master

分支 (12)

标签 (12)

管理

管理

master

openEuler-22.09

openEuler-22.03-LTS-Next

openEuler-22.03-LTS

openEuler-20.03-LTS-SP3

openEuler-20.03-LTS-SP2

openEuler-21.09

openEuler-20.03-LTS-SP1

openEuler-21.03

openEuler-20.03-LTS-Next

openEuler-20.03-LTS

openEuler-20.09

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200928

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

firefox
/
CVE-2020-26953-pre.patch

# HG changeset patch
# User Alphan Chen <alchen@mozilla.com>
# Date 1593745253 0
#      Fri Jul 03 03:00:53 2020 +0000
# Node ID aff172a1f77244bf24cfccc966c917bf801b5cbd
# Parent  d69131a21feedc02c202912955ae015c74c4c8ec
Bug 1644484 - Handle the TypeError and InvalidStateError when calling FullScreen.cleanupDomFullscreen() from DOMFullscreenParent.didDestroy() r=Gijs

Differential Revision: https://phabricator.services.mozilla.com/D81716

diff -r d69131a21fee -r aff172a1f772 browser/base/content/browser-fullScreenAndPointerLock.js
--- a/browser/base/content/browser-fullScreenAndPointerLock.js	Fri Jul 03 01:30:12 2020 +0000
+++ b/browser/base/content/browser-fullScreenAndPointerLock.js	Fri Jul 03 03:00:53 2020 +0000
@@ -345,7 +345,9 @@
   },

   exitDomFullScreen() {
-    document.exitFullscreen();
+    if (document.fullscreen) {
+      document.exitFullscreen();
+    }
   },

   handleEvent(event) {
@@ -508,8 +510,15 @@

   /**
    * Search for the first ancestor of aActor that lives in a different process.
-   * If found, that ancestor is sent the message. Otherwise, the recipient should
-   * be the actor of the request origin.
+   * If found, that ancestor is sent the message and return false.
+   * Otherwise, the recipient should be the actor of the request origin and return true
+   * from this function.
+   *
+   * The method will be called again as a result of targeted child process doing
+   * "FullScreen.enterDomFullscreen()" or "FullScreen.cleanupDomFullscreen()".
+   * The return value is used to postpone entering or exiting Full Screen in the parent
+   * until there is no ancestor anymore.
+   *
    *
    * @param {JSWindowActorParent} aActor
    *        The actor that called this function.
@@ -517,6 +526,10 @@
    *        Message to be sent.
    *
    * @return {boolean}
+   *         The return value is used to postpone entering or exiting Full Screen in the
+   *         parent until there is no ancestor anymore.
+   *         Return false if the message is send to the first ancestor of aActor that
+   *         lives in a different process
    *         Return true if the message is sent to the request source
    *         or false otherwise.
    */
@@ -530,6 +543,9 @@
     let parentBC = childBC.parent;

     while (parentBC) {
+      if (!childBC.currentWindowGlobal || !parentBC.currentWindowGlobal) {
+        break;
+      }
       let childPid = childBC.currentWindowGlobal.osPid;
       let parentPid = parentBC.currentWindowGlobal.osPid;

@@ -541,7 +557,7 @@
       }
     }

-    if (parentBC) {
+    if (parentBC && parentBC.currentWindowGlobal) {
       let parentActor = parentBC.currentWindowGlobal.getActor("DOMFullscreen");
       parentActor.sendAsyncMessage(aMessage, {
         remoteFrameBC: childBC,
@@ -554,8 +570,10 @@
     // have entered or exited fullscreen at this point.
     // So let's notify the process where the original request
     // comes from.
-    aActor.requestOrigin.sendAsyncMessage(aMessage, {});
-    aActor.requestOrigin = null;
+    if (!aActor.requestOrigin.hasBeenDestroyed()) {
+      aActor.requestOrigin.sendAsyncMessage(aMessage, {});
+      aActor.requestOrigin = null;
+    }
     return true;
   },