Bug 240264: Don't try to store three bits of data in a pointermember, only two are safe.

r/sr=jst
This commit is contained in:
sicking%bigfoot.com 2004-04-15 21:24:30 +00:00
parent 65d2274604
commit 1cf142e193
3 changed files with 12 additions and 64 deletions

View File

@ -90,8 +90,6 @@ public:
eContainerContentsBuilt = 0x4
};
#define LAZYSTATE_BITS 3
/**
* Set one or more ``lazy state'' flags.
* @aFlags a mask of flags to set

View File

@ -753,16 +753,12 @@ nsXULElement::GetAttributes(nsIDOMNamedNodeMap** aAttributes)
nsresult rv = EnsureSlots();
NS_ENSURE_SUCCESS(rv, rv);
nsDOMAttributeMap* map = mSlots->GetAttributeMap();
if (!map) {
map = new nsDOMAttributeMap(this);
NS_ENSURE_TRUE(map, NS_ERROR_OUT_OF_MEMORY);
NS_ADDREF(map);
mSlots->SetAttributeMap(map);
if (!mSlots->mAttributeMap) {
mSlots->mAttributeMap = new nsDOMAttributeMap(this);
NS_ENSURE_TRUE(mSlots->mAttributeMap, NS_ERROR_OUT_OF_MEMORY);
}
NS_ADDREF(*aAttributes = map);
NS_ADDREF(*aAttributes = mSlots->mAttributeMap);
return NS_OK;
}
@ -1349,10 +1345,9 @@ NS_IMETHODIMP
nsXULElement::SetLazyState(LazyState aFlags)
{
nsresult rv = EnsureSlots();
if (NS_FAILED(rv)) return rv;
NS_ENSURE_SUCCESS(rv, rv);
LazyState flags = mSlots->GetLazyState();
mSlots->SetLazyState(LazyState(flags | aFlags));
mSlots->mLazyState |= aFlags;
return NS_OK;
}
@ -1362,8 +1357,7 @@ nsXULElement::ClearLazyState(LazyState aFlags)
{
// No need to clear a flag we've never set.
if (mSlots) {
LazyState flags = mSlots->GetLazyState();
mSlots->SetLazyState(LazyState(flags & ~aFlags));
mSlots->mLazyState &= ~aFlags;
}
return NS_OK;
@ -1372,12 +1366,7 @@ nsXULElement::ClearLazyState(LazyState aFlags)
NS_IMETHODIMP
nsXULElement::GetLazyState(LazyState aFlag, PRBool& aResult)
{
if (mSlots) {
LazyState flags = mSlots->GetLazyState();
aResult = flags & aFlag;
}
else
aResult = PR_FALSE;
aResult = mSlots && mSlots->mLazyState & aFlag;
return NS_OK;
}
@ -2970,7 +2959,7 @@ nsXULElement::GetBuilder(nsIXULTemplateBuilder** aBuilder)
nsresult
nsXULElement::EnsureContentsGenerated(void) const
{
if (mSlots && (mSlots->GetLazyState() & nsIXULContent::eChildrenMustBeRebuilt)) {
if (mSlots && (mSlots->mLazyState & nsIXULContent::eChildrenMustBeRebuilt)) {
// Ensure that the element is actually _in_ the document tree;
// otherwise, somebody is trying to generate children for a node
// that's not currently in the content model.
@ -4031,7 +4020,7 @@ nsXULElement::HideWindowChrome(PRBool aShouldHide)
//
nsXULElement::Slots::Slots()
: mBits(0)
: mLazyState(0)
{
MOZ_COUNT_CTOR(nsXULElement::Slots);
}
@ -4040,9 +4029,6 @@ nsXULElement::Slots::Slots()
nsXULElement::Slots::~Slots()
{
MOZ_COUNT_DTOR(nsXULElement::Slots);
nsDOMAttributeMap* map = GetAttributeMap();
NS_IF_RELEASE(map);
}

View File

@ -594,44 +594,8 @@ protected:
nsCOMPtr<nsINodeInfo> mNodeInfo; // [OWNER]
nsCOMPtr<nsIControllers> mControllers; // [OWNER]
nsRefPtr<nsDOMCSSDeclaration> mDOMStyle; // [OWNER]
/**
* Contains the mLazyState in the low two bits, and a pointer
* to the nsDOMAttributeMap structure in the high bits.
*/
PRWord mBits;
#define LAZYSTATE_MASK ((PRWord(1) << LAZYSTATE_BITS) - 1)
#define ATTRIBUTES_MASK (~LAZYSTATE_MASK)
nsDOMAttributeMap *
GetAttributeMap() const {
return NS_REINTERPRET_CAST(nsDOMAttributeMap *, mBits & ATTRIBUTES_MASK);
}
void
SetAttributeMap(nsDOMAttributeMap *aAttributeMap) {
NS_ASSERTION((NS_REINTERPRET_CAST(PRWord, aAttributeMap) &
~ATTRIBUTES_MASK) == 0,
"nsDOMAttributeMap pointer is unaligned");
mBits &= ~ATTRIBUTES_MASK;
mBits |= NS_REINTERPRET_CAST(PRWord, aAttributeMap);
}
LazyState
GetLazyState() const {
return LazyState(mBits & LAZYSTATE_MASK);
}
void
SetLazyState(LazyState aLazyState) {
NS_ASSERTION((aLazyState & ~LAZYSTATE_MASK) == 0,
"lazy state includes high bits");
mBits &= ~LAZYSTATE_MASK;
mBits |= PRWord(aLazyState);
}
nsRefPtr<nsDOMAttributeMap> mAttributeMap; // [OWNER]
PRUint32 mLazyState;
};
friend struct Slots;