Bug 612662 patch 4: Prevent reentrant calls to VectorImage::Draw, and prevent scrollbars (even unpainted ones) in SVG-as-an-image helper documents. r=roc a=blocking-final+

2025-02-27 21:00:50 +00:00 · 2010-11-19 08:56:06 -08:00 · 2010-11-19 08:56:06 -08:00 · c1f07be8c6
commit c1f07be8c6
parent dfa701e0fd
3 changed files with 19 additions and 10 deletions
--- a/layout/generic/nsGfxScrollFrame.cpp
+++ b/layout/generic/nsGfxScrollFrame.cpp
@ -2129,15 +2129,16 @@ nsGfxScrollFrameInner::CreateAnonymousContent(nsTArray<nsIContent*>& aElements)
  nsPresContext* presContext = mOuter->PresContext();
  nsIFrame* parent = mOuter->GetParent();

-  // Don't create scrollbars if we're printing/print previewing
-  // Get rid of this code when printing moves to its own presentation
-  if (!presContext->IsDynamic()) {
-    // allow scrollbars if this is the child of the viewport, because
-    // we must be the scrollbars for the print preview window
-    if (!(mIsRoot && presContext->HasPaginatedScrolling())) {
-      mNeverHasVerticalScrollbar = mNeverHasHorizontalScrollbar = PR_TRUE;
-      return NS_OK;
-    }
+  // Don't create scrollbars if we're an SVG document being used as an image,
+  // or if we're printing/print previewing.
+  // (In the printing case, we allow scrollbars if this is the child of the
+  // viewport & paginated scrolling is enabled, because then we must be the
+  // scroll frame for the print preview window, & that does need scrollbars.)
+  if (presContext->Document()->IsBeingUsedAsImage() ||
+      (!presContext->IsDynamic() &&
+       !(mIsRoot && presContext->HasPaginatedScrolling()))) {
+    mNeverHasVerticalScrollbar = mNeverHasHorizontalScrollbar = PR_TRUE;
+    return NS_OK;
  }

  // Check if the frame is resizable.
--- a/modules/libpr0n/src/VectorImage.cpp
+++ b/modules/libpr0n/src/VectorImage.cpp
@ -212,6 +212,7 @@ VectorImage::VectorImage(imgStatusTracker* aStatusTracker) :
  mLastRenderedSize(0, 0),
  mIsInitialized(PR_FALSE),
  mIsFullyLoaded(PR_FALSE),
+  mIsDrawing(PR_FALSE),
  mHaveAnimations(PR_FALSE),
  mHaveRestrictedRegion(PR_FALSE)
 {
@ -514,10 +515,15 @@ VectorImage::Draw(gfxContext* aContext,
                  const nsIntSize& aViewportSize,
                  PRUint32 aFlags)
 {
+  NS_ENSURE_ARG_POINTER(aContext);
  if (mError || !mIsFullyLoaded)
    return NS_ERROR_FAILURE;

-  NS_ENSURE_ARG_POINTER(aContext);
+  if (mIsDrawing) {
+    NS_WARNING("Refusing to make re-entrant call to VectorImage::Draw");
+    return NS_ERROR_FAILURE;
+  }
+  mIsDrawing = PR_TRUE;

  if (aViewportSize != mLastRenderedSize) {
    mSVGDocumentWrapper->UpdateViewportBounds(aViewportSize);
@ -552,6 +558,7 @@ VectorImage::Draw(gfxContext* aContext,
                             subimage, sourceRect, imageRect, aFill,
                             gfxASurface::ImageFormatARGB32, aFilter);

+  mIsDrawing = PR_FALSE;
  return NS_OK;
 }

--- a/modules/libpr0n/src/VectorImage.h
+++ b/modules/libpr0n/src/VectorImage.h
@ -119,6 +119,7 @@ private:

  PRPackedBool   mIsInitialized:1;        // Have we been initalized?
  PRPackedBool   mIsFullyLoaded:1;        // Has OnStopRequest been called?
+  PRPackedBool   mIsDrawing:1;            // Are we currently drawing?
  PRPackedBool   mHaveAnimations:1;       // Is our SVG content SMIL-animated?
                                          // (Only set after mIsFullyLoaded.)
  PRPackedBool   mHaveRestrictedRegion:1; // Are we a restricted-region clone