[tor-commits] [Git][tpo/applications/mullvad-browser][mullvad-browser-115.14.0esr-13.5-1] 2 commits: Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load...

ma1 pushed to branch mullvad-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser

Commits:

9d8af849

by Timothy Nikkel at 2024-08-05T10:31:07+02:00

Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin

If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel.

Differential Revision: https://phabricator.services.mozilla.com/D212083

7f222f82

by Jon Coppeard at 2024-08-05T10:31:07+02:00

Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain

Differential Revision: https://phabricator.services.mozilla.com/D214799

3 changed files:

js/src/gc/Zone.cpp
+ js/src/jit-test/tests/debug/bug-1904011.js
toolkit/components/antitracking/StoragePrincipalHelper.cpp

Changes:

js/src/gc/Zone.cpp

@@ -918,7 +918,13 @@ void Zone::clearScriptCounts(Realm* realm) {
    // Clear all hasScriptCounts_ flags of BaseScript, in order to release all
    // ScriptCounts entries of the given realm.
    for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) {
 -    BaseScript* script = i.get().key();
 +    const HeapPtr<BaseScript*>& script = i.get().key();
 +    if (IsAboutToBeFinalized(script)) {
 +      // Dead scripts may be present during incremental GC until script
 +      // finalizers have been run.
 +      continue;
 +    }
++
      if (script->realm() != realm) {
        continue;
+     }
@@ -939,7 +945,13 @@ void Zone::clearScriptLCov(Realm* realm) {
+   }
    for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) {
 -    BaseScript* script = i.get().key();
 +    const HeapPtr<BaseScript*>& script = i.get().key();
 +    if (IsAboutToBeFinalized(script)) {
 +      // Dead scripts may be present during incremental GC until script
 +      // finalizers have been run.
 +      continue;
 +    }
++
      if (script->realm() == realm) {
        i.remove();
+     }

js/src/jit-test/tests/debug/bug-1904011.js

 +// |jit-test| --fuzzing-safe; --ion-offthread-compile=off
 +gczeal(0);
++
 +let g = newGlobal({newCompartment: true});
 +let dbg = new Debugger(g);
++
 +dbg.collectCoverageInfo = true;
 +g.eval("0");
++
 +// Start a GC in the debugger's zone and yield after sweeping objects.
 +schedulezone(g);
 +gczeal(22);
 +startgc(100);
++
 +dbg.collectCoverageInfo = false;

toolkit/components/antitracking/StoragePrincipalHelper.cpp

@@ -445,7 +445,7 @@ bool StoragePrincipalHelper::GetOriginAttributes(
    nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
    loadInfo->GetOriginAttributes(&aAttributes);
 -  bool isPrivate = false;
 +  bool isPrivate = aAttributes.mPrivateBrowsingId > 0;
    nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel);
    if (pbChannel) {
      nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate);
@@ -454,7 +454,9 @@ bool StoragePrincipalHelper::GetOriginAttributes(
      // Some channels may not implement nsIPrivateBrowsingChannel
      nsCOMPtr<nsILoadContext> loadContext;
      NS_QueryNotificationCallbacks(aChannel, loadContext);
 -    isPrivate = loadContext && loadContext->UsePrivateBrowsing();
 +    if (loadContext) {
 +      isPrivate = loadContext->UsePrivateBrowsing();
 +    }
+   }
    aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate);