405
406 nsID uuid;
407 nsresult rv = nsID::GenerateUUIDInPlace(uuid);
408 if (!NS_FAILED(rv)) {
409 char buffer[NSID_LENGTH];
410 uuid.ToProvidedString(buffer);
411 mUUIDForDevtools = NS_ConvertASCIItoUTF16(buffer);
412 }
413 }
414
415 if (aURL) {
416 nsCOMPtr<nsIURI> temp;
417 if (aURL->SchemeIs("view-source")) {
418 nsCOMPtr<nsINestedURI> nested = do_QueryInterface(aURL);
419 nested->GetInnerURI(getter_AddRefs(temp));
420 } else {
421 temp = aURL;
422 }
423 if (temp->SchemeIs("data")) {
424 // Avoid showing potentially huge data: URLs. The three last bytes are
425 // UTF-8 for an ellipsis.
426 mViewSourceTitle.AssignLiteral("data:\xE2\x80\xA6");
427 } else {
428 nsresult rv = temp->GetSpec(mViewSourceTitle);
429 if (NS_FAILED(rv)) {
430 mViewSourceTitle.AssignLiteral("\xE2\x80\xA6");
431 }
432 }
433 }
434 }
435
436 nsresult
437 nsHtml5StreamParser::SetupDecodingAndWriteSniffingBufferAndCurrentSegment(
438 Span<const uint8_t> aPrefix, Span<const uint8_t> aFromSegment) {
439 NS_ASSERTION(IsParserThread(), "Wrong thread!");
440 mUnicodeDecoder = mEncoding->NewDecoderWithBOMRemoval();
441 nsresult rv = WriteStreamBytes(aPrefix);
442 NS_ENSURE_SUCCESS(rv, rv);
443 return WriteStreamBytes(aFromSegment);
444 }
445
446 void nsHtml5StreamParser::SetupDecodingFromBom(
447 NotNull<const Encoding*> aEncoding) {
448 MOZ_ASSERT(IsParserThread(), "Wrong thread!");
449 mEncoding = aEncoding;
450 mDecodingLocalFileWithoutTokenizing = false;
451 mLookingForMetaCharset = false;
452 mBufferingBytes = false;
453 mUnicodeDecoder = mEncoding->NewDecoderWithoutBOMHandling();
454 mCharsetSource = kCharsetFromByteOrderMark;
455 mForceAutoDetection = false;
456 mTreeBuilder->SetDocumentCharset(mEncoding, mCharsetSource, false);
457 mBomState = BOM_SNIFFING_OVER;
458 if (mMode == VIEW_SOURCE_HTML) {
459 mTokenizer->StartViewSourceCharacters();
460 }
461 }
462
463 void nsHtml5StreamParser::SetupDecodingFromUtf16BogoXml(
464 NotNull<const Encoding*> aEncoding) {
465 MOZ_ASSERT(IsParserThread(), "Wrong thread!");
466 mEncoding = aEncoding;
467 mDecodingLocalFileWithoutTokenizing = false;
468 mLookingForMetaCharset = false;
469 mBufferingBytes = false;
470 mUnicodeDecoder = mEncoding->NewDecoderWithoutBOMHandling();
471 mCharsetSource = kCharsetFromXmlDeclarationUtf16;
472 mForceAutoDetection = false;
473 mTreeBuilder->SetDocumentCharset(mEncoding, mCharsetSource, false);
474 mBomState = BOM_SNIFFING_OVER;
475 if (mMode == VIEW_SOURCE_HTML) {
476 mTokenizer->StartViewSourceCharacters();
477 }
478 auto dst = mLastBuffer->TailAsSpan(READ_BUFFER_SIZE);
479 dst[0] = '<';
480 dst[1] = '?';
481 dst[2] = 'x';
482 mLastBuffer->AdvanceEnd(3);
483 MOZ_ASSERT(!mStartedFeedingDevTools);
484 OnNewContent(dst.To(3));
485 }
486
487 size_t nsHtml5StreamParser::LengthOfLtContainingPrefixInSecondBuffer() {
488 MOZ_ASSERT(mBufferedBytes.Length() <= 2);
489 if (mBufferedBytes.Length() < 2) {
490 return 0;
491 }
492 Buffer<uint8_t>& second = mBufferedBytes[1];
493 const uint8_t* elements = second.Elements();
494 const uint8_t* lt = (const uint8_t*)memchr(elements, '>', second.Length());
495 if (lt) {
496 return (lt - elements) + 1;
497 }
498 return 0;
499 }
500
501 nsresult nsHtml5StreamParser::SniffStreamBytes(Span<const uint8_t> aFromSegment,
502 bool aEof) {
503 MOZ_ASSERT(IsParserThread(), "Wrong thread!");
504 MOZ_ASSERT_IF(aEof, aFromSegment.IsEmpty());
505
506 if (mCharsetSource >=
507 kCharsetFromFinalAutoDetectionWouldHaveBeenUTF8InitialWasASCII &&
508 mCharsetSource <= kCharsetFromFinalUserForcedAutoDetection) {
509 if (mMode == PLAIN_TEXT || mMode == VIEW_SOURCE_PLAIN) {
510 mTreeBuilder->MaybeComplainAboutCharset("EncDetectorReloadPlain", true,
511 0);
512 } else {
513 mTreeBuilder->MaybeComplainAboutCharset("EncDetectorReload", true, 0);
514 }
515 }
516
517 // mEncoding and mCharsetSource potentially have come from channel or higher
518 // by now. If we find a BOM, SetupDecodingFromBom() will overwrite them.
519 // If we don't find a BOM, the previously set values of mEncoding and
520 // mCharsetSource are not modified by the BOM sniffing here.
521 static uint8_t utf8[] = {0xEF, 0xBB};
522 static uint8_t utf16le[] = {0xFF};
523 static uint8_t utf16be[] = {0xFE};
524 static uint8_t utf16leXml[] = {'<', 0x00, '?', 0x00, 'x'};
525 static uint8_t utf16beXml[] = {0x00, '<', 0x00, '?', 0x00};
526 // Buffer for replaying past bytes based on state machine state. If
527 // writing this from scratch, probably wouldn't do it this way, but
528 // let's keep the changes to a minimum.
529 const uint8_t* prefix = utf8;
530 size_t prefixLength = 0;
531 if (aEof && mBomState == BOM_SNIFFING_NOT_STARTED) {
532 // Avoid handling aEof in the BOM_SNIFFING_NOT_STARTED state below.
533 mBomState = BOM_SNIFFING_OVER;
534 }
535 for (size_t i = 0;
536 (i < aFromSegment.Length() && mBomState != BOM_SNIFFING_OVER) || aEof;
537 i++) {
538 switch (mBomState) {
539 case BOM_SNIFFING_NOT_STARTED:
540 MOZ_ASSERT(i == 0, "Bad BOM sniffing state.");
541 MOZ_ASSERT(!aEof, "Should have checked for aEof above!");
542 switch (aFromSegment[0]) {
543 case 0xEF:
544 mBomState = SEEN_UTF_8_FIRST_BYTE;
545 break;
546 case 0xFF:
547 mBomState = SEEN_UTF_16_LE_FIRST_BYTE;
548 break;
549 case 0xFE:
550 mBomState = SEEN_UTF_16_BE_FIRST_BYTE;
551 break;
552 case 0x00:
553 if (mCharsetSource < kCharsetFromXmlDeclarationUtf16 &&
554 mCharsetSource != kCharsetFromChannel) {
555 mBomState = SEEN_UTF_16_BE_XML_FIRST;
556 } else {
557 mBomState = BOM_SNIFFING_OVER;
558 }
559 break;
560 case '<':
561 if (mCharsetSource < kCharsetFromXmlDeclarationUtf16 &&
562 mCharsetSource != kCharsetFromChannel) {
563 mBomState = SEEN_UTF_16_LE_XML_FIRST;
564 } else {
565 mBomState = BOM_SNIFFING_OVER;
566 }
567 break;
568 default:
569 mBomState = BOM_SNIFFING_OVER;
570 break;
571 }
572 break;
573 case SEEN_UTF_16_LE_FIRST_BYTE:
574 if (!aEof && aFromSegment[i] == 0xFE) {
575 SetupDecodingFromBom(UTF_16LE_ENCODING);
576 return WriteStreamBytes(aFromSegment.From(i + 1));
577 }
578 prefix = utf16le;
579 prefixLength = 1 - i;
580 mBomState = BOM_SNIFFING_OVER;
581 break;
582 case SEEN_UTF_16_BE_FIRST_BYTE:
583 if (!aEof && aFromSegment[i] == 0xFF) {
584 SetupDecodingFromBom(UTF_16BE_ENCODING);
585 return WriteStreamBytes(aFromSegment.From(i + 1));
586 }
587 prefix = utf16be;
588 prefixLength = 1 - i;
589 mBomState = BOM_SNIFFING_OVER;
590 break;
591 case SEEN_UTF_8_FIRST_BYTE:
592 if (!aEof && aFromSegment[i] == 0xBB) {
593 mBomState = SEEN_UTF_8_SECOND_BYTE;
594 } else {
595 prefixLength = 1 - i;
596 mBomState = BOM_SNIFFING_OVER;
597 }
598 break;
599 case SEEN_UTF_8_SECOND_BYTE:
600 if (!aEof && aFromSegment[i] == 0xBF) {
601 SetupDecodingFromBom(UTF_8_ENCODING);
602 return WriteStreamBytes(aFromSegment.From(i + 1));
603 }
604 prefixLength = 2 - i;
605 mBomState = BOM_SNIFFING_OVER;
606 break;
607 case SEEN_UTF_16_BE_XML_FIRST:
608 if (!aEof && aFromSegment[i] == '<') {
609 mBomState = SEEN_UTF_16_BE_XML_SECOND;
610 } else {
611 prefix = utf16beXml;
612 prefixLength = 1 - i;
613 mBomState = BOM_SNIFFING_OVER;
614 }
615 break;
616 case SEEN_UTF_16_BE_XML_SECOND:
617 if (!aEof && aFromSegment[i] == 0x00) {
618 mBomState = SEEN_UTF_16_BE_XML_THIRD;
619 } else {
620 prefix = utf16beXml;
621 prefixLength = 2 - i;
622 mBomState = BOM_SNIFFING_OVER;
623 }
624 break;
625 case SEEN_UTF_16_BE_XML_THIRD:
626 if (!aEof && aFromSegment[i] == '?') {
627 mBomState = SEEN_UTF_16_BE_XML_FOURTH;
628 } else {
629 prefix = utf16beXml;
630 prefixLength = 3 - i;
631 mBomState = BOM_SNIFFING_OVER;
632 }
633 break;
634 case SEEN_UTF_16_BE_XML_FOURTH:
635 if (!aEof && aFromSegment[i] == 0x00) {
636 mBomState = SEEN_UTF_16_BE_XML_FIFTH;
637 } else {
638 prefix = utf16beXml;
639 prefixLength = 4 - i;
640 mBomState = BOM_SNIFFING_OVER;
641 }
642 break;
643 case SEEN_UTF_16_BE_XML_FIFTH:
644 if (!aEof && aFromSegment[i] == 'x') {
645 SetupDecodingFromUtf16BogoXml(UTF_16BE_ENCODING);
646 return WriteStreamBytes(aFromSegment.From(i + 1));
647 }
648 prefix = utf16beXml;
649 prefixLength = 5 - i;
650 mBomState = BOM_SNIFFING_OVER;
651 break;
652 case SEEN_UTF_16_LE_XML_FIRST:
653 if (!aEof && aFromSegment[i] == 0x00) {
654 mBomState = SEEN_UTF_16_LE_XML_SECOND;
655 } else {
656 if (!aEof && aFromSegment[i] == '?' &&
657 !(mMode == PLAIN_TEXT || mMode == VIEW_SOURCE_PLAIN)) {
658 mStartsWithLtQuestion = true;
659 }
660 prefix = utf16leXml;
661 prefixLength = 1 - i;
662 mBomState = BOM_SNIFFING_OVER;
663 }
664 break;
665 case SEEN_UTF_16_LE_XML_SECOND:
666 if (!aEof && aFromSegment[i] == '?') {
667 mBomState = SEEN_UTF_16_LE_XML_THIRD;
668 } else {
669 prefix = utf16leXml;
670 prefixLength = 2 - i;
671 mBomState = BOM_SNIFFING_OVER;
672 }
673 break;
674 case SEEN_UTF_16_LE_XML_THIRD:
675 if (!aEof && aFromSegment[i] == 0x00) {
676 mBomState = SEEN_UTF_16_LE_XML_FOURTH;
677 } else {
678 prefix = utf16leXml;
679 prefixLength = 3 - i;
680 mBomState = BOM_SNIFFING_OVER;
681 }
682 break;
683 case SEEN_UTF_16_LE_XML_FOURTH:
684 if (!aEof && aFromSegment[i] == 'x') {
685 mBomState = SEEN_UTF_16_LE_XML_FIFTH;
686 } else {
687 prefix = utf16leXml;
688 prefixLength = 4 - i;
689 mBomState = BOM_SNIFFING_OVER;
690 }
691 break;
692 case SEEN_UTF_16_LE_XML_FIFTH:
693 if (!aEof && aFromSegment[i] == 0x00) {
694 SetupDecodingFromUtf16BogoXml(UTF_16LE_ENCODING);
695 return WriteStreamBytes(aFromSegment.From(i + 1));
696 }
697 prefix = utf16leXml;
698 prefixLength = 5 - i;
699 mBomState = BOM_SNIFFING_OVER;
700 break;
701 default:
702 mBomState = BOM_SNIFFING_OVER;
703 break;
704 }
705 if (aEof) {
706 break;
707 }
708 }
709 // if we get here, there either was no BOM or the BOM sniffing isn't complete
710 // yet
711
712 MOZ_ASSERT(mCharsetSource != kCharsetFromByteOrderMark,
713 "Should not come here if BOM was found.");
714 MOZ_ASSERT(mCharsetSource != kCharsetFromXmlDeclarationUtf16,
715 "Should not come here if UTF-16 bogo-XML declaration was found.");
716 MOZ_ASSERT(mCharsetSource != kCharsetFromOtherComponent,
717 "kCharsetFromOtherComponent is for XSLT.");
718
719 if (mBomState == BOM_SNIFFING_OVER) {
720 if (mMode == VIEW_SOURCE_XML && mStartsWithLtQuestion &&
721 mCharsetSource < kCharsetFromChannel) {
722 // Sniff for XML declaration only.
723 MOZ_ASSERT(!mLookingForXmlDeclarationForXmlViewSource);
724 MOZ_ASSERT(!aEof);
725 MOZ_ASSERT(!mLookingForMetaCharset);
726 MOZ_ASSERT(!mDecodingLocalFileWithoutTokenizing);
727 // Maybe we've already buffered a '>'.
728 MOZ_ASSERT(!mBufferedBytes.IsEmpty(),
729 "How did at least <? not get buffered?");
730 Buffer<uint8_t>& first = mBufferedBytes[0];
731 const Encoding* encoding =
732 xmldecl_parse(first.Elements(), first.Length());
733 if (encoding) {
734 mEncoding = WrapNotNull(encoding);
735 mCharsetSource = kCharsetFromXmlDeclaration;
736 } else if (memchr(first.Elements(), '>', first.Length())) {
737 // There was a '>', but an encoding still wasn't found.
738 ; // fall through to commit to the UTF-8 default.
739 } else if (size_t lengthOfPrefix =
740 LengthOfLtContainingPrefixInSecondBuffer()) {
741 // This can only happen if the first buffer was a lone '<', because
742 // we come here upon seeing the second byte '?' if the first two bytes
743 // were "<?". That is, the only way how we aren't dealing with the first
744 // buffer is if the first buffer only contained a single '<' and we are
745 // dealing with the second buffer that starts with '?'.
746 MOZ_ASSERT(first.Length() == 1);
747 MOZ_ASSERT(mBufferedBytes[1][0] == '?');
748 // Our scanner for XML declaration-like syntax wants to see a contiguous
749 // buffer, so let's linearize the data. (Ideally, the XML declaration
750 // scanner would be incremental, but this is the rare path anyway.)
751 Vector<uint8_t> contiguous;
752 if (!contiguous.append(first.Elements(), first.Length())) {
753 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
754 return NS_ERROR_OUT_OF_MEMORY;
755 }
756 if (!contiguous.append(mBufferedBytes[1].Elements(), lengthOfPrefix)) {
757 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
758 return NS_ERROR_OUT_OF_MEMORY;
759 }
760 encoding = xmldecl_parse(contiguous.begin(), contiguous.length());
761 if (encoding) {
762 mEncoding = WrapNotNull(encoding);
763 mCharsetSource = kCharsetFromXmlDeclaration;
764 }
765 // else no XML decl, commit to the UTF-8 default.
766 } else {
767 MOZ_ASSERT(mBufferingBytes);
768 mLookingForXmlDeclarationForXmlViewSource = true;
769 return NS_OK;
770 }
771 } else if (mMode != VIEW_SOURCE_XML &&
772 (mForceAutoDetection || mCharsetSource < kCharsetFromChannel)) {
773 // In order to use the buffering logic for meta with mForceAutoDetection,
774 // we set mLookingForMetaCharset but still actually potentially ignore the
775 // meta.
776 mFirstBufferOfMetaScan = mFirstBuffer;
777 MOZ_ASSERT(mLookingForMetaCharset);
778
779 if (mMode == VIEW_SOURCE_HTML) {
780 auto r = mTokenizer->FlushViewSource();
781 if (r.isErr()) {
782 return r.unwrapErr();
783 }
784 }
785 auto r = mTreeBuilder->Flush();
786 if (r.isErr()) {
787 return r.unwrapErr();
788 }
789 // Encoding committer flushes the ops on the main thread.
790
791 mozilla::MutexAutoLock speculationAutoLock(mSpeculationMutex);
792 nsHtml5Speculation* speculation = new nsHtml5Speculation(
793 mFirstBuffer, mFirstBuffer->getStart(), mTokenizer->getLineNumber(),
794 mTokenizer->getColumnNumber(), mTreeBuilder->newSnapshot());
795 MOZ_ASSERT(!mFlushTimerArmed, "How did we end up arming the timer?");
796 if (mMode == VIEW_SOURCE_HTML) {
797 mTokenizer->SetViewSourceOpSink(speculation);
798 mTokenizer->StartViewSourceCharacters();
799 } else {
800 MOZ_ASSERT(mMode != VIEW_SOURCE_XML);
801 mTreeBuilder->SetOpSink(speculation);
802 }
803 mSpeculations.AppendElement(speculation); // adopts the pointer
804 mSpeculating = true;
805 } else {
806 mLookingForMetaCharset = false;
807 mBufferingBytes = false;
808 mDecodingLocalFileWithoutTokenizing = false;
809 if (mMode == VIEW_SOURCE_HTML) {
810 mTokenizer->StartViewSourceCharacters();
811 }
812 }
813 mTreeBuilder->SetDocumentCharset(mEncoding, mCharsetSource, false);
814 return SetupDecodingAndWriteSniffingBufferAndCurrentSegment(
815 Span(prefix, prefixLength), aFromSegment);
816 }
817
818 return NS_OK;
819 }
820
821 class AddContentRunnable : public Runnable {
822 public:
823 AddContentRunnable(const nsAString& aParserID, nsIURI* aURI,
824 Span<const char16_t> aData, bool aComplete)
825 : Runnable("AddContent") {
826 nsAutoCString spec;
827 aURI->GetSpec(spec);
828 mData.mUri.Construct(NS_ConvertUTF8toUTF16(spec));
829 mData.mParserID.Construct(aParserID);
830 mData.mContents.Construct(aData.Elements(), aData.Length());
831 mData.mComplete.Construct(aComplete);
832 }
833
834 NS_IMETHOD Run() override {
835 nsAutoString json;
836 if (!mData.ToJSON(json)) {
837 return NS_ERROR_FAILURE;
838 }
839
840 nsCOMPtr<nsIObserverService> obsService = services::GetObserverService();
841 if (obsService) {
842 obsService->NotifyObservers(nullptr, "devtools-html-content",
843 PromiseFlatString(json).get());
844 }
845
846 return NS_OK;
847 }
848
849 HTMLContent mData;
850 };
851
852 inline void nsHtml5StreamParser::OnNewContent(Span<const char16_t> aData) {
853 #ifdef DEBUG
854 mStartedFeedingDevTools = true;
855 #endif
856 if (mURIToSendToDevtools) {
857 if (aData.IsEmpty()) {
858 // Optimize out the runnable.
859 return;
860 }
861 NS_DispatchToMainThread(new AddContentRunnable(mUUIDForDevtools,
862 mURIToSendToDevtools, aData,
863 /* aComplete */ false));
864 }
865 }
866
867 inline void nsHtml5StreamParser::OnContentComplete() {
868 #ifdef DEBUG
869 mStartedFeedingDevTools = true;
870 #endif
871 if (mURIToSendToDevtools) {
872 NS_DispatchToMainThread(new AddContentRunnable(
873 mUUIDForDevtools, mURIToSendToDevtools, Span<const char16_t>(),
874 /* aComplete */ true));
875 mURIToSendToDevtools = nullptr;
876 }
877 }
878
879 nsresult nsHtml5StreamParser::WriteStreamBytes(
880 Span<const uint8_t> aFromSegment) {
881 NS_ASSERTION(IsParserThread(), "Wrong thread!");
882 mTokenizerMutex.AssertCurrentThreadOwns();
883 // mLastBuffer should always point to a buffer of the size
884 // READ_BUFFER_SIZE.
885 if (!mLastBuffer) {
886 NS_WARNING("mLastBuffer should not be null!");
887 MarkAsBroken(NS_ERROR_NULL_POINTER);
888 return NS_ERROR_NULL_POINTER;
889 }
890 size_t totalRead = 0;
891 auto src = aFromSegment;
892 for (;;) {
893 auto dst = mLastBuffer->TailAsSpan(READ_BUFFER_SIZE);
894 auto [result, read, written, hadErrors] =
895 mUnicodeDecoder->DecodeToUTF16(src, dst, false);
896 if (!(mLookingForMetaCharset || mDecodingLocalFileWithoutTokenizing)) {
897 OnNewContent(dst.To(written));
898 }
899 if (hadErrors && !mHasHadErrors) {
900 mHasHadErrors = true;
901 if (mEncoding == UTF_8_ENCODING) {
902 mTreeBuilder->TryToEnableEncodingMenu();
903 }
904 }
905 src = src.From(read);
906 totalRead += read;
907 mLastBuffer->AdvanceEnd(written);
908 if (result == kOutputFull) {
909 RefPtr<nsHtml5OwningUTF16Buffer> newBuf =
910 nsHtml5OwningUTF16Buffer::FalliblyCreate(READ_BUFFER_SIZE);
911 if (!newBuf) {
912 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
913 return NS_ERROR_OUT_OF_MEMORY;
914 }
915 mLastBuffer = (mLastBuffer->next = std::move(newBuf));
916 } else {
917 MOZ_ASSERT(totalRead == aFromSegment.Length(),
918 "The Unicode decoder consumed the wrong number of bytes.");
919 (void)totalRead;
920 if (!mLookingForMetaCharset && mDecodingLocalFileWithoutTokenizing &&
921 mNumBytesBuffered == LOCAL_FILE_UTF_8_BUFFER_SIZE) {
922 MOZ_ASSERT(!mStartedFeedingDetector);
923 for (auto&& buffer : mBufferedBytes) {
924 FeedDetector(buffer);
925 }
926 // If the file is exactly LOCAL_FILE_UTF_8_BUFFER_SIZE bytes long
927 // we end up not considering the EOF. That's not fatal, since we
928 // don't consider the EOF if the file is
929 // LOCAL_FILE_UTF_8_BUFFER_SIZE + 1 bytes long.
930 auto [encoding, source] = GuessEncoding(true);
931 mCharsetSource = source;
932 if (encoding != mEncoding) {
933 mEncoding = encoding;
934 nsresult rv = ReDecodeLocalFile();
935 if (NS_FAILED(rv)) {
936 return rv;
937 }
938 } else {
939 MOZ_ASSERT(mEncoding == UTF_8_ENCODING);
940 nsresult rv = CommitLocalFileToEncoding();
941 if (NS_FAILED(rv)) {
942 return rv;
943 }
944 }
945 }
946 return NS_OK;
947 }
948 }
949 }
950
951 [[nodiscard]] nsresult nsHtml5StreamParser::ReDecodeLocalFile() {
952 MOZ_ASSERT(mDecodingLocalFileWithoutTokenizing && !mLookingForMetaCharset);
953 MOZ_ASSERT(mFirstBufferOfMetaScan);
954 MOZ_ASSERT(mCharsetSource == kCharsetFromFinalAutoDetectionFile ||
955 (mForceAutoDetection &&
956 mCharsetSource == kCharsetFromInitialUserForcedAutoDetection));
957
958 DiscardMetaSpeculation();
959
960 MOZ_ASSERT(mEncoding != UTF_8_ENCODING);
961
962 mDecodingLocalFileWithoutTokenizing = false;
963
964 mEncoding->NewDecoderWithBOMRemovalInto(*mUnicodeDecoder);
965 mHasHadErrors = false;
966
967 // Throw away previous decoded data
968 mLastBuffer = mFirstBuffer;
969 mLastBuffer->next = nullptr;
970 mLastBuffer->setStart(0);
971 mLastBuffer->setEnd(0);
972
973 mBufferingBytes = false;
974 mForceAutoDetection = false; // To stop feeding the detector
975 mFirstBufferOfMetaScan = nullptr;
976
977 mTreeBuilder->SetDocumentCharset(mEncoding, mCharsetSource, true);
978
979 // Decode again
980 for (auto&& buffer : mBufferedBytes) {
981 DoDataAvailable(buffer);
982 }
983
984 if (mMode == VIEW_SOURCE_HTML) {
985 auto r = mTokenizer->FlushViewSource();
986 if (r.isErr()) {
987 return r.unwrapErr();
988 }
989 }
990 auto r = mTreeBuilder->Flush();
991 if (r.isErr()) {
992 return r.unwrapErr();
993 }
994 return NS_OK;
995 }
996
997 [[nodiscard]] nsresult nsHtml5StreamParser::CommitLocalFileToEncoding() {
998 MOZ_ASSERT(mDecodingLocalFileWithoutTokenizing && !mLookingForMetaCharset);
999 MOZ_ASSERT(mFirstBufferOfMetaScan);
1000 mDecodingLocalFileWithoutTokenizing = false;
1001 MOZ_ASSERT(mCharsetSource == kCharsetFromFinalAutoDetectionFile ||
1002 (mForceAutoDetection &&
1003 mCharsetSource == kCharsetFromInitialUserForcedAutoDetection));
1004 MOZ_ASSERT(mEncoding == UTF_8_ENCODING);
1005
1006 MOZ_ASSERT(!mStartedFeedingDevTools);
1007 if (mURIToSendToDevtools) {
1008 nsHtml5OwningUTF16Buffer* buffer = mFirstBufferOfMetaScan;
1009 while (buffer) {
1010 Span<const char16_t> data(buffer->getBuffer() + buffer->getStart(),
1011 buffer->getLength());
1012 OnNewContent(data);
1013 buffer = buffer->next;
1014 }
1015 }
1016
1017 mFirstBufferOfMetaScan = nullptr;
1018
1019 mBufferingBytes = false;
1020 mForceAutoDetection = false; // To stop feeding the detector
1021 mTreeBuilder->SetDocumentCharset(mEncoding, mCharsetSource, true);
1022 if (mMode == VIEW_SOURCE_HTML) {
1023 auto r = mTokenizer->FlushViewSource();
1024 if (r.isErr()) {
1025 return r.unwrapErr();
1026 }
1027 }
1028 auto r = mTreeBuilder->Flush();
1029 if (r.isErr()) {
1030 return r.unwrapErr();
1031 }
1032 return NS_OK;
1033 }
1034
1035 class MaybeRunCollector : public Runnable {
1036 public:
1037 explicit MaybeRunCollector(nsIDocShell* aDocShell)
1038 : Runnable("MaybeRunCollector"), mDocShell(aDocShell) {}
1039
1040 NS_IMETHOD Run() override {
1041 nsJSContext::MaybeRunNextCollectorSlice(mDocShell,
1042 JS::GCReason::HTML_PARSER);
1043 return NS_OK;
1044 }
1045
1046 nsCOMPtr<nsIDocShell> mDocShell;
1047 };
1048
1049 nsresult nsHtml5StreamParser::OnStartRequest(nsIRequest* aRequest) {
1050 MOZ_RELEASE_ASSERT(STREAM_NOT_STARTED == mStreamState,
1051 "Got OnStartRequest when the stream had already started.");
1052 MOZ_ASSERT(
1053 !mExecutor->HasStarted(),
1054 "Got OnStartRequest at the wrong stage in the executor life cycle.");
1055 MOZ_ASSERT(NS_IsMainThread(), "Wrong thread!");
1056
1057 // To avoid the cost of instantiating the detector when it's not needed,
1058 // let's instantiate only if we make it out of this method with the
1059 // intent to use it.
1060 auto detectorCreator = MakeScopeExit([&] {
1061 if ((mForceAutoDetection || mCharsetSource < kCharsetFromParentFrame) ||
1062 !(mMode == LOAD_AS_DATA || mMode == VIEW_SOURCE_XML)) {
1063 mDetector = mozilla::EncodingDetector::Create();
1064 }
1065 });
1066
1067 mRequest = aRequest;
1068
1069 mStreamState = STREAM_BEING_READ;
1070
1071 // For View Source, the parser should run with scripts "enabled" if a normal
1072 // load would have scripts enabled.
1073 bool scriptingEnabled =
1074 mMode == LOAD_AS_DATA ? false : mExecutor->IsScriptEnabled();
1075 mOwner->StartTokenizer(scriptingEnabled);
1076
1077 MOZ_ASSERT(!mDecodingLocalFileWithoutTokenizing);
1078 bool isSrcdoc = false;
1079 nsCOMPtr<nsIChannel> channel;
1080 nsresult rv = GetChannel(getter_AddRefs(channel));
1081 if (NS_SUCCEEDED(rv)) {
1082 isSrcdoc = NS_IsSrcdocChannel(channel);
1083 if (!isSrcdoc && mCharsetSource <= kCharsetFromFallback) {
1084 nsCOMPtr<nsIURI> originalURI;
1085 rv = channel->GetOriginalURI(getter_AddRefs(originalURI));
1086 if (NS_SUCCEEDED(rv)) {
1087 if (originalURI->SchemeIs("resource")) {
1088 mCharsetSource = kCharsetFromBuiltIn;
1089 mEncoding = UTF_8_ENCODING;
1090 mTreeBuilder->SetDocumentCharset(mEncoding, mCharsetSource, false);
1091 } else {
1092 nsCOMPtr<nsIURI> currentURI;
1093 rv = channel->GetURI(getter_AddRefs(currentURI));
1094 if (NS_SUCCEEDED(rv)) {
1095 nsCOMPtr<nsIURI> innermost = NS_GetInnermostURI(currentURI);
1096 if (innermost->SchemeIs("file")) {
1097 MOZ_ASSERT(mEncoding == UTF_8_ENCODING);
1098 if (!(mMode == LOAD_AS_DATA || mMode == VIEW_SOURCE_XML)) {
1099 mDecodingLocalFileWithoutTokenizing = true;
1100 }
1101 } else {
1102 nsAutoCString host;
1103 innermost->GetAsciiHost(host);
1104 if (!host.IsEmpty()) {
1105 // First let's see if the host is DNS-absolute and ends with a
1106 // dot and get rid of that one.
1107 if (host.Last() == '.') {
1108 host.SetLength(host.Length() - 1);
1109 }
1110 int32_t index = host.RFindChar('.');
1111 if (index != kNotFound) {
1112 // We tolerate an IPv4 component as generic "TLD", so don't
1113 // bother checking.
1114 ToLowerCase(
1115 Substring(host, index + 1, host.Length() - (index + 1)),
1116 mTLD);
1117 }
1118 }
1119 }
1120 }
1121 }
1122 }
1123 }
1124 }
1125 mTreeBuilder->setIsSrcdocDocument(isSrcdoc);
1126 mTreeBuilder->setScriptingEnabled(scriptingEnabled);
1127 mTreeBuilder->SetPreventScriptExecution(
1128 !((mMode == NORMAL) && scriptingEnabled));
1129 mTokenizer->start();
1130 mExecutor->Start();
1131 mExecutor->StartReadingFromStage();
1132
1133 if (mMode == PLAIN_TEXT) {
1134 mTreeBuilder->StartPlainText();
1135 mTokenizer->StartPlainText();
1136 MOZ_ASSERT(
1137 mTemplatePushedOrHeadPopped); // Needed to force 1024-byte sniffing
1138 // Flush the ops to put them where ContinueAfterScriptsOrEncodingCommitment
1139 // can find them.
1140 auto r = mTreeBuilder->Flush();
1141 if (r.isErr()) {
1142 return mExecutor->MarkAsBroken(r.unwrapErr());
1143 }
1144 } else if (mMode == VIEW_SOURCE_PLAIN) {
1145 nsAutoString viewSourceTitle;
1146 CopyUTF8toUTF16(mViewSourceTitle, viewSourceTitle);
1147 mTreeBuilder->EnsureBufferSpace(viewSourceTitle.Length());
1148 mTreeBuilder->StartPlainTextViewSource(viewSourceTitle);
1149 mTokenizer->StartPlainText();
1150 MOZ_ASSERT(
1151 mTemplatePushedOrHeadPopped); // Needed to force 1024-byte sniffing
1152 // Flush the ops to put them where ContinueAfterScriptsOrEncodingCommitment
1153 // can find them.
1154 auto r = mTreeBuilder->Flush();
1155 if (r.isErr()) {
1156 return mExecutor->MarkAsBroken(r.unwrapErr());
1157 }
1158 } else if (mMode == VIEW_SOURCE_HTML || mMode == VIEW_SOURCE_XML) {
1159 // Generate and flush the View Source document up to and including the
1160 // pre element start.
1161 mTokenizer->StartViewSource(NS_ConvertUTF8toUTF16(mViewSourceTitle));
1162 if (mMode == VIEW_SOURCE_XML) {
1163 mTokenizer->StartViewSourceCharacters();
1164 }
1165 // Flush the ops to put them where ContinueAfterScriptsOrEncodingCommitment
1166 // can find them.
1167 auto r = mTokenizer->FlushViewSource();
1168 if (r.isErr()) {
1169 return mExecutor->MarkAsBroken(r.unwrapErr());
1170 }
1171 }
1172
1173 /*
1174 * If you move the following line, be very careful not to cause
1175 * WillBuildModel to be called before the document has had its
1176 * script global object set.
1177 */
1178 rv = mExecutor->WillBuildModel();
1179 NS_ENSURE_SUCCESS(rv, rv);
1180
1181 RefPtr<nsHtml5OwningUTF16Buffer> newBuf =
1182 nsHtml5OwningUTF16Buffer::FalliblyCreate(READ_BUFFER_SIZE);
1183 if (!newBuf) {
1184 // marks this stream parser as terminated,
1185 // which prevents entry to code paths that
1186 // would use mFirstBuffer or mLastBuffer.
1187 return mExecutor->MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
1188 }
1189 MOZ_ASSERT(!mFirstBuffer, "How come we have the first buffer set?");
1190 MOZ_ASSERT(!mLastBuffer, "How come we have the last buffer set?");
1191 mFirstBuffer = mLastBuffer = newBuf;
1192
1193 rv = NS_OK;
1194
1195 mNetworkEventTarget =
1196 mExecutor->GetDocument()->EventTargetFor(TaskCategory::Network);
1197
1198 nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(mRequest, &rv));
1199 if (NS_SUCCEEDED(rv)) {
1200 // Non-HTTP channels are bogus enough that we let them work with unlabeled
1201 // runnables for now. Asserting for HTTP channels only.
1202 MOZ_ASSERT(mNetworkEventTarget || mMode == LOAD_AS_DATA,
1203 "How come the network event target is still null?");
1204
1205 nsAutoCString method;
1206 Unused << httpChannel->GetRequestMethod(method);
1207 // XXX does Necko have a way to renavigate POST, etc. without hitting
1208 // the network?
1209 if (!method.EqualsLiteral("GET")) {
1210 // This is the old Gecko behavior but the HTML5 spec disagrees.
1211 // Don't reparse on POST.
1212 mReparseForbidden = true;
1213 }
1214 }
1215
1216 // Attempt to retarget delivery of data (via OnDataAvailable) to the parser
1217 // thread, rather than through the main thread.
1218 nsCOMPtr<nsIThreadRetargetableRequest> threadRetargetableRequest =
1219 do_QueryInterface(mRequest, &rv);
1220 if (threadRetargetableRequest) {
1221 rv = threadRetargetableRequest->RetargetDeliveryTo(mEventTarget);
1222 if (NS_SUCCEEDED(rv)) {
1223 // Parser thread should be now ready to get data from necko and parse it
1224 // and main thread might have a chance to process a collector slice.
1225 // We need to do this asynchronously so that necko may continue processing
1226 // the request.
1227 nsCOMPtr<nsIRunnable> runnable =
1228 new MaybeRunCollector(mExecutor->GetDocument()->GetDocShell());
1229 mozilla::SchedulerGroup::Dispatch(
1230 mozilla::TaskCategory::GarbageCollection, runnable.forget());
1231 }
1232 }
1233
1234 if (NS_FAILED(rv)) {
1235 NS_WARNING("Failed to retarget HTML data delivery to the parser thread.");
1236 }
1237
1238 if (mCharsetSource == kCharsetFromParentFrame) {
1239 // Remember this for error reporting.
1240 mInitialEncodingWasFromParentFrame = true;
1241 MOZ_ASSERT(!mDecodingLocalFileWithoutTokenizing);
1242 }
1243
1244 if (mForceAutoDetection || mCharsetSource < kCharsetFromChannel) {
1245 mBufferingBytes = true;
1246 if (mMode != VIEW_SOURCE_XML) {
1247 // We need to set mLookingForMetaCharset to true here in case the first
1248 // buffer to arrive is larger than 1024. We need the code that splits
1249 // the buffers at 1024 bytes to work even in that case.
1250 mLookingForMetaCharset = true;
1251 }
1252 }
1253
1254 if (mCharsetSource < kCharsetFromUtf8OnlyMime) {
1255 // we aren't ready to commit to an encoding yet
1256 // leave converter uninstantiated for now
1257 return NS_OK;
1258 }
1259
1260 MOZ_ASSERT(!(mMode == VIEW_SOURCE_HTML || mMode == VIEW_SOURCE_XML));
1261
1262 MOZ_ASSERT(mEncoding == UTF_8_ENCODING,
1263 "How come UTF-8-only MIME type didn't set encoding to UTF-8?");
1264
1265 // We are loading JSON/WebVTT/etc. into a browsing context.
1266 // There's no need to remove the BOM manually here, because
1267 // the UTF-8 decoder removes it.
1268 mReparseForbidden = true;
1269 mForceAutoDetection = false;
1270
1271 // Instantiate the converter here to avoid BOM sniffing.
1272 mDecodingLocalFileWithoutTokenizing = false;
1273 mUnicodeDecoder = mEncoding->NewDecoderWithBOMRemoval();
1274 return NS_OK;
1275 }
1276
1277 void nsHtml5StreamParser::DoStopRequest() {
1278 MOZ_ASSERT(IsParserThread(), "Wrong thread!");
1279 MOZ_RELEASE_ASSERT(STREAM_BEING_READ == mStreamState,
1280 "Stream ended without being open.");
1281 mTokenizerMutex.AssertCurrentThreadOwns();
1282
1283 auto guard = MakeScopeExit([&] { OnContentComplete(); });
1284
1285 if (IsTerminated()) {
1286 return;
1287 }
1288
1289 if (MOZ_UNLIKELY(mLookingForXmlDeclarationForXmlViewSource)) {
1290 mLookingForXmlDeclarationForXmlViewSource = false;
1291 mBufferingBytes = false;
1292 mUnicodeDecoder = mEncoding->NewDecoderWithoutBOMHandling();
1293 mTreeBuilder->SetDocumentCharset(mEncoding, mCharsetSource, false);
1294
1295 for (auto&& buffer : mBufferedBytes) {
1296 nsresult rv = WriteStreamBytes(buffer);
1297 if (NS_FAILED(rv)) {
1298 MarkAsBroken(rv);
1299 return;
1300 }
1301 }
1302 } else if (!mUnicodeDecoder) {
1303 nsresult rv;
1304 if (NS_FAILED(rv = SniffStreamBytes(Span<const uint8_t>(), true))) {
1305 MarkAsBroken(rv);
1306 return;
1307 }
1308 }
1309
1310 MOZ_ASSERT(mUnicodeDecoder,
1311 "Should have a decoder after finalizing sniffing.");
1312
1313 // mLastBuffer should always point to a buffer of the size
1314 // READ_BUFFER_SIZE.
1315 if (!mLastBuffer) {
1316 NS_WARNING("mLastBuffer should not be null!");
1317 MarkAsBroken(NS_ERROR_NULL_POINTER);
1318 return;
1319 }
1320
1321 Span<uint8_t> src; // empty span
1322 for (;;) {
1323 auto dst = mLastBuffer->TailAsSpan(READ_BUFFER_SIZE);
1324 uint32_t result;
1325 size_t read;
1326 size_t written;
1327 bool hadErrors;
1328 // Do not use structured binding lest deal with [-Werror=unused-variable]
1329 std::tie(result, read, written, hadErrors) =
1330 mUnicodeDecoder->DecodeToUTF16(src, dst, true);
1331 if (!(mLookingForMetaCharset || mDecodingLocalFileWithoutTokenizing)) {
1332 OnNewContent(dst.To(written));
1333 }
1334 if (hadErrors) {
1335 mHasHadErrors = true;
1336 }
1337 MOZ_ASSERT(read == 0, "How come an empty span was read form?");
1338 mLastBuffer->AdvanceEnd(written);
1339 if (result == kOutputFull) {
1340 RefPtr<nsHtml5OwningUTF16Buffer> newBuf =
1341 nsHtml5OwningUTF16Buffer::FalliblyCreate(READ_BUFFER_SIZE);
1342 if (!newBuf) {
1343 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
1344 return;
1345 }
1346 mLastBuffer = (mLastBuffer->next = std::move(newBuf));
1347 } else {
1348 if (!mLookingForMetaCharset && mDecodingLocalFileWithoutTokenizing) {
1349 MOZ_ASSERT(mNumBytesBuffered < LOCAL_FILE_UTF_8_BUFFER_SIZE);
1350 MOZ_ASSERT(!mStartedFeedingDetector);
1351 for (auto&& buffer : mBufferedBytes) {
1352 FeedDetector(buffer);
1353 }
1354 MOZ_ASSERT(!mChardetEof);
1355 DetectorEof();
1356 auto [encoding, source] = GuessEncoding(true);
1357 mCharsetSource = source;
1358 if (encoding != mEncoding) {
1359 mEncoding = encoding;
1360 nsresult rv = ReDecodeLocalFile();
1361 if (NS_FAILED(rv)) {
1362 MarkAsBroken(rv);
1363 return;
1364 }
1365 DoStopRequest();
1366 return;
1367 }
1368 MOZ_ASSERT(mEncoding == UTF_8_ENCODING);
1369 nsresult rv = CommitLocalFileToEncoding();
1370 if (NS_FAILED(rv)) {
1371 MarkAsBroken(rv);
1372 return;
1373 }
1374 }
1375 break;
1376 }
1377 }
1378
1379 mStreamState = STREAM_ENDED;
1380
1381 if (IsTerminatedOrInterrupted()) {
1382 return;
1383 }
1384
1385 ParseAvailableData();
1386 }
1387
1388 class nsHtml5RequestStopper : public Runnable {
1389 private:
1390 nsHtml5StreamParserPtr mStreamParser;
1391
1392 public:
1393 explicit nsHtml5RequestStopper(nsHtml5StreamParser* aStreamParser)
1394 : Runnable("nsHtml5RequestStopper"), mStreamParser(aStreamParser) {}
1395 NS_IMETHOD Run() override {
1396 mozilla::MutexAutoLock autoLock(mStreamParser->mTokenizerMutex);
1397 mStreamParser->DoStopRequest();
1398 mStreamParser->PostLoadFlusher();
1399 return NS_OK;
1400 }
1401 };
1402
1403 nsresult nsHtml5StreamParser::OnStopRequest(nsIRequest* aRequest,
1404 nsresult status) {
1405 MOZ_ASSERT(mRequest == aRequest, "Got Stop on wrong stream.");
1406 MOZ_ASSERT(NS_IsMainThread(), "Wrong thread!");
1407 nsCOMPtr<nsIRunnable> stopper = new nsHtml5RequestStopper(this);
1408 if (NS_FAILED(mEventTarget->Dispatch(stopper, nsIThread::DISPATCH_NORMAL))) {
1409 NS_WARNING("Dispatching StopRequest event failed.");
1410 }
1411 return NS_OK;
1412 }
1413
1414 void nsHtml5StreamParser::DoDataAvailableBuffer(
1415 mozilla::Buffer<uint8_t>&& aBuffer) {
1416 if (MOZ_UNLIKELY(!mBufferingBytes)) {
1417 DoDataAvailable(aBuffer);
1418 return;
1419 }
1420 if (MOZ_UNLIKELY(mLookingForXmlDeclarationForXmlViewSource)) {
1421 const uint8_t* elements = aBuffer.Elements();
1422 size_t length = aBuffer.Length();
1423 const uint8_t* lt = (const uint8_t*)memchr(elements, '>', length);
1424 if (!lt) {
1425 mBufferedBytes.AppendElement(std::move(aBuffer));
1426 return;
1427 }
1428
1429 // We found an '>'. Now there either is or isn't an XML decl.
1430 length = (lt - elements) + 1;
1431 Vector<uint8_t> contiguous;
1432 for (auto&& buffer : mBufferedBytes) {
1433 if (!contiguous.append(buffer.Elements(), buffer.Length())) {
1434 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
1435 return;
1436 }
1437 }
1438 if (!contiguous.append(elements, length)) {
1439 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
1440 return;
1441 }
1442
1443 const Encoding* encoding =
1444 xmldecl_parse(contiguous.begin(), contiguous.length());
1445 if (encoding) {
1446 mEncoding = WrapNotNull(encoding);
1447 mCharsetSource = kCharsetFromXmlDeclaration;
1448 }
1449
1450 mLookingForXmlDeclarationForXmlViewSource = false;
1451 mBufferingBytes = false;
1452 mUnicodeDecoder = mEncoding->NewDecoderWithoutBOMHandling();
1453 mTreeBuilder->SetDocumentCharset(mEncoding, mCharsetSource, false);
1454
1455 for (auto&& buffer : mBufferedBytes) {
1456 DoDataAvailable(buffer);
1457 }
1458 DoDataAvailable(aBuffer);
1459 mBufferedBytes.Clear();
1460 return;
1461 }
1462 CheckedInt<size_t> bufferedPlusLength(aBuffer.Length());
1463 bufferedPlusLength += mNumBytesBuffered;
1464 if (!bufferedPlusLength.isValid()) {
1465 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
1466 return;
1467 }
1468 // Ensure that WriteStreamBytes() sees buffers ending
1469 // exactly at the two special boundaries.
1470 bool metaBoundaryWithinBuffer =
1471 mLookingForMetaCharset &&
1472 mNumBytesBuffered < UNCONDITIONAL_META_SCAN_BOUNDARY &&
1473 bufferedPlusLength.value() > UNCONDITIONAL_META_SCAN_BOUNDARY;
1474 bool localFileLimitWithinBuffer =
1475 mDecodingLocalFileWithoutTokenizing &&
1476 mNumBytesBuffered < LOCAL_FILE_UTF_8_BUFFER_SIZE &&
1477 bufferedPlusLength.value() > LOCAL_FILE_UTF_8_BUFFER_SIZE;
1478 if (!metaBoundaryWithinBuffer && !localFileLimitWithinBuffer) {
1479 // Truncation OK, because we just checked the range.
1480 mNumBytesBuffered = bufferedPlusLength.value();
1481 mBufferedBytes.AppendElement(std::move(aBuffer));
1482 DoDataAvailable(mBufferedBytes.LastElement());
1483 } else {
1484 MOZ_RELEASE_ASSERT(
1485 !(metaBoundaryWithinBuffer && localFileLimitWithinBuffer),
1486 "How can Necko give us a buffer this large?");
1487 size_t boundary = metaBoundaryWithinBuffer
1488 ? UNCONDITIONAL_META_SCAN_BOUNDARY
1489 : LOCAL_FILE_UTF_8_BUFFER_SIZE;
1490 // Truncation OK, because the constant is small enough.
1491 size_t overBoundary = bufferedPlusLength.value() - boundary;
1492 MOZ_RELEASE_ASSERT(overBoundary < aBuffer.Length());
1493 size_t untilBoundary = aBuffer.Length() - overBoundary;
1494 auto span = aBuffer.AsSpan();
1495 auto head = span.To(untilBoundary);
1496 auto tail = span.From(untilBoundary);
1497 MOZ_RELEASE_ASSERT(mNumBytesBuffered + untilBoundary == boundary);
1498 // The following copies may end up being useless, but optimizing
1499 // them away would add complexity.
1500 Maybe<Buffer<uint8_t>> maybeHead = Buffer<uint8_t>::CopyFrom(head);
1501 if (maybeHead.isNothing()) {
1502 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
1503 return;
1504 }
1505 mNumBytesBuffered = boundary;
1506 mBufferedBytes.AppendElement(std::move(*maybeHead));
1507 DoDataAvailable(mBufferedBytes.LastElement());
1508 // Re-decode may have happened here.
1509
1510 Maybe<Buffer<uint8_t>> maybeTail = Buffer<uint8_t>::CopyFrom(tail);
1511 if (maybeTail.isNothing()) {
1512 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
1513 return;
1514 }
1515 mNumBytesBuffered += tail.Length();
1516 mBufferedBytes.AppendElement(std::move(*maybeTail));
1517 DoDataAvailable(mBufferedBytes.LastElement());
1518 }
1519 // Do this clean-up here to avoid use-after-free when
1520 // DoDataAvailable is passed a span pointing into an
1521 // element of mBufferedBytes.
1522 if (!mBufferingBytes) {
1523 mBufferedBytes.Clear();
1524 }
1525 }
1526
1527 void nsHtml5StreamParser::DoDataAvailable(Span<const uint8_t> aBuffer) {
1528 MOZ_ASSERT(IsParserThread(), "Wrong thread!");
1529 MOZ_RELEASE_ASSERT(STREAM_BEING_READ == mStreamState,
1530 "DoDataAvailable called when stream not open.");
1531 mTokenizerMutex.AssertCurrentThreadOwns();
1532
1533 if (IsTerminated()) {
1534 return;
1535 }
1536
1537 nsresult rv;
1538 if (HasDecoder()) {
1539 if ((mForceAutoDetection || mCharsetSource < kCharsetFromParentFrame) &&
1540 !mBufferingBytes && !mReparseForbidden &&
1541 !(mMode == LOAD_AS_DATA || mMode == VIEW_SOURCE_XML)) {
1542 MOZ_ASSERT(!mDecodingLocalFileWithoutTokenizing,
1543 "How is mBufferingBytes false if "
1544 "mDecodingLocalFileWithoutTokenizing is true?");
1545 FeedDetector(aBuffer);
1546 }
1547 rv = WriteStreamBytes(aBuffer);
1548 } else {
1549 rv = SniffStreamBytes(aBuffer, false);
1550 }
1551 if (NS_FAILED(rv)) {
1552 MarkAsBroken(rv);
1553 return;
1554 }
1555
1556 if (IsTerminatedOrInterrupted()) {
1557 return;
1558 }
1559
1560 if (!mLookingForMetaCharset && mDecodingLocalFileWithoutTokenizing) {
1561 return;
1562 }
1563
1564 ParseAvailableData();
1565
1566 if (mBomState != BOM_SNIFFING_OVER || mFlushTimerArmed || mSpeculating) {
1567 return;
1568 }
1569
1570 {
1571 mozilla::MutexAutoLock flushTimerLock(mFlushTimerMutex);
1572 mFlushTimer->InitWithNamedFuncCallback(
1573 nsHtml5StreamParser::TimerCallback, static_cast<void*>(this),
1574 mFlushTimerEverFired ? StaticPrefs::html5_flushtimer_initialdelay()
1575 : StaticPrefs::html5_flushtimer_subsequentdelay(),
1576 nsITimer::TYPE_ONE_SHOT, "nsHtml5StreamParser::DoDataAvailable");
1577 }
1578 mFlushTimerArmed = true;
1579 }
1580
1581 class nsHtml5DataAvailable : public Runnable {
1582 private:
1583 nsHtml5StreamParserPtr mStreamParser;
1584 Buffer<uint8_t> mData;
1585
1586 public:
1587 nsHtml5DataAvailable(nsHtml5StreamParser* aStreamParser,
1588 Buffer<uint8_t>&& aData)
1589 : Runnable("nsHtml5DataAvailable"),
1590 mStreamParser(aStreamParser),
1591 mData(std::move(aData)) {}
1592 NS_IMETHOD Run() override {
1593 mozilla::MutexAutoLock autoLock(mStreamParser->mTokenizerMutex);
1594 mStreamParser->DoDataAvailableBuffer(std::move(mData));
1595 mStreamParser->PostLoadFlusher();
1596 return NS_OK;
1597 }
1598 };
1599
1600 nsresult nsHtml5StreamParser::OnDataAvailable(nsIRequest* aRequest,
1601 nsIInputStream* aInStream,
1602 uint64_t aSourceOffset,
1603 uint32_t aLength) {
1604 nsresult rv;
1605
1606 MOZ_ASSERT(mRequest == aRequest, "Got data on wrong stream.");
1607 uint32_t totalRead;
1608 // Main thread to parser thread dispatch requires copying to buffer first.
1609 if (MOZ_UNLIKELY(NS_IsMainThread())) {
1610 if (NS_FAILED(rv = mExecutor->IsBroken())) {
1611 return rv;
1612 }
1613 Maybe<Buffer<uint8_t>> maybe = Buffer<uint8_t>::Alloc(aLength);
1614 if (maybe.isNothing()) {
1615 return mExecutor->MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
1616 }
1617 Buffer<uint8_t> data(std::move(*maybe));
1618 rv = aInStream->Read(reinterpret_cast<char*>(data.Elements()),
1619 data.Length(), &totalRead);
1620 NS_ENSURE_SUCCESS(rv, rv);
1621 MOZ_ASSERT(totalRead == aLength);
1622
1623 nsCOMPtr<nsIRunnable> dataAvailable =
1624 new nsHtml5DataAvailable(this, std::move(data));
1625 if (NS_FAILED(mEventTarget->Dispatch(dataAvailable,
1626 nsIThread::DISPATCH_NORMAL))) {
1627 NS_WARNING("Dispatching DataAvailable event failed.");
1628 }
1629 return rv;
1630 }
1631
1632 MOZ_ASSERT(IsParserThread(), "Wrong thread!");
1633 mozilla::MutexAutoLock autoLock(mTokenizerMutex);
1634
1635 if (NS_FAILED(rv = mTreeBuilder->IsBroken())) {
1636 return rv;
1637 }
1638
1639 // Since we're getting OnDataAvailable directly on the parser thread,
1640 // there is no nsHtml5DataAvailable that would call PostLoadFlusher.
1641 // Hence, we need to call PostLoadFlusher() before this method returns.
1642 // Braces for RAII clarity relative to the mutex despite not being
1643 // strictly necessary.
1644 {
1645 auto speculationFlusher = MakeScopeExit([&] { PostLoadFlusher(); });
1646
1647 if (mBufferingBytes) {
1648 Maybe<Buffer<uint8_t>> maybe = Buffer<uint8_t>::Alloc(aLength);
1649 if (maybe.isNothing()) {
1650 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
1651 return NS_ERROR_OUT_OF_MEMORY;
1652 }
1653 Buffer<uint8_t> data(std::move(*maybe));
1654 rv = aInStream->Read(reinterpret_cast<char*>(data.Elements()),
1655 data.Length(), &totalRead);
1656 NS_ENSURE_SUCCESS(rv, rv);
1657 MOZ_ASSERT(totalRead == aLength);
1658 DoDataAvailableBuffer(std::move(data));
1659 return rv;
1660 }
1661 // Read directly from response buffer.
1662 rv = aInStream->ReadSegments(CopySegmentsToParser, this, aLength,
1663 &totalRead);
1664 NS_ENSURE_SUCCESS(rv, rv);
1665 MOZ_ASSERT(totalRead == aLength);
1666 return rv;
1667 }
1668 }
1669
1670 // Called under lock by function ptr
1671 /* static */
1672 nsresult nsHtml5StreamParser::CopySegmentsToParser(
1673 nsIInputStream* aInStream, void* aClosure, const char* aFromSegment,
1674 uint32_t aToOffset, uint32_t aCount,
1675 uint32_t* aWriteCount) MOZ_NO_THREAD_SAFETY_ANALYSIS {
1676 nsHtml5StreamParser* parser = static_cast<nsHtml5StreamParser*>(aClosure);
1677
1678 parser->DoDataAvailable(AsBytes(Span(aFromSegment, aCount)));
1679 // Assume DoDataAvailable consumed all available bytes.
1680 *aWriteCount = aCount;
1681 return NS_OK;
1682 }
1683
1684 const Encoding* nsHtml5StreamParser::PreferredForInternalEncodingDecl(
1685 const nsAString& aEncoding) {
1686 const Encoding* newEncoding = Encoding::ForLabel(aEncoding);
1687 if (!newEncoding) {
1688 // the encoding name is bogus
1689 mTreeBuilder->MaybeComplainAboutCharset("EncMetaUnsupported", true,
1690 mTokenizer->getLineNumber());
1691 return nullptr;
1692 }
1693
1694 if (newEncoding == UTF_16BE_ENCODING || newEncoding == UTF_16LE_ENCODING) {
1695 mTreeBuilder->MaybeComplainAboutCharset("EncMetaUtf16", true,
1696 mTokenizer->getLineNumber());
1697 newEncoding = UTF_8_ENCODING;
1698 }
1699
1700 if (newEncoding == X_USER_DEFINED_ENCODING) {
1701 // WebKit/Blink hack for Indian and Armenian legacy sites
1702 mTreeBuilder->MaybeComplainAboutCharset("EncMetaUserDefined", true,
1703 mTokenizer->getLineNumber());
1704 newEncoding = WINDOWS_1252_ENCODING;
1705 }
1706
1707 if (newEncoding == REPLACEMENT_ENCODING) {
1708 // No line number, because the replacement encoding doesn't allow
1709 // showing the lines.
1710 mTreeBuilder->MaybeComplainAboutCharset("EncMetaReplacement", true, 0);
1711 }
1712
1713 return newEncoding;
1714 }
1715
1716 bool nsHtml5StreamParser::internalEncodingDeclaration(nsHtml5String aEncoding) {
1717 MOZ_ASSERT(IsParserThread(), "Wrong thread!");
1718 if ((mCharsetSource >= kCharsetFromMetaTag &&
1719 mCharsetSource != kCharsetFromFinalAutoDetectionFile) ||
1720 mSeenEligibleMetaCharset) {
1721 return false;
1722 }
1723
1724 nsString newEncoding; // Not Auto, because using it to hold nsStringBuffer*
1725 aEncoding.ToString(newEncoding);
1726 auto encoding = PreferredForInternalEncodingDecl(newEncoding);
1727 if (!encoding) {
1728 return false;
1729 }
1730
1731 mSeenEligibleMetaCharset = true;
1732
1733 if (!mLookingForMetaCharset) {
1734 if (mInitialEncodingWasFromParentFrame) {
1735 mTreeBuilder->MaybeComplainAboutCharset("EncMetaTooLateFrame", true,
1736 mTokenizer->getLineNumber());
1737 } else {
1738 mTreeBuilder->MaybeComplainAboutCharset("EncMetaTooLate", true,
1739 mTokenizer->getLineNumber());
1740 }
1741 return false;
1742 }
1743 if (mTemplatePushedOrHeadPopped) {
1744 mTreeBuilder->MaybeComplainAboutCharset("EncMetaAfterHeadInKilobyte", false,
1745 mTokenizer->getLineNumber());
1746 }
1747
1748 if (mForceAutoDetection &&
1749 (encoding->IsAsciiCompatible() || encoding == ISO_2022_JP_ENCODING)) {
1750 return false;
1751 }
1752
1753 mNeedsEncodingSwitchTo = encoding;
1754 mEncodingSwitchSource = kCharsetFromMetaTag;
1755 return true;
1756 }
1757
1758 bool nsHtml5StreamParser::TemplatePushedOrHeadPopped() {
1759 MOZ_ASSERT(
1760 IsParserThread() || mMode == PLAIN_TEXT || mMode == VIEW_SOURCE_PLAIN,
1761 "Wrong thread!");
1762 mTemplatePushedOrHeadPopped = true;
1763 return mNumBytesBuffered >= UNCONDITIONAL_META_SCAN_BOUNDARY;
1764 }
1765
1766 void nsHtml5StreamParser::RememberGt(int32_t aPos) {
1767 if (mLookingForMetaCharset) {
1768 mGtBuffer = mFirstBuffer;
1769 mGtPos = aPos;
1770 }
1771 }
1772
1773 void nsHtml5StreamParser::PostLoadFlusher() {
1774 MOZ_ASSERT(IsParserThread(), "Wrong thread!");
1775 mTokenizerMutex.AssertCurrentThreadOwns();
1776
1777 mTreeBuilder->FlushLoads();
1778 // Dispatch this runnable unconditionally, because the loads
1779 // that need flushing may have been flushed earlier even if the
1780 // flush right above here did nothing. (Is this still true?)
1781 nsCOMPtr<nsIRunnable> runnable(mLoadFlusher);
1782 if (NS_FAILED(
1783 DispatchToMain(CreateRenderBlockingRunnable(runnable.forget())))) {
1784 NS_WARNING("failed to dispatch load flush event");
1785 }
1786
1787 if ((mMode == VIEW_SOURCE_HTML || mMode == VIEW_SOURCE_XML) &&
1788 mTokenizer->ShouldFlushViewSource()) {
1789 auto r = mTreeBuilder->Flush(); // delete useless ops
1790 MOZ_ASSERT(r.isOk(), "Should have null sink with View Source");
1791 r = mTokenizer->FlushViewSource();
1792 if (r.isErr()) {
1793 MarkAsBroken(r.unwrapErr());
1794 return;
1795 }
1796 if (r.unwrap()) {
1797 nsCOMPtr<nsIRunnable> runnable(mExecutorFlusher);
1798 if (NS_FAILED(DispatchToMain(runnable.forget()))) {
1799 NS_WARNING("failed to dispatch executor flush event");
1800 }
1801 }
1802 }
1803 }
1804
1805 void nsHtml5StreamParser::FlushTreeOpsAndDisarmTimer() {
1806 MOZ_ASSERT(IsParserThread(), "Wrong thread!");
1807 if (mFlushTimerArmed) {
1808 // avoid calling Cancel if the flush timer isn't armed to avoid acquiring
1809 // a mutex
1810 {
1811 mozilla::MutexAutoLock flushTimerLock(mFlushTimerMutex);
1812 mFlushTimer->Cancel();
1813 }
1814 mFlushTimerArmed = false;
1815 }
1816 if (mMode == VIEW_SOURCE_HTML || mMode == VIEW_SOURCE_XML) {
1817 auto r = mTokenizer->FlushViewSource();
1818 if (r.isErr()) {
1819 MarkAsBroken(r.unwrapErr());
1820 }
1821 }
1822 auto r = mTreeBuilder->Flush();
1823 if (r.isErr()) {
1824 MarkAsBroken(r.unwrapErr());
1825 }
1826 nsCOMPtr<nsIRunnable> runnable(mExecutorFlusher);
1827 if (NS_FAILED(DispatchToMain(runnable.forget()))) {
1828 NS_WARNING("failed to dispatch executor flush event");
1829 }
1830 }
1831
1832 void nsHtml5StreamParser::SwitchDecoderIfAsciiSoFar(
1833 NotNull<const Encoding*> aEncoding) {
1834 if (mEncoding == aEncoding) {
1835 MOZ_ASSERT(!mStartedFeedingDevTools);
1836 // Report all already-decoded buffers to the dev tools if needed.
1837 if (mURIToSendToDevtools) {
1838 nsHtml5OwningUTF16Buffer* buffer = mFirstBufferOfMetaScan;
1839 while (buffer) {
1840 auto s = Span(buffer->getBuffer(), buffer->getEnd());
1841 OnNewContent(s);
1842 buffer = buffer->next;
1843 }
1844 }
1845 return;
1846 }
1847 if (!mEncoding->IsAsciiCompatible() || !aEncoding->IsAsciiCompatible()) {
1848 return;
1849 }
1850 size_t numAscii = 0;
1851 MOZ_ASSERT(mFirstBufferOfMetaScan,
1852 "Why did we come here without starting meta scan?");
1853 nsHtml5OwningUTF16Buffer* buffer = mFirstBufferOfMetaScan;
1854 while (buffer != mFirstBuffer) {
1855 MOZ_ASSERT(buffer, "mFirstBuffer should have acted as sentinel!");
1856 MOZ_ASSERT(buffer->getStart() == buffer->getEnd(),
1857 "Why wasn't an early buffer fully consumed?");
1858 auto s = Span(buffer->getBuffer(), buffer->getStart());
1859 if (!IsAscii(s)) {
1860 return;
1861 }
1862 numAscii += s.Length();
1863 buffer = buffer->next;
1864 }
1865 auto s = Span(mFirstBuffer->getBuffer(), mFirstBuffer->getStart());
1866 if (!IsAscii(s)) {
1867 return;
1868 }
1869 numAscii += s.Length();
1870
1871 MOZ_ASSERT(!mStartedFeedingDevTools);
1872 // Report the ASCII prefix to dev tools if needed
1873 if (mURIToSendToDevtools) {
1874 buffer = mFirstBufferOfMetaScan;
1875 while (buffer != mFirstBuffer) {
1876 MOZ_ASSERT(buffer, "mFirstBuffer should have acted as sentinel!");
1877 MOZ_ASSERT(buffer->getStart() == buffer->getEnd(),
1878 "Why wasn't an early buffer fully consumed?");
1879 auto s = Span(buffer->getBuffer(), buffer->getStart());
1880 OnNewContent(s);
1881 buffer = buffer->next;
1882 }
1883 auto s = Span(mFirstBuffer->getBuffer(), mFirstBuffer->getStart());
1884 OnNewContent(s);
1885 }
1886
1887 // Success! Now let's get rid of the already-decoded but not tokenized data:
1888 mFirstBuffer->setEnd(mFirstBuffer->getStart());
1889 mLastBuffer = mFirstBuffer;
1890 mFirstBuffer->next = nullptr;
1891
1892 // Note: We could have scanned further for ASCII, which could avoid some
1893 // buffer deallocation and reallocation. However, chances are that if we got
1894 // until meta without non-ASCII before, there's going to be a title with
1895 // non-ASCII soon after anyway, so let's avoid the complexity of finding out.
1896
1897 MOZ_ASSERT(mUnicodeDecoder, "How come we scanned meta without a decoder?");
1898 mEncoding = aEncoding;
1899 mEncoding->NewDecoderWithoutBOMHandlingInto(*mUnicodeDecoder);
1900 mHasHadErrors = false;
1901
1902 MOZ_ASSERT(!mDecodingLocalFileWithoutTokenizing,
1903 "Must have set mDecodingLocalFileWithoutTokenizing to false to "
1904 "report data to dev tools below");
1905 MOZ_ASSERT(!mLookingForMetaCharset,
1906 "Must have set mLookingForMetaCharset to false to report data to "
1907 "dev tools below");
1908
1909 // Now skip over as many bytes and redecode the tail of the
1910 // buffered bytes.
1911 size_t skipped = 0;
1912 for (auto&& buffer : mBufferedBytes) {
1913 size_t nextSkipped = skipped + buffer.Length();
1914 if (nextSkipped <= numAscii) {
1915 skipped = nextSkipped;
1916 continue;
1917 }
1918 if (skipped >= numAscii) {
1919 WriteStreamBytes(buffer);
1920 skipped = nextSkipped;
1921 continue;
1922 }
1923 size_t tailLength = nextSkipped - numAscii;
1924 WriteStreamBytes(Span<uint8_t>(buffer).From(buffer.Length() - tailLength));
1925 skipped = nextSkipped;
1926 }
1927 }
1928
1929 size_t nsHtml5StreamParser::CountGts() {
1930 if (!mGtBuffer) {
1931 return 0;
1932 }
1933 size_t gts = 0;
1934 nsHtml5OwningUTF16Buffer* buffer = mFirstBufferOfMetaScan;
1935 for (;;) {
1936 MOZ_ASSERT(buffer, "How did we walk past mGtBuffer?");
1937 char16_t* buf = buffer->getBuffer();
1938 if (buffer == mGtBuffer) {
1939 for (int32_t i = 0; i <= mGtPos; ++i) {
1940 if (buf[i] == u'>') {
1941 ++gts;
1942 }
1943 }
1944 break;
1945 }
1946 for (int32_t i = 0; i < buffer->getEnd(); ++i) {
1947 if (buf[i] == u'>') {
1948 ++gts;
1949 }
1950 }
1951 buffer = buffer->next;
1952 }
1953 return gts;
1954 }
1955
1956 void nsHtml5StreamParser::DiscardMetaSpeculation() {
1957 mozilla::MutexAutoLock speculationAutoLock(mSpeculationMutex);
1958 // Rewind the stream
1959 MOZ_ASSERT(!mAtEOF, "How did we end up setting this?");
1960 mTokenizer->resetToDataState();
1961 mTokenizer->setLineNumber(1);
1962 mLastWasCR = false;
1963
1964 if (mMode == PLAIN_TEXT || mMode == VIEW_SOURCE_PLAIN) {
1965 // resetToDataState() above logically rewinds to the state before
1966 // the plain text start, so we need to start plain text again to
1967 // put the tokenizer into the plain text state.
1968 mTokenizer->StartPlainText();
1969 }
1970
1971 mFirstBuffer = mLastBuffer;
1972 mFirstBuffer->setStart(0);
1973 mFirstBuffer->setEnd(0);
1974 mFirstBuffer->next = nullptr;
1975
1976 mTreeBuilder->flushCharacters(); // empty the pending buffer
1977 mTreeBuilder->ClearOps(); // now get rid of the failed ops
1978
1979 if (mMode == VIEW_SOURCE_HTML) {
1980 mTokenizer->RewindViewSource();
1981 }
1982
1983 {
1984 // We know that this resets the tree builder back to the start state.
1985 // This must happen _after_ the flushCharacters() call above!
1986 const auto& speculation = mSpeculations.ElementAt(0);
1987 mTreeBuilder->loadState(speculation->GetSnapshot());
1988 }
1989
1990 // Experimentation suggests that we don't need to do anything special
1991 // for ignoring the leading LF in View Source here.
1992
1993 mSpeculations.Clear(); // potentially a huge number of destructors
1994 // run here synchronously...
1995
1996 // Now set up a new speculation for the main thread to find.
1997 // Note that we stay in the speculating state, because the main thread
1998 // knows how to come out of that state and this thread does not.
1999
2000 nsHtml5Speculation* speculation = new nsHtml5Speculation(
2001 mFirstBuffer, mFirstBuffer->getStart(), mTokenizer->getLineNumber(),
2002 mTokenizer->getColumnNumber(), mTreeBuilder->newSnapshot());
2003 MOZ_ASSERT(!mFlushTimerArmed, "How did we end up arming the timer?");
2004 if (mMode == VIEW_SOURCE_HTML) {
2005 mTokenizer->SetViewSourceOpSink(speculation);
2006 mTokenizer->StartViewSourceCharacters();
2007 } else {
2008 MOZ_ASSERT(mMode != VIEW_SOURCE_XML);
2009 mTreeBuilder->SetOpSink(speculation);
2010 }
2011 mSpeculations.AppendElement(speculation); // adopts the pointer
2012 MOZ_ASSERT(mSpeculating, "How did we end speculating?");
2013 }
2014
2015 /*
2016 * The general idea is to match WebKit and Blink exactly for meta
2017 * scan except:
2018 *
2019 * 1. WebKit and Blink look for meta as if scripting was disabled
2020 * for `noscript` purposes. This implementation matches the
2021 * `noscript` treatment of the observable DOM building (in order
2022 * to be able to use the same tree builder run).
2023 * 2. WebKit and Blink look for meta as if the foreign content
2024 * feedback from the tree builder to the tokenizer didn't exist.
2025 * This implementation considers the foreign content rules in
2026 * order to be able to use the same tree builder run for meta
2027 * and the observable DOM building. Note that since <svg> and
2028 * <math> imply the end of head, this only matters for meta after
2029 * head but starting within the 1024-byte zone.
2030 *
2031 * Template is treated specially, because that WebKit/Blink behavior
2032 * is easy to emulate unlike the above two exceptions. In general,
2033 * the meta scan token handler in WebKit and Blink behaves as if there
2034 * was a scripting-disabled tree builder predating the introduction
2035 * of foreign content and template.
2036 *
2037 * Meta is honored if it _starts_ within the first 1024 kilobytes or,
2038 * if by the 1024-byte boundary head hasn't ended and a template
2039 * element hasn't started, a meta occurs before the first of the head
2040 * ending or a template element starting.
2041 *
2042 * If a meta isn't honored according to the above definition, and
2043 * we aren't dealing with plain text, the buffered bytes, which by
2044 * now have to contain `>` character unless we encountered EOF, are
2045 * scanned for syntax resembling an XML declaration.
2046 *
2047 * If neither a meta nor syntax resembling an XML declaration has
2048 * been honored and we aren't inheriting the encoding from a
2049 * same-origin parent or parsing for XHR, chardetng is used.
2050 * chardetng runs first for the part of the document that was searched
2051 * for meta and then at EOF. The part searched for meta is defined as
2052 * follows in order to avoid network buffer boundary-dependent
2053 * behavior:
2054 *
2055 * 1. At least the first 1024 bytes. (This is what happens for plain
2056 * text.)
2057 * 2. If the 1024-byte boundary is within a tag, comment, doctype,
2058 * or CDATA section, at least up to the end of that token or CDATA
2059 * section. (Exception: If the 1024-byte boundary is in an RCDATA
2060 * end tag that hasn't yet been decided to be an end tag, the
2061 * token is not considered.)
2062 * 3. If at the 1024-byte boundary, head hasn't ended and there hasn't
2063 * been a template tag, up to the end of the first template tag
2064 * or token ending the head, whichever comes first.
2065 * 4. Except if head is ended by a text token, only to the end of the
2066 * most recent tag, comment, or doctype token. (Because text is
2067 * coalesced, so it would be harder to correlate the text to the
2068 * bytes.)
2069 *
2070 * An encoding-related reload is still possible if chardetng's guess
2071 * at EOF differs from its initial guess.
2072 */
2073 bool nsHtml5StreamParser::ProcessLookingForMetaCharset(bool aEof) {
2074 MOZ_ASSERT(mBomState == BOM_SNIFFING_OVER);
2075 MOZ_ASSERT(mMode != VIEW_SOURCE_XML);
2076 bool rewound = false;
2077 MOZ_ASSERT(mForceAutoDetection ||
2078 mCharsetSource < kCharsetFromInitialAutoDetectionASCII ||
2079 mCharsetSource == kCharsetFromParentFrame,
2080 "Why are we looking for meta charset if we've seen it?");
2081 // NOTE! We may come here multiple times with
2082 // mNumBytesBuffered == UNCONDITIONAL_META_SCAN_BOUNDARY
2083 // if the tokenizer suspends multiple times after decoding has reached
2084 // mNumBytesBuffered == UNCONDITIONAL_META_SCAN_BOUNDARY. That's why
2085 // we need to also check whether the we are at the end of the last
2086 // decoded buffer.
2087 // Note that DoDataAvailableBuffer() ensures that the code here has
2088 // the opportunity to run at the exact UNCONDITIONAL_META_SCAN_BOUNDARY
2089 // even if there isn't a network buffer boundary there.
2090 bool atKilobyte = false;
2091 if ((mNumBytesBuffered == UNCONDITIONAL_META_SCAN_BOUNDARY &&
2092 mFirstBuffer == mLastBuffer && !mFirstBuffer->hasMore())) {
2093 atKilobyte = true;
2094 mTokenizer->AtKilobyteBoundary();
2095 }
2096 if (!mNeedsEncodingSwitchTo &&
2097 (aEof || (mTemplatePushedOrHeadPopped &&
2098 !mTokenizer->IsInTokenStartedAtKilobyteBoundary() &&
2099 (atKilobyte ||
2100 mNumBytesBuffered > UNCONDITIONAL_META_SCAN_BOUNDARY)))) {
2101 // meta charset was not found
2102 mLookingForMetaCharset = false;
2103 if (mStartsWithLtQuestion && mCharsetSource < kCharsetFromXmlDeclaration) {
2104 // Look for bogo XML declaration.
2105 // Search the first buffer in the hope that '>' is within it.
2106 MOZ_ASSERT(!mBufferedBytes.IsEmpty(),
2107 "How did at least <? not get buffered?");
2108 Buffer<uint8_t>& first = mBufferedBytes[0];
2109 const Encoding* encoding =
2110 xmldecl_parse(first.Elements(), first.Length());
2111 if (!encoding) {
2112 // Our bogo XML declaration scanner wants to see a contiguous buffer, so
2113 // let's linearize the data. (Ideally, the XML declaration scanner would
2114 // be incremental, but this is the rare path anyway.)
2115 Vector<uint8_t> contiguous;
2116 if (!contiguous.append(first.Elements(), first.Length())) {
2117 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
2118 return false;
2119 }
2120 for (size_t i = 1; i < mBufferedBytes.Length(); ++i) {
2121 Buffer<uint8_t>& buffer = mBufferedBytes[i];
2122 const uint8_t* elements = buffer.Elements();
2123 size_t length = buffer.Length();
2124 const uint8_t* lt = (const uint8_t*)memchr(elements, '>', length);
2125 bool stop = false;
2126 if (lt) {
2127 length = (lt - elements) + 1;
2128 stop = true;
2129 }
2130 if (!contiguous.append(elements, length)) {
2131 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
2132 return false;
2133 }
2134 if (stop) {
2135 // Avoid linearizing all buffered bytes unnecessarily.
2136 break;
2137 }
2138 }
2139 encoding = xmldecl_parse(contiguous.begin(), contiguous.length());
2140 }
2141 if (encoding) {
2142 if (!(mForceAutoDetection && (encoding->IsAsciiCompatible() ||
2143 encoding == ISO_2022_JP_ENCODING))) {
2144 mForceAutoDetection = false;
2145 mNeedsEncodingSwitchTo = encoding;
2146 mEncodingSwitchSource = kCharsetFromXmlDeclaration;
2147 }
2148 }
2149 }
2150 // Check again in case we found an encoding in the bogo XML declaration.
2151 if (!mNeedsEncodingSwitchTo &&
2152 (mForceAutoDetection ||
2153 mCharsetSource < kCharsetFromInitialAutoDetectionASCII) &&
2154 !(mMode == LOAD_AS_DATA || mMode == VIEW_SOURCE_XML) &&
2155 !(mDecodingLocalFileWithoutTokenizing && !aEof &&
2156 mNumBytesBuffered <= LOCAL_FILE_UTF_8_BUFFER_SIZE)) {
2157 MOZ_ASSERT(!mStartedFeedingDetector);
2158 if (mNumBytesBuffered == UNCONDITIONAL_META_SCAN_BOUNDARY || aEof) {
2159 // We know that all the buffered bytes have been tokenized, so feed
2160 // them all to chardetng.
2161 for (auto&& buffer : mBufferedBytes) {
2162 FeedDetector(buffer);
2163 }
2164 if (aEof) {
2165 MOZ_ASSERT(!mChardetEof);
2166 DetectorEof();
2167 }
2168 auto [encoding, source] = GuessEncoding(true);
2169 mNeedsEncodingSwitchTo = encoding;
2170 mEncodingSwitchSource = source;
2171 } else if (mNumBytesBuffered > UNCONDITIONAL_META_SCAN_BOUNDARY) {
2172 size_t gtsLeftToFind = CountGts();
2173 size_t bytesSeen = 0;
2174 // We sync the bytes to the UTF-16 code units seen to avoid depending
2175 // on network buffer boundaries. We do the syncing by counting '>'
2176 // bytes / code units. However, we always scan at least 1024 bytes.
2177 // The 1024-byte boundary is guaranteed to be between buffers.
2178 // The guarantee is implemented in DoDataAvailableBuffer().
2179 for (auto&& buffer : mBufferedBytes) {
2180 if (!mNeedsEncodingSwitchTo) {
2181 if (gtsLeftToFind) {
2182 auto span = buffer.AsSpan();
2183 bool feed = true;
2184 for (size_t i = 0; i < span.Length(); ++i) {
2185 if (span[i] == uint8_t('>')) {
2186 --gtsLeftToFind;
2187 if (!gtsLeftToFind) {
2188 if (bytesSeen < UNCONDITIONAL_META_SCAN_BOUNDARY) {
2189 break;
2190 }
2191 ++i; // Skip the gt
2192 FeedDetector(span.To(i));
2193 auto [encoding, source] = GuessEncoding(true);
2194 mNeedsEncodingSwitchTo = encoding;
2195 mEncodingSwitchSource = source;
2196 FeedDetector(span.From(i));
2197 bytesSeen += buffer.Length();
2198 // No need to update bytesSeen anymore, but let's do it for
2199 // debugging.
2200 // We should do `continue outer;` but C++ can't.
2201 feed = false;
2202 break;
2203 }
2204 }
2205 }
2206 if (feed) {
2207 FeedDetector(buffer);
2208 bytesSeen += buffer.Length();
2209 }
2210 continue;
2211 }
2212 if (bytesSeen == UNCONDITIONAL_META_SCAN_BOUNDARY) {
2213 auto [encoding, source] = GuessEncoding(true);
2214 mNeedsEncodingSwitchTo = encoding;
2215 mEncodingSwitchSource = source;
2216 }
2217 }
2218 FeedDetector(buffer);
2219 bytesSeen += buffer.Length();
2220 }
2221 }
2222 MOZ_ASSERT(mNeedsEncodingSwitchTo,
2223 "How come we didn't call GuessEncoding()?");
2224 }
2225 }
2226 if (mNeedsEncodingSwitchTo) {
2227 mDecodingLocalFileWithoutTokenizing = false;
2228 mLookingForMetaCharset = false;
2229
2230 auto needsEncodingSwitchTo = WrapNotNull(mNeedsEncodingSwitchTo);
2231 mNeedsEncodingSwitchTo = nullptr;
2232
2233 SwitchDecoderIfAsciiSoFar(needsEncodingSwitchTo);
2234 // The above line may have changed mEncoding so that mEncoding equals
2235 // needsEncodingSwitchTo.
2236
2237 mCharsetSource = mEncodingSwitchSource;
2238
2239 if (mMode == VIEW_SOURCE_HTML) {
2240 auto r = mTokenizer->FlushViewSource();
2241 if (r.isErr()) {
2242 MarkAsBroken(r.unwrapErr());
2243 return false;
2244 }
2245 }
2246 auto r = mTreeBuilder->Flush();
2247 if (r.isErr()) {
2248 MarkAsBroken(r.unwrapErr());
2249 return false;
2250 }
2251
2252 if (mEncoding != needsEncodingSwitchTo) {
2253 // Speculation failed
2254 rewound = true;
2255
2256 if (mEncoding == ISO_2022_JP_ENCODING ||
2257 needsEncodingSwitchTo == ISO_2022_JP_ENCODING) {
2258 // Chances are no Web author will fix anything due to this message, so
2259 // this is here to help understanding issues when debugging sites made
2260 // by someone else.
2261 mTreeBuilder->MaybeComplainAboutCharset("EncSpeculationFail2022", false,
2262 mTokenizer->getLineNumber());
2263 } else {
2264 if (mCharsetSource == kCharsetFromMetaTag) {
2265 mTreeBuilder->MaybeComplainAboutCharset(
2266 "EncSpeculationFailMeta", false, mTokenizer->getLineNumber());
2267 } else if (mCharsetSource == kCharsetFromXmlDeclaration) {
2268 // This intentionally refers to the line number of how far ahead
2269 // the document was parsed even though the bogo XML decl is always
2270 // on line 1.
2271 mTreeBuilder->MaybeComplainAboutCharset(
2272 "EncSpeculationFailXml", false, mTokenizer->getLineNumber());
2273 }
2274 }
2275
2276 DiscardMetaSpeculation();
2277 // Redecode the stream.
2278 mEncoding = needsEncodingSwitchTo;
2279 mUnicodeDecoder = mEncoding->NewDecoderWithBOMRemoval();
2280 mHasHadErrors = false;
2281
2282 MOZ_ASSERT(!mDecodingLocalFileWithoutTokenizing,
2283 "Must have set mDecodingLocalFileWithoutTokenizing to false "
2284 "to report data to dev tools below");
2285 MOZ_ASSERT(!mLookingForMetaCharset,
2286 "Must have set mLookingForMetaCharset to false to report data "
2287 "to dev tools below");
2288 for (auto&& buffer : mBufferedBytes) {
2289 nsresult rv = WriteStreamBytes(buffer);
2290 if (NS_FAILED(rv)) {
2291 MarkAsBroken(rv);
2292 return false;
2293 }
2294 }
2295 }
2296 } else if (!mLookingForMetaCharset && !mDecodingLocalFileWithoutTokenizing) {
2297 MOZ_ASSERT(!mStartedFeedingDevTools);
2298 // Report all already-decoded buffers to the dev tools if needed.
2299 if (mURIToSendToDevtools) {
2300 nsHtml5OwningUTF16Buffer* buffer = mFirstBufferOfMetaScan;
2301 while (buffer) {
2302 auto s = Span(buffer->getBuffer(), buffer->getEnd());
2303 OnNewContent(s);
2304 buffer = buffer->next;
2305 }
2306 }
2307 }
2308 if (!mLookingForMetaCharset) {
2309 mGtBuffer = nullptr;
2310 mGtPos = 0;
2311
2312 if (!mDecodingLocalFileWithoutTokenizing) {
2313 mFirstBufferOfMetaScan = nullptr;
2314 mBufferingBytes = false;
2315 mBufferedBytes.Clear();
2316 mTreeBuilder->SetDocumentCharset(mEncoding, mCharsetSource, true);
2317 if (mMode == VIEW_SOURCE_HTML) {
2318 auto r = mTokenizer->FlushViewSource();
2319 if (r.isErr()) {
2320 MarkAsBroken(r.unwrapErr());
2321 return false;
2322 }
2323 }
2324 auto r = mTreeBuilder->Flush();
2325 if (r.isErr()) {
2326 MarkAsBroken(r.unwrapErr());
2327 return false;
2328 }
2329 }
2330 }
2331 return rewound;
2332 }
2333
2334 void nsHtml5StreamParser::ParseAvailableData() {
2335 MOZ_ASSERT(IsParserThread(), "Wrong thread!");
2336 mTokenizerMutex.AssertCurrentThreadOwns();
2337 MOZ_ASSERT(!(mDecodingLocalFileWithoutTokenizing && !mLookingForMetaCharset));
2338
2339 if (IsTerminatedOrInterrupted()) {
2340 return;
2341 }
2342
2343 if (mSpeculating && !IsSpeculationEnabled()) {
2344 return;
2345 }
2346
2347 bool requestedReload = false;
2348 for (;;) {
2349 if (!mFirstBuffer->hasMore()) {
2350 if (mFirstBuffer == mLastBuffer) {
2351 switch (mStreamState) {
2352 case STREAM_BEING_READ:
2353 // never release the last buffer.
2354 if (!mSpeculating) {
2355 // reuse buffer space if not speculating
2356 mFirstBuffer->setStart(0);
2357 mFirstBuffer->setEnd(0);
2358 }
2359 return; // no more data for now but expecting more
2360 case STREAM_ENDED:
2361 if (mAtEOF) {
2362 return;
2363 }
2364 if (mLookingForMetaCharset) {
2365 // When called with aEof=true, ProcessLookingForMetaCharset()
2366 // is guaranteed to set mLookingForMetaCharset to false so
2367 // that we can't come here twice.
2368 if (ProcessLookingForMetaCharset(true)) {
2369 if (IsTerminatedOrInterrupted()) {
2370 return;
2371 }
2372 continue;
2373 }
2374 } else if ((mForceAutoDetection ||
2375 mCharsetSource < kCharsetFromParentFrame) &&
2376 !(mMode == LOAD_AS_DATA || mMode == VIEW_SOURCE_XML) &&
2377 !mReparseForbidden) {
2378 // An earlier DetectorEof() call is possible in which case
2379 // the one here is a no-op.
2380 DetectorEof();
2381 auto [encoding, source] = GuessEncoding(false);
2382 if (encoding != mEncoding) {
2383 // Request a reload from the docshell.
2384 MOZ_ASSERT(
2385 (source >=
2386 kCharsetFromFinalAutoDetectionWouldHaveBeenUTF8InitialWasASCII &&
2387 source <=
2388 kCharsetFromFinalAutoDetectionWouldNotHaveBeenUTF8DependedOnTLDInitialWasASCII) ||
2389 source == kCharsetFromFinalUserForcedAutoDetection);
2390 mTreeBuilder->NeedsCharsetSwitchTo(encoding, source, 0);
2391 requestedReload = true;
2392 } else if (mCharsetSource ==
2393 kCharsetFromInitialAutoDetectionASCII &&
2394 mDetectorHasSeenNonAscii) {
2395 mCharsetSource = source;
2396 mTreeBuilder->UpdateCharsetSource(mCharsetSource);
2397 }
2398 }
2399
2400 mAtEOF = true;
2401 if (!mForceAutoDetection && !requestedReload) {
2402 if (mCharsetSource == kCharsetFromParentFrame) {
2403 mTreeBuilder->MaybeComplainAboutCharset("EncNoDeclarationFrame",
2404 false, 0);
2405 } else if (mCharsetSource == kCharsetFromXmlDeclaration) {
2406 // We know the bogo XML decl is always on the first line.
2407 mTreeBuilder->MaybeComplainAboutCharset("EncXmlDecl", false, 1);
2408 } else if (
2409 mCharsetSource >=
2410 kCharsetFromInitialAutoDetectionWouldHaveBeenUTF8 &&
2411 mCharsetSource <=
2412 kCharsetFromInitialAutoDetectionWouldNotHaveBeenUTF8DependedOnTLD) {
2413 if (mMode == PLAIN_TEXT || mMode == VIEW_SOURCE_PLAIN) {
2414 mTreeBuilder->MaybeComplainAboutCharset("EncNoDeclPlain",
2415 true, 0);
2416 } else {
2417 mTreeBuilder->MaybeComplainAboutCharset("EncNoDecl", true, 0);
2418 }
2419 }
2420
2421 if (mHasHadErrors && mEncoding != REPLACEMENT_ENCODING) {
2422 if (mEncoding == UTF_8_ENCODING) {
2423 mTreeBuilder->TryToEnableEncodingMenu();
2424 }
2425 if (mCharsetSource == kCharsetFromParentFrame) {
2426 if (mMode == PLAIN_TEXT || mMode == VIEW_SOURCE_PLAIN) {
2427 mTreeBuilder->MaybeComplainAboutCharset(
2428 "EncErrorFramePlain", true, 0);
2429 } else {
2430 mTreeBuilder->MaybeComplainAboutCharset("EncErrorFrame",
2431 true, 0);
2432 }
2433 } else if (
2434 mCharsetSource >= kCharsetFromXmlDeclaration &&
2435 !(mCharsetSource >=
2436 kCharsetFromFinalAutoDetectionWouldHaveBeenUTF8InitialWasASCII &&
2437 mCharsetSource <=
2438 kCharsetFromFinalUserForcedAutoDetection)) {
2439 mTreeBuilder->MaybeComplainAboutCharset("EncError", true, 0);
2440 }
2441 }
2442 }
2443 if (NS_SUCCEEDED(mTreeBuilder->IsBroken())) {
2444 mTokenizer->eof();
2445 nsresult rv;
2446 if (NS_FAILED((rv = mTreeBuilder->IsBroken()))) {
2447 MarkAsBroken(rv);
2448 } else {
2449 mTreeBuilder->StreamEnded();
2450 if (mMode == VIEW_SOURCE_HTML || mMode == VIEW_SOURCE_XML) {
2451 if (!mTokenizer->EndViewSource()) {
2452 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
2453 }
2454 }
2455 }
2456 }
2457 FlushTreeOpsAndDisarmTimer();
2458 return; // no more data and not expecting more
2459 default:
2460 MOZ_ASSERT_UNREACHABLE("It should be impossible to reach this.");
2461 return;
2462 }
2463 }
2464 mFirstBuffer = mFirstBuffer->next;
2465 continue;
2466 }
2467
2468 // now we have a non-empty buffer
2469 mFirstBuffer->adjust(mLastWasCR);
2470 mLastWasCR = false;
2471 if (mFirstBuffer->hasMore()) {
2472 if (!mTokenizer->EnsureBufferSpace(mFirstBuffer->getLength())) {
2473 MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
2474 return;
2475 }
2476 mLastWasCR = mTokenizer->tokenizeBuffer(mFirstBuffer);
2477 nsresult rv;
2478 if (NS_FAILED((rv = mTreeBuilder->IsBroken()))) {
2479 MarkAsBroken(rv);
2480 return;
2481 }
2482 if (mTreeBuilder->HasScript()) {
2483 // HasScript() cannot return true if the tree builder is preventing
2484 // script execution.
2485 MOZ_ASSERT(mMode == NORMAL);
2486 mozilla::MutexAutoLock speculationAutoLock(mSpeculationMutex);
2487 nsHtml5Speculation* speculation = new nsHtml5Speculation(
2488 mFirstBuffer, mFirstBuffer->getStart(), mTokenizer->getLineNumber(),
2489 mTokenizer->getColumnNumber(), mTreeBuilder->newSnapshot());
2490 mTreeBuilder->AddSnapshotToScript(speculation->GetSnapshot(),
2491 speculation->GetStartLineNumber());
2492 if (mLookingForMetaCharset) {
2493 if (mMode == VIEW_SOURCE_HTML) {
2494 auto r = mTokenizer->FlushViewSource();
2495 if (r.isErr()) {
2496 MarkAsBroken(r.unwrapErr());
2497 return;
2498 }
2499 }
2500 auto r = mTreeBuilder->Flush();
2501 if (r.isErr()) {
2502 MarkAsBroken(r.unwrapErr());
2503 return;
2504 }
2505 } else {
2506 FlushTreeOpsAndDisarmTimer();
2507 }
2508 mTreeBuilder->SetOpSink(speculation);
2509 mSpeculations.AppendElement(speculation); // adopts the pointer
2510 mSpeculating = true;
2511 }
2512 if (IsTerminatedOrInterrupted()) {
2513 return;
2514 }
2515 }
2516 if (mLookingForMetaCharset) {
2517 Unused << ProcessLookingForMetaCharset(false);
2518 }
2519 }
2520 }
2521
2522 class nsHtml5StreamParserContinuation : public Runnable {
2523 private:
2524 nsHtml5StreamParserPtr mStreamParser;
2525
2526 public:
2527 explicit nsHtml5StreamParserContinuation(nsHtml5StreamParser* aStreamParser)
2528 : Runnable("nsHtml5StreamParserContinuation"),
2529 mStreamParser(aStreamParser) {}
2530 NS_IMETHOD Run() override {
2531 mozilla::MutexAutoLock autoLock(mStreamParser->mTokenizerMutex);
2532 mStreamParser->Uninterrupt();
2533 mStreamParser->ParseAvailableData();
2534 return NS_OK;
2535 }
2536 };
2537
2538 void nsHtml5StreamParser::ContinueAfterScriptsOrEncodingCommitment(
2539 nsHtml5Tokenizer* aTokenizer, nsHtml5TreeBuilder* aTreeBuilder,
2540 bool aLastWasCR) {
2541 // nullptr for aTokenizer means encoding commitment as opposed to the "after
2542 // scripts" case.
2543
2544 MOZ_ASSERT(NS_IsMainThread(), "Wrong thread!");
2545 MOZ_ASSERT(mMode != VIEW_SOURCE_XML,
2546 "ContinueAfterScriptsOrEncodingCommitment called in XML view "
2547 "source mode!");
2548 MOZ_ASSERT(!(aTokenizer && mMode == VIEW_SOURCE_HTML),
2549 "ContinueAfterScriptsOrEncodingCommitment called with non-null "
2550 "tokenizer in HTML view "
2551 "source mode.");
2552 if (NS_FAILED(mExecutor->IsBroken())) {
2553 return;
2554 }
2555 MOZ_ASSERT(!(aTokenizer && mMode != NORMAL),
2556 "We should only be executing scripts in the normal mode.");
2557 if (!aTokenizer && (mMode == PLAIN_TEXT || mMode == VIEW_SOURCE_PLAIN ||
2558 mMode == VIEW_SOURCE_HTML)) {
2559 // Take the ops that were generated from OnStartRequest for the synthetic
2560 // head section of the document for plain text and HTML View Source.
2561 // XML View Source never needs this kind of encoding commitment.
2562 // We need to take the ops here so that they end up in the queue before
2563 // the ops that we take from a speculation later in this method.
2564 if (!mExecutor->TakeOpsFromStage()) {
2565 mExecutor->MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
2566 return;
2567 }
2568 } else {
2569 #ifdef DEBUG
2570 mExecutor->AssertStageEmpty();
2571 #endif
2572 }
2573 bool speculationFailed = false;
2574 {
2575 mozilla::MutexAutoLock speculationAutoLock(mSpeculationMutex);
2576 if (mSpeculations.IsEmpty()) {
2577 MOZ_ASSERT_UNREACHABLE(
2578 "ContinueAfterScriptsOrEncodingCommitment called without "
2579 "speculations.");
2580 return;
2581 }
2582
2583 const auto& speculation = mSpeculations.ElementAt(0);
2584 if (aTokenizer &&
2585 (aLastWasCR || !aTokenizer->isInDataState() ||
2586 !aTreeBuilder->snapshotMatches(speculation->GetSnapshot()))) {
2587 speculationFailed = true;
2588 // We've got a failed speculation :-(
2589 MaybeDisableFutureSpeculation();
2590 Interrupt(); // Make the parser thread release the tokenizer mutex sooner
2591 // Note that the interrupted state continues across possible intervening
2592 // Necko events until the nsHtml5StreamParserContinuation posted at the
2593 // end of this method runs. Therefore, this thread is guaranteed to
2594 // acquire mTokenizerMutex soon even if an intervening Necko event grabbed
2595 // it between now and the acquisition below.
2596
2597 // now fall out of the speculationAutoLock into the tokenizerAutoLock
2598 // block
2599 } else {
2600 // We've got a successful speculation!
2601 if (mSpeculations.Length() > 1) {
2602 // the first speculation isn't the current speculation, so there's
2603 // no need to bother the parser thread.
2604 if (!speculation->FlushToSink(mExecutor)) {
2605 mExecutor->MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
2606 return;
2607 }
2608 MOZ_ASSERT(!mExecutor->IsScriptExecuting(),
2609 "ParseUntilBlocked() was supposed to ensure we don't come "
2610 "here when scripts are executing.");
2611 MOZ_ASSERT(!aTokenizer || mExecutor->IsInFlushLoop(),
2612 "How are we here if "
2613 "RunFlushLoop() didn't call ParseUntilBlocked() or we're "
2614 "not committing to an encoding?");
2615 mSpeculations.RemoveElementAt(0);
2616 return;
2617 }
2618 // else
2619 Interrupt(); // Make the parser thread release the tokenizer mutex sooner
2620 // Note that the interrupted state continues across possible intervening
2621 // Necko events until the nsHtml5StreamParserContinuation posted at the
2622 // end of this method runs. Therefore, this thread is guaranteed to
2623 // acquire mTokenizerMutex soon even if an intervening Necko event grabbed
2624 // it between now and the acquisition below.
2625
2626 // now fall through
2627 // the first speculation is the current speculation. Need to
2628 // release the the speculation mutex and acquire the tokenizer
2629 // mutex. (Just acquiring the other mutex here would deadlock)
2630 }
2631 }
2632 {
2633 mozilla::MutexAutoLock tokenizerAutoLock(mTokenizerMutex);
2634 #ifdef DEBUG
2635 {
2636 mAtomTable.SetPermittedLookupEventTarget(
2637 GetMainThreadSerialEventTarget());
2638 }
2639 #endif
2640 // In principle, the speculation mutex should be acquired here,
2641 // but there's no point, because the parser thread only acquires it
2642 // when it has also acquired the tokenizer mutex and we are already
2643 // holding the tokenizer mutex.
2644 if (speculationFailed) {
2645 MOZ_ASSERT(mMode == NORMAL);
2646 // Rewind the stream
2647 mAtEOF = false;
2648 const auto& speculation = mSpeculations.ElementAt(0);
2649 mFirstBuffer = speculation->GetBuffer();
2650 mFirstBuffer->setStart(speculation->GetStart());
2651 mTokenizer->setLineNumber(speculation->GetStartLineNumber());
2652 mTokenizer->setColumnNumberAndResetNextLine(
2653 speculation->GetStartColumnNumber());
2654
2655 nsContentUtils::ReportToConsole(
2656 nsIScriptError::warningFlag, "DOM Events"_ns,
2657 mExecutor->GetDocument(), nsContentUtils::eDOM_PROPERTIES,
2658 "SpeculationFailed2", nsTArray<nsString>(), nullptr, u""_ns,
2659 speculation->GetStartLineNumber(),
2660 speculation->GetStartColumnNumber());
2661
2662 nsHtml5OwningUTF16Buffer* buffer = mFirstBuffer->next;
2663 while (buffer) {
2664 buffer->setStart(0);
2665 buffer = buffer->next;
2666 }
2667
2668 mSpeculations.Clear(); // potentially a huge number of destructors
2669 // run here synchronously on the main thread...
2670
2671 mTreeBuilder->flushCharacters(); // empty the pending buffer
2672 mTreeBuilder->ClearOps(); // now get rid of the failed ops
2673
2674 mTreeBuilder->SetOpSink(mExecutor->GetStage());
2675 mExecutor->StartReadingFromStage();
2676 mSpeculating = false;
2677
2678 // Copy state over
2679 mLastWasCR = aLastWasCR;
2680 mTokenizer->loadState(aTokenizer);
2681 mTreeBuilder->loadState(aTreeBuilder);
2682 } else {
2683 // We've got a successful speculation and at least a moment ago it was
2684 // the current speculation
2685 if (!mSpeculations.ElementAt(0)->FlushToSink(mExecutor)) {
2686 mExecutor->MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
2687 return;
2688 }
2689 MOZ_ASSERT(!mExecutor->IsScriptExecuting(),
2690 "ParseUntilBlocked() was supposed to ensure we don't come "
2691 "here when scripts are executing.");
2692 MOZ_ASSERT(!aTokenizer || mExecutor->IsInFlushLoop(),
2693 "How are we here if "
2694 "RunFlushLoop() didn't call ParseUntilBlocked() or we're not "
2695 "committing to an encoding?");
2696 mSpeculations.RemoveElementAt(0);
2697 if (mSpeculations.IsEmpty()) {
2698 if (mMode == VIEW_SOURCE_HTML) {
2699 // If we looked for meta charset in the HTML View Source case.
2700 mTokenizer->SetViewSourceOpSink(mExecutor->GetStage());
2701 } else {
2702 // yes, it was still the only speculation. Now stop speculating
2703 // However, before telling the executor to read from stage, flush
2704 // any pending ops straight to the executor, because otherwise
2705 // they remain unflushed until we get more data from the network.
2706 mTreeBuilder->SetOpSink(mExecutor);
2707 auto r = mTreeBuilder->Flush(true);
2708 if (r.isErr()) {
2709 mExecutor->MarkAsBroken(r.unwrapErr());
2710 return;
2711 }
2712 mTreeBuilder->SetOpSink(mExecutor->GetStage());
2713 }
2714 mExecutor->StartReadingFromStage();
2715 mSpeculating = false;
2716 }
2717 }
2718 nsCOMPtr<nsIRunnable> event = new nsHtml5StreamParserContinuation(this);
2719 if (NS_FAILED(mEventTarget->Dispatch(event, nsIThread::DISPATCH_NORMAL))) {
2720 NS_WARNING("Failed to dispatch nsHtml5StreamParserContinuation");
2721 }
2722 // A stream event might run before this event runs, but that's harmless.
2723 #ifdef DEBUG
2724 mAtomTable.SetPermittedLookupEventTarget(mEventTarget);
2725 #endif
2726 }
2727 }
2728
2729 void nsHtml5StreamParser::ContinueAfterFailedCharsetSwitch() {
2730 MOZ_ASSERT(NS_IsMainThread(), "Wrong thread!");
2731 nsCOMPtr<nsIRunnable> event = new nsHtml5StreamParserContinuation(this);
2732 if (NS_FAILED(mEventTarget->Dispatch(event, nsIThread::DISPATCH_NORMAL))) {
2733 NS_WARNING("Failed to dispatch nsHtml5StreamParserContinuation");
2734 }
2735 }
2736
2737 class nsHtml5TimerKungFu : public Runnable {
2738 private:
2739 nsHtml5StreamParserPtr mStreamParser;
2740
2741 public:
2742 explicit nsHtml5TimerKungFu(nsHtml5StreamParser* aStreamParser)
2743 : Runnable("nsHtml5TimerKungFu"), mStreamParser(aStreamParser) {}
2744 NS_IMETHOD Run() override {
2745 mozilla::MutexAutoLock flushTimerLock(mStreamParser->mFlushTimerMutex);
2746 if (mStreamParser->mFlushTimer) {
2747 mStreamParser->mFlushTimer->Cancel();
2748 mStreamParser->mFlushTimer = nullptr;
2749 }
2750 return NS_OK;
2751 }
2752 };
2753
2754 void nsHtml5StreamParser::DropTimer() {
2755 MOZ_ASSERT(NS_IsMainThread(), "Wrong thread!");
2756 /*
2757 * Simply nulling out the timer wouldn't work, because if the timer is
2758 * armed, it needs to be canceled first. Simply canceling it first wouldn't
2759 * work, because nsTimerImpl::Cancel is not safe for calling from outside
2760 * the thread where nsTimerImpl::Fire would run. It's not safe to
2761 * dispatch a runnable to cancel the timer from the destructor of this
2762 * class, because the timer has a weak (void*) pointer back to this instance
2763 * of the stream parser and having the timer fire before the runnable
2764 * cancels it would make the timer access a deleted object.
2765 *
2766 * This DropTimer method addresses these issues. This method must be called
2767 * on the main thread before the destructor of this class is reached.
2768 * The nsHtml5TimerKungFu object has an nsHtml5StreamParserPtr that addrefs
2769 * this
2770 * stream parser object to keep it alive until the runnable is done.
2771 * The runnable cancels the timer on the parser thread, drops the timer
2772 * and lets nsHtml5StreamParserPtr send a runnable back to the main thread to
2773 * release the stream parser.
2774 */
2775 mozilla::MutexAutoLock flushTimerLock(mFlushTimerMutex);
2776 if (mFlushTimer) {
2777 nsCOMPtr<nsIRunnable> event = new nsHtml5TimerKungFu(this);
2778 if (NS_FAILED(mEventTarget->Dispatch(event, nsIThread::DISPATCH_NORMAL))) {
2779 NS_WARNING("Failed to dispatch TimerKungFu event");
2780 }
2781 }
2782 }
2783
2784 // Using a static, because the method name Notify is taken by the chardet
2785 // callback.
2786 void nsHtml5StreamParser::TimerCallback(nsITimer* aTimer, void* aClosure) {
2787 (static_cast<nsHtml5StreamParser*>(aClosure))->TimerFlush();
2788 }
2789
2790 void nsHtml5StreamParser::TimerFlush() {
2791 MOZ_ASSERT(IsParserThread(), "Wrong thread!");
2792 mozilla::MutexAutoLock autoLock(mTokenizerMutex);
2793
2794 MOZ_ASSERT(!mSpeculating, "Flush timer fired while speculating.");
2795
2796 // The timer fired if we got here. No need to cancel it. Mark it as
2797 // not armed, though.
2798 mFlushTimerArmed = false;
2799
2800 mFlushTimerEverFired = true;
2801
2802 if (IsTerminatedOrInterrupted()) {
2803 return;
2804 }
2805
2806 if (mMode == VIEW_SOURCE_HTML || mMode == VIEW_SOURCE_XML) {
2807 auto r = mTreeBuilder->Flush(); // delete useless ops
2808 if (r.isErr()) {
2809 MarkAsBroken(r.unwrapErr());
2810 return;
2811 }
2812 r = mTokenizer->FlushViewSource();
2813 if (r.isErr()) {
2814 MarkAsBroken(r.unwrapErr());
2815 return;
2816 }
2817 if (r.unwrap()) {
2818 nsCOMPtr<nsIRunnable> runnable(mExecutorFlusher);
2819 if (NS_FAILED(DispatchToMain(runnable.forget()))) {
2820 NS_WARNING("failed to dispatch executor flush event");
2821 }
2822 }
2823 } else {
2824 // we aren't speculating and we don't know when new data is
2825 // going to arrive. Send data to the main thread.
2826 auto r = mTreeBuilder->Flush(true);
2827 if (r.isErr()) {
2828 MarkAsBroken(r.unwrapErr());
2829 return;
2830 }
2831 if (r.unwrap()) {
2832 nsCOMPtr<nsIRunnable> runnable(mExecutorFlusher);
2833 if (NS_FAILED(DispatchToMain(runnable.forget()))) {
2834 NS_WARNING("failed to dispatch executor flush event");
2835 }
2836 }
2837 }
2838 }
2839
2840 void nsHtml5StreamParser::MarkAsBroken(nsresult aRv) {
2841 MOZ_ASSERT(IsParserThread(), "Wrong thread!");
2842 mTokenizerMutex.AssertCurrentThreadOwns();
2843
2844 Terminate();
2845 mTreeBuilder->MarkAsBroken(aRv);
2846 auto r = mTreeBuilder->Flush(false);
2847 if (r.isOk()) {
2848 MOZ_ASSERT(r.unwrap(), "Should have had the markAsBroken op!");
2849 } else {
2850 MOZ_CRASH("OOM prevents propagation of OOM state");
2851 }
2852 nsCOMPtr<nsIRunnable> runnable(mExecutorFlusher);
2853 if (NS_FAILED(DispatchToMain(runnable.forget()))) {
2854 NS_WARNING("failed to dispatch executor flush event");
2855 }
2856 }
2857
2858 nsresult nsHtml5StreamParser::DispatchToMain(
2859 already_AddRefed<nsIRunnable>&& aRunnable) {
2860 if (mNetworkEventTarget) {
2861 return mNetworkEventTarget->Dispatch(std::move(aRunnable));
2862 }
2863 return SchedulerGroup::Dispatch(TaskCategory::Network, std::move(aRunnable));
2864 }