dom/base/StructuredCloneBlob.cpp

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
   3 /* This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #include "mozilla/dom/StructuredCloneBlob.h"
   8
   9 #include "js/StructuredClone.h"
  10 #include "js/Utility.h"
  11 #include "js/Wrapper.h"
  12 #include "mozilla/dom/BlobImpl.h"
  13 #include "mozilla/dom/StructuredCloneTags.h"
  14 #include "mozilla/Maybe.h"
  15 #include "mozilla/UniquePtr.h"
  16 #include "xpcpublic.h"
  17
  18 namespace mozilla {
  19 namespace dom {
  20
  21 StructuredCloneBlob::StructuredCloneBlob() {
  22   mHolder.emplace(Holder::CloningSupported, Holder::TransferringNotSupported,
  23                   Holder::StructuredCloneScope::DifferentProcess);
  24 }
  25
  26 StructuredCloneBlob::~StructuredCloneBlob() {
  27   UnregisterWeakMemoryReporter(this);
  28 }
  29
  30 /* static */
  31 already_AddRefed<StructuredCloneBlob> StructuredCloneBlob::Constructor(
  32     GlobalObject& aGlobal, JS::HandleValue aValue,
  33     JS::HandleObject aTargetGlobal, ErrorResult& aRv) {
  34   JSContext* cx = aGlobal.Context();
  35
  36   RefPtr<StructuredCloneBlob> holder = StructuredCloneBlob::Create();
  37
  38   Maybe<JSAutoRealm> ar;
  39   JS::RootedValue value(cx, aValue);
  40
  41   if (aTargetGlobal) {
  42     // OK to unwrap if our caller (represented by cx's Realm) can do it.
  43     JS::RootedObject targetGlobal(cx,
  44                                   js::CheckedUnwrapDynamic(aTargetGlobal, cx));
  45     if (!targetGlobal) {
  46       js::ReportAccessDenied(cx);
  47       aRv.NoteJSContextException(cx);
  48       return nullptr;
  49     }
  50
  51     ar.emplace(cx, targetGlobal);
  52
  53     if (!JS_WrapValue(cx, &value)) {
  54       aRv.NoteJSContextException(cx);
  55       return nullptr;
  56     }
  57   } else if (value.isObject()) {
  58     // OK to unwrap if our caller (represented by cx's Realm) can do it.
  59     JS::RootedObject obj(cx, js::CheckedUnwrapDynamic(&value.toObject(), cx));
  60     if (!obj) {
  61       js::ReportAccessDenied(cx);
  62       aRv.NoteJSContextException(cx);
  63       return nullptr;
  64     }
  65
  66     ar.emplace(cx, obj);
  67     value = JS::ObjectValue(*obj);
  68   }
  69
  70   holder->mHolder->Write(cx, value, aRv);
  71   if (aRv.Failed()) {
  72     return nullptr;
  73   }
  74
  75   return holder.forget();
  76 }
  77
  78 void StructuredCloneBlob::Deserialize(JSContext* aCx,
  79                                       JS::HandleObject aTargetScope,
  80                                       bool aKeepData,
  81                                       JS::MutableHandleValue aResult,
  82                                       ErrorResult& aRv) {
  83   // OK to unwrap if our caller (represented by aCx's Realm) can do it.
  84   JS::RootedObject scope(aCx, js::CheckedUnwrapDynamic(aTargetScope, aCx));
  85   if (!scope) {
  86     js::ReportAccessDenied(aCx);
  87     aRv.NoteJSContextException(aCx);
  88     return;
  89   }
  90
  91   if (!mHolder.isSome()) {
  92     aRv.Throw(NS_ERROR_NOT_INITIALIZED);
  93     return;
  94   }
  95
  96   {
  97     JSAutoRealm ar(aCx, scope);
  98
  99     mHolder->Read(xpc::NativeGlobal(scope), aCx, aResult, aRv);
 100     if (aRv.Failed()) {
 101       return;
 102     }
 103   }
 104
 105   if (!aKeepData) {
 106     mHolder.reset();
 107   }
 108
 109   if (!JS_WrapValue(aCx, aResult)) {
 110     aResult.set(JS::UndefinedValue());
 111     aRv.NoteJSContextException(aCx);
 112   }
 113 }
 114
 115 /* static */
 116 JSObject* StructuredCloneBlob::ReadStructuredClone(
 117     JSContext* aCx, JSStructuredCloneReader* aReader,
 118     StructuredCloneHolder* aHolder) {
 119   JS::RootedObject obj(aCx);
 120   {
 121     RefPtr<StructuredCloneBlob> holder = StructuredCloneBlob::Create();
 122
 123     if (!holder->mHolder->ReadStructuredCloneInternal(aCx, aReader, aHolder) ||
 124         !holder->WrapObject(aCx, nullptr, &obj)) {
 125       return nullptr;
 126     }
 127   }
 128   return obj.get();
 129 }
 130
 131 bool StructuredCloneBlob::Holder::ReadStructuredCloneInternal(
 132     JSContext* aCx, JSStructuredCloneReader* aReader,
 133     StructuredCloneHolder* aHolder) {
 134   uint32_t length;
 135   uint32_t version;
 136   if (!JS_ReadUint32Pair(aReader, &length, &version)) {
 137     return false;
 138   }
 139
 140   uint32_t blobOffset;
 141   uint32_t blobCount;
 142   if (!JS_ReadUint32Pair(aReader, &blobOffset, &blobCount)) {
 143     return false;
 144   }
 145   if (blobCount) {
 146 #ifdef FUZZING
 147     if (blobOffset >= aHolder->BlobImpls().Length()) {
 148       return false;
 149     }
 150 #endif
 151     BlobImpls().AppendElements(&aHolder->BlobImpls()[blobOffset], blobCount);
 152   }
 153
 154   JSStructuredCloneData data(mStructuredCloneScope);
 155   while (length) {
 156     size_t size;
 157     char* buffer = data.AllocateBytes(length, &size);
 158     if (!buffer || !JS_ReadBytes(aReader, buffer, size)) {
 159       return false;
 160     }
 161     length -= size;
 162   }
 163
 164   mBuffer = MakeUnique<JSAutoStructuredCloneBuffer>(
 165       mStructuredCloneScope, &StructuredCloneHolder::sCallbacks, this);
 166   mBuffer->adopt(std::move(data), version, &StructuredCloneHolder::sCallbacks);
 167
 168   return true;
 169 }
 170
 171 bool StructuredCloneBlob::WriteStructuredClone(JSContext* aCx,
 172                                                JSStructuredCloneWriter* aWriter,
 173                                                StructuredCloneHolder* aHolder) {
 174   if (mHolder.isNothing()) {
 175     return false;
 176   }
 177   return mHolder->WriteStructuredClone(aCx, aWriter, aHolder);
 178 }
 179
 180 bool StructuredCloneBlob::Holder::WriteStructuredClone(
 181     JSContext* aCx, JSStructuredCloneWriter* aWriter,
 182     StructuredCloneHolder* aHolder) {
 183   auto& data = mBuffer->data();
 184   if (!JS_WriteUint32Pair(aWriter, SCTAG_DOM_STRUCTURED_CLONE_HOLDER, 0) ||
 185       !JS_WriteUint32Pair(aWriter, data.Size(), JS_STRUCTURED_CLONE_VERSION) ||
 186       !JS_WriteUint32Pair(aWriter, aHolder->BlobImpls().Length(),
 187                           BlobImpls().Length())) {
 188     return false;
 189   }
 190
 191   aHolder->BlobImpls().AppendElements(BlobImpls());
 192
 193   return data.ForEachDataChunk([&](const char* aData, size_t aSize) {
 194     return JS_WriteBytes(aWriter, aData, aSize);
 195   });
 196 }
 197
 198 bool StructuredCloneBlob::WrapObject(JSContext* aCx,
 199                                      JS::HandleObject aGivenProto,
 200                                      JS::MutableHandleObject aResult) {
 201   return StructuredCloneHolder_Binding::Wrap(aCx, this, aGivenProto, aResult);
 202 }
 203
 204 NS_IMETHODIMP
 205 StructuredCloneBlob::CollectReports(nsIHandleReportCallback* aHandleReport,
 206                                     nsISupports* aData, bool aAnonymize) {
 207   size_t size = MallocSizeOf(this);
 208   if (mHolder.isSome()) {
 209     size += mHolder->SizeOfExcludingThis(MallocSizeOf);
 210   }
 211
 212   MOZ_COLLECT_REPORT("explicit/dom/structured-clone-holder", KIND_HEAP,
 213                      UNITS_BYTES, size,
 214                      "Memory used by StructuredCloneHolder DOM objects.");
 215
 216   return NS_OK;
 217 }
 218
 219 NS_IMPL_ISUPPORTS(StructuredCloneBlob, nsIMemoryReporter)
 220
 221 }  // namespace dom
 222 }  // namespace mozilla