/src/mozilla-central/image/imgRequest.cpp

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "imgRequest.h"
#include "ImageLogging.h"

#include "imgLoader.h"
#include "imgRequestProxy.h"
#include "DecodePool.h"
#include "ProgressTracker.h"
#include "ImageFactory.h"
#include "Image.h"
#include "MultipartImage.h"
#include "RasterImage.h"

#include "nsIChannel.h"
#include "nsICacheInfoChannel.h"
#include "nsIDocument.h"
#include "nsIThreadRetargetableRequest.h"
#include "nsIInputStream.h"
#include "nsIMultiPartChannel.h"
#include "nsIHttpChannel.h"
#include "nsIApplicationCache.h"
#include "nsIApplicationCacheChannel.h"
#include "nsMimeTypes.h"

#include "nsIInterfaceRequestorUtils.h"
#include "nsISupportsPrimitives.h"
#include "nsIScriptSecurityManager.h"
#include "nsContentUtils.h"

#include "plstr.h" // PL_strcasestr(...)
#include "prtime.h" // for PR_Now
#include "nsNetUtil.h"
#include "nsIProtocolHandler.h"
#include "imgIRequest.h"
#include "nsProperties.h"

#include "mozilla/IntegerPrintfMacros.h"
#include "mozilla/Telemetry.h"

using namespace mozilla;
using namespace mozilla::image;

#define LOG_TEST(level) (MOZ_LOG_TEST(gImgLog, (level)))

NS_IMPL_ISUPPORTS(imgRequest,
                  nsIStreamListener, nsIRequestObserver,
                  nsIThreadRetargetableStreamListener,
                  nsIChannelEventSink,
                  nsIInterfaceRequestor,
                  nsIAsyncVerifyRedirectCallback)

imgRequest::imgRequest(imgLoader* aLoader, const ImageCacheKey& aCacheKey)
 : mLoader(aLoader)
 , mCacheKey(aCacheKey)
 , mLoadId(nullptr)
 , mFirstProxy(nullptr)
 , mValidator(nullptr)
 , mInnerWindowId(0)
 , mCORSMode(imgIRequest::CORS_NONE)
 , mReferrerPolicy(mozilla::net::RP_Unset)
 , mImageErrorCode(NS_OK)
 , mMutex("imgRequest")
 , mProgressTracker(new ProgressTracker())
 , mIsMultiPartChannel(false)
 , mIsInCache(false)
 , mDecodeRequested(false)
 , mNewPartPending(false)
 , mHadInsecureRedirect(false)
{
  LOG_FUNC(gImgLog, "imgRequest::imgRequest()");
}

imgRequest::~imgRequest()
{
  if (mLoader) {
    mLoader->RemoveFromUncachedImages(this);
  }
  if (mURI) {
    LOG_FUNC_WITH_PARAM(gImgLog, "imgRequest::~imgRequest()",
                        "keyuri", mURI);
  } else
    LOG_FUNC(gImgLog, "imgRequest::~imgRequest()");
}

nsresult
imgRequest::Init(nsIURI *aURI,
                 nsIURI *aFinalURI,
                 bool aHadInsecureRedirect,
                 nsIRequest *aRequest,
                 nsIChannel *aChannel,
                 imgCacheEntry *aCacheEntry,
                 nsISupports* aCX,
                 nsIPrincipal* aTriggeringPrincipal,
                 int32_t aCORSMode,
                 ReferrerPolicy aReferrerPolicy)
{
  MOZ_ASSERT(NS_IsMainThread(), "Cannot use nsIURI off main thread!");

  LOG_FUNC(gImgLog, "imgRequest::Init");

  MOZ_ASSERT(!mImage, "Multiple calls to init");
  MOZ_ASSERT(aURI, "No uri");
  MOZ_ASSERT(aFinalURI, "No final uri");
  MOZ_ASSERT(aRequest, "No request");
  MOZ_ASSERT(aChannel, "No channel");

  mProperties = new nsProperties();
  mURI = aURI;
  mFinalURI = aFinalURI;
  mRequest = aRequest;
  mChannel = aChannel;
  mTimedChannel = do_QueryInterface(mChannel);
  mTriggeringPrincipal = aTriggeringPrincipal;
  mCORSMode = aCORSMode;
  mReferrerPolicy = aReferrerPolicy;

  // If the original URI and the final URI are different, check whether the
  // original URI is secure. We deliberately don't take the final URI into
  // account, as it needs to be handled using more complicated rules than
  // earlier elements of the redirect chain.
  if (aURI != aFinalURI) {
    bool isHttps = false;
    bool isChrome = false;
    bool schemeLocal = false;
    if (NS_FAILED(aURI->SchemeIs("https", &isHttps)) ||
        NS_FAILED(aURI->SchemeIs("chrome", &isChrome)) ||
        NS_FAILED(NS_URIChainHasFlags(
                  aURI,
                  nsIProtocolHandler::URI_IS_LOCAL_RESOURCE , &schemeLocal))  ||
        (!isHttps && !isChrome && !schemeLocal)) {
      mHadInsecureRedirect = true;
    }
  }

  // imgCacheValidator may have handled redirects before we were created, so we
  // allow the caller to let us know if any redirects were insecure.
  mHadInsecureRedirect = mHadInsecureRedirect || aHadInsecureRedirect;

  mChannel->GetNotificationCallbacks(getter_AddRefs(mPrevChannelSink));

  NS_ASSERTION(mPrevChannelSink != this,
               "Initializing with a channel that already calls back to us!");

  mChannel->SetNotificationCallbacks(this);

  mCacheEntry = aCacheEntry;
  mCacheEntry->UpdateLoadTime();

  SetLoadId(aCX);

  // Grab the inner window ID of the loading document, if possible.
  nsCOMPtr<nsIDocument> doc = do_QueryInterface(aCX);
  if (doc) {
    mInnerWindowId = doc->InnerWindowID();
  }

  return NS_OK;
}

void
imgRequest::ClearLoader() {
  mLoader = nullptr;
}

already_AddRefed<ProgressTracker>
imgRequest::GetProgressTracker() const
{
  MutexAutoLock lock(mMutex);

  if (mImage) {
    MOZ_ASSERT(!mProgressTracker,
               "Should have given mProgressTracker to mImage");
    return mImage->GetProgressTracker();
  }
  MOZ_ASSERT(mProgressTracker,
             "Should have mProgressTracker until we create mImage");
  RefPtr<ProgressTracker> progressTracker = mProgressTracker;
  MOZ_ASSERT(progressTracker);
  return progressTracker.forget();
}

void
imgRequest::SetCacheEntry(imgCacheEntry* entry)
{
  mCacheEntry = entry;
}

bool
imgRequest::HasCacheEntry() const
{
  return mCacheEntry != nullptr;
}

void
imgRequest::ResetCacheEntry()
{
  if (HasCacheEntry()) {
    mCacheEntry->SetDataSize(0);
  }
}

void
imgRequest::AddProxy(imgRequestProxy* proxy)
{
  MOZ_ASSERT(proxy, "null imgRequestProxy passed in");
  LOG_SCOPE_WITH_PARAM(gImgLog, "imgRequest::AddProxy", "proxy", proxy);

  if (!mFirstProxy) {
    // Save a raw pointer to the first proxy we see, for use in the network
    // priority logic.
    mFirstProxy = proxy;
  }

  // If we're empty before adding, we have to tell the loader we now have
  // proxies.
  RefPtr<ProgressTracker> progressTracker = GetProgressTracker();
  if (progressTracker->ObserverCount() == 0) {
    MOZ_ASSERT(mURI, "Trying to SetHasProxies without key uri.");
    if (mLoader) {
      mLoader->SetHasProxies(this);
    }
  }

  progressTracker->AddObserver(proxy);
}

nsresult
imgRequest::RemoveProxy(imgRequestProxy* proxy, nsresult aStatus)
{
  LOG_SCOPE_WITH_PARAM(gImgLog, "imgRequest::RemoveProxy", "proxy", proxy);

  // This will remove our animation consumers, so after removing
  // this proxy, we don't end up without proxies with observers, but still
  // have animation consumers.
  proxy->ClearAnimationConsumers();

  // Let the status tracker do its thing before we potentially call Cancel()
  // below, because Cancel() may result in OnStopRequest being called back
  // before Cancel() returns, leaving the image in a different state then the
  // one it was in at this point.
  RefPtr<ProgressTracker> progressTracker = GetProgressTracker();
  if (!progressTracker->RemoveObserver(proxy)) {
    return NS_OK;
  }

  if (progressTracker->ObserverCount() == 0) {
    // If we have no observers, there's nothing holding us alive. If we haven't
    // been cancelled and thus removed from the cache, tell the image loader so
    // we can be evicted from the cache.
    if (mCacheEntry) {
      MOZ_ASSERT(mURI, "Removing last observer without key uri.");

      if (mLoader) {
        mLoader->SetHasNoProxies(this, mCacheEntry);
      }
    } else {
      LOG_MSG_WITH_PARAM(gImgLog,
                         "imgRequest::RemoveProxy no cache entry",
                         "uri", mURI);
    }

    /* If |aStatus| is a failure code, then cancel the load if it is still in
       progress.  Otherwise, let the load continue, keeping 'this' in the cache
       with no observers.  This way, if a proxy is destroyed without calling
       cancel on it, it won't leak and won't leave a bad pointer in the observer
       list.
     */
    if (!(progressTracker->GetProgress() & FLAG_LAST_PART_COMPLETE) &&
        NS_FAILED(aStatus)) {
      LOG_MSG(gImgLog, "imgRequest::RemoveProxy",
              "load in progress.  canceling");

      this->Cancel(NS_BINDING_ABORTED);
    }

    /* break the cycle from the cache entry. */
    mCacheEntry = nullptr;
  }

  return NS_OK;
}

void
imgRequest::CancelAndAbort(nsresult aStatus)
{
  LOG_SCOPE(gImgLog, "imgRequest::CancelAndAbort");

  Cancel(aStatus);

  // It's possible for the channel to fail to open after we've set our
  // notification callbacks. In that case, make sure to break the cycle between
  // the channel and us, because it won't.
  if (mChannel) {
    mChannel->SetNotificationCallbacks(mPrevChannelSink);
    mPrevChannelSink = nullptr;
  }
}

class imgRequestMainThreadCancel : public Runnable
{
public:
  imgRequestMainThreadCancel(imgRequest* aImgRequest, nsresult aStatus)
    : Runnable("imgRequestMainThreadCancel")
    , mImgRequest(aImgRequest)
    , mStatus(aStatus)
  {
    MOZ_ASSERT(!NS_IsMainThread(), "Create me off main thread only!");
    MOZ_ASSERT(aImgRequest);
  }

  NS_IMETHOD Run() override
  {
    MOZ_ASSERT(NS_IsMainThread(), "I should be running on the main thread!");
    mImgRequest->ContinueCancel(mStatus);
    return NS_OK;
  }
private:
  RefPtr<imgRequest> mImgRequest;
  nsresult mStatus;
};

void
imgRequest::Cancel(nsresult aStatus)
{
  /* The Cancel() method here should only be called by this class. */
  LOG_SCOPE(gImgLog, "imgRequest::Cancel");

  if (NS_IsMainThread()) {
    ContinueCancel(aStatus);
  } else {
    RefPtr<ProgressTracker> progressTracker = GetProgressTracker();
    nsCOMPtr<nsIEventTarget> eventTarget = progressTracker->GetEventTarget();
    nsCOMPtr<nsIRunnable> ev = new imgRequestMainThreadCancel(this, aStatus);
    eventTarget->Dispatch(ev.forget(), NS_DISPATCH_NORMAL);
  }
}

void
imgRequest::ContinueCancel(nsresult aStatus)
{
  MOZ_ASSERT(NS_IsMainThread());

  RefPtr<ProgressTracker> progressTracker = GetProgressTracker();
  progressTracker->SyncNotifyProgress(FLAG_HAS_ERROR);

  RemoveFromCache();

  if (mRequest && !(progressTracker->GetProgress() & FLAG_LAST_PART_COMPLETE)) {
     mRequest->Cancel(aStatus);
  }
}

class imgRequestMainThreadEvict : public Runnable
{
public:
  explicit imgRequestMainThreadEvict(imgRequest* aImgRequest)
    : Runnable("imgRequestMainThreadEvict")
    , mImgRequest(aImgRequest)
  {
    MOZ_ASSERT(!NS_IsMainThread(), "Create me off main thread only!");
    MOZ_ASSERT(aImgRequest);
  }

  NS_IMETHOD Run() override
  {
    MOZ_ASSERT(NS_IsMainThread(), "I should be running on the main thread!");
    mImgRequest->ContinueEvict();
    return NS_OK;
  }
private:
  RefPtr<imgRequest> mImgRequest;
};

// EvictFromCache() is written to allowed to get called from any thread
void
imgRequest::EvictFromCache()
{
  /* The EvictFromCache() method here should only be called by this class. */
  LOG_SCOPE(gImgLog, "imgRequest::EvictFromCache");

  if (NS_IsMainThread()) {
    ContinueEvict();
  } else {
    NS_DispatchToMainThread(new imgRequestMainThreadEvict(this));
  }
}

// Helper-method used by EvictFromCache()
void
imgRequest::ContinueEvict()
{
  MOZ_ASSERT(NS_IsMainThread());

  RemoveFromCache();
}

void
imgRequest::StartDecoding()
{
  MutexAutoLock lock(mMutex);
  mDecodeRequested = true;
}

bool
imgRequest::IsDecodeRequested() const
{
  MutexAutoLock lock(mMutex);
  return mDecodeRequested;
}

nsresult imgRequest::GetURI(nsIURI** aURI)
{
  MOZ_ASSERT(aURI);

  LOG_FUNC(gImgLog, "imgRequest::GetURI");

  if (mURI) {
    *aURI = mURI;
    NS_ADDREF(*aURI);
    return NS_OK;
  }

  return NS_ERROR_FAILURE;
}

nsresult
imgRequest::GetFinalURI(nsIURI** aURI)
{
  MOZ_ASSERT(aURI);

  LOG_FUNC(gImgLog, "imgRequest::GetFinalURI");

  if (mFinalURI) {
    *aURI = mFinalURI;
    NS_ADDREF(*aURI);
    return NS_OK;
  }

  return NS_ERROR_FAILURE;
}

bool
imgRequest::IsScheme(const char* aScheme) const
{
  MOZ_ASSERT(aScheme);
  bool isScheme = false;
  if (NS_WARN_IF(NS_FAILED(mURI->SchemeIs(aScheme, &isScheme)))) {
    return false;
  }
  return isScheme;
}

bool
imgRequest::IsChrome() const
{
  return IsScheme("chrome");
}

bool
imgRequest::IsData() const
{
  return IsScheme("data");
}

nsresult
imgRequest::GetImageErrorCode()
{
  return mImageErrorCode;
}

void
imgRequest::RemoveFromCache()
{
  LOG_SCOPE(gImgLog, "imgRequest::RemoveFromCache");

  bool isInCache = false;

  {
    MutexAutoLock lock(mMutex);
    isInCache = mIsInCache;
  }

  if (isInCache && mLoader) {
    // mCacheEntry is nulled out when we have no more observers.
    if (mCacheEntry) {
      mLoader->RemoveFromCache(mCacheEntry);
    } else {
      mLoader->RemoveFromCache(mCacheKey);
    }
  }

  mCacheEntry = nullptr;
}

bool
imgRequest::HasConsumers() const
{
  RefPtr<ProgressTracker> progressTracker = GetProgressTracker();
  return progressTracker && progressTracker->ObserverCount() > 0;
}

already_AddRefed<image::Image>
imgRequest::GetImage() const
{
  MutexAutoLock lock(mMutex);
  RefPtr<image::Image> image = mImage;
  return image.forget();
}

int32_t imgRequest::Priority() const
{
  int32_t priority = nsISupportsPriority::PRIORITY_NORMAL;
  nsCOMPtr<nsISupportsPriority> p = do_QueryInterface(mRequest);
  if (p) {
    p->GetPriority(&priority);
  }
  return priority;
}

void
imgRequest::AdjustPriority(imgRequestProxy* proxy, int32_t delta)
{
  // only the first proxy is allowed to modify the priority of this image load.
  //
  // XXX(darin): this is probably not the most optimal algorithm as we may want
  // to increase the priority of requests that have a lot of proxies.  the key
  // concern though is that image loads remain lower priority than other pieces
  // of content such as link clicks, CSS, and JS.
  //
  if (!mFirstProxy || proxy != mFirstProxy) {
    return;
  }

  AdjustPriorityInternal(delta);
}

void
imgRequest::AdjustPriorityInternal(int32_t aDelta)
{
  nsCOMPtr<nsISupportsPriority> p = do_QueryInterface(mChannel);
  if (p) {
    p->AdjustPriority(aDelta);
  }
}

void
imgRequest::BoostPriority(uint32_t aCategory)
{
  if (!gfxPrefs::ImageLayoutNetworkPriority()) {
    return;
  }

  uint32_t newRequestedCategory =
    (mBoostCategoriesRequested & aCategory) ^ aCategory;
  if (!newRequestedCategory) {
    // priority boost for each category can only apply once.
    return;
  }

  MOZ_LOG(gImgLog, LogLevel::Debug,
         ("[this=%p] imgRequest::BoostPriority for category %x",
          this, newRequestedCategory));

  int32_t delta = 0;

  if (newRequestedCategory & imgIRequest::CATEGORY_FRAME_INIT) {
    --delta;
  }

  if (newRequestedCategory & imgIRequest::CATEGORY_SIZE_QUERY) {
    --delta;
  }

  if (newRequestedCategory & imgIRequest::CATEGORY_DISPLAY) {
    delta += nsISupportsPriority::PRIORITY_HIGH;
  }

  AdjustPriorityInternal(delta);
  mBoostCategoriesRequested |= newRequestedCategory;
}

void
imgRequest::SetIsInCache(bool aInCache)
{
  LOG_FUNC_WITH_PARAM(gImgLog,
                      "imgRequest::SetIsCacheable", "aInCache", aInCache);
  MutexAutoLock lock(mMutex);
  mIsInCache = aInCache;
}

void
imgRequest::UpdateCacheEntrySize()
{
  if (!mCacheEntry) {
    return;
  }

  RefPtr<Image> image = GetImage();
  SizeOfState state(moz_malloc_size_of);
  size_t size = image->SizeOfSourceWithComputedFallback(state);
  mCacheEntry->SetDataSize(size);
}

void
imgRequest::SetCacheValidation(imgCacheEntry* aCacheEntry, nsIRequest* aRequest)
{
  /* get the expires info */
  if (aCacheEntry) {
    // Expiration time defaults to 0. We set the expiration time on our
    // entry if it hasn't been set yet.
    if (aCacheEntry->GetExpiryTime() == 0) {
      uint32_t expiration = 0;
      nsCOMPtr<nsICacheInfoChannel> cacheChannel(do_QueryInterface(aRequest));
      if (cacheChannel) {
        /* get the expiration time from the caching channel's token */
        cacheChannel->GetCacheTokenExpirationTime(&expiration);
      }
      if (expiration == 0) {
        // If the channel doesn't support caching, then ensure this expires the
        // next time it is used.
        expiration = imgCacheEntry::SecondsFromPRTime(PR_Now()) - 1;
      }
      aCacheEntry->SetExpiryTime(expiration);
    }

    // Determine whether the cache entry must be revalidated when we try to use
    // it. Currently, only HTTP specifies this information...
    nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aRequest));
    if (httpChannel) {
      bool bMustRevalidate = false;

      Unused << httpChannel->IsNoStoreResponse(&bMustRevalidate);

      if (!bMustRevalidate) {
        Unused << httpChannel->IsNoCacheResponse(&bMustRevalidate);
      }

      if (!bMustRevalidate) {
        nsAutoCString cacheHeader;

        Unused << httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("Cache-Control"),
                                                 cacheHeader);
        if (PL_strcasestr(cacheHeader.get(), "must-revalidate")) {
          bMustRevalidate = true;
        }
      }

      // Cache entries default to not needing to validate. We ensure that
      // multiple calls to this function don't override an earlier decision to
      // validate by making validation a one-way decision.
      if (bMustRevalidate) {
        aCacheEntry->SetMustValidate(bMustRevalidate);
      }
    }
  }
}

namespace {

already_AddRefed<nsIApplicationCache>
GetApplicationCache(nsIRequest* aRequest)
{
  nsresult rv;

  nsCOMPtr<nsIApplicationCacheChannel> appCacheChan =
    do_QueryInterface(aRequest);
  if (!appCacheChan) {
    return nullptr;
  }

  bool fromAppCache;
  rv = appCacheChan->GetLoadedFromApplicationCache(&fromAppCache);
  NS_ENSURE_SUCCESS(rv, nullptr);

  if (!fromAppCache) {
    return nullptr;
  }

  nsCOMPtr<nsIApplicationCache> appCache;
  rv = appCacheChan->GetApplicationCache(getter_AddRefs(appCache));
  NS_ENSURE_SUCCESS(rv, nullptr);

  return appCache.forget();
}

} // namespace

bool
imgRequest::CacheChanged(nsIRequest* aNewRequest)
{
  nsCOMPtr<nsIApplicationCache> newAppCache = GetApplicationCache(aNewRequest);

  // Application cache not involved at all or the same app cache involved
  // in both of the loads (original and new).
  if (newAppCache == mApplicationCache) {
    return false;
  }

  // In a rare case it may happen that two objects still refer
  // the same application cache version.
  if (newAppCache && mApplicationCache) {
    nsresult rv;

    nsAutoCString oldAppCacheClientId, newAppCacheClientId;
    rv = mApplicationCache->GetClientID(oldAppCacheClientId);
    NS_ENSURE_SUCCESS(rv, true);
    rv = newAppCache->GetClientID(newAppCacheClientId);
    NS_ENSURE_SUCCESS(rv, true);

    if (oldAppCacheClientId == newAppCacheClientId) {
      return false;
    }
  }

  // When we get here, app caches differ or app cache is involved
  // just in one of the loads what we also consider as a change
  // in a loading cache.
  return true;
}

bool
imgRequest::GetMultipart() const
{
  MutexAutoLock lock(mMutex);
  return mIsMultiPartChannel;
}

bool
imgRequest::HadInsecureRedirect() const
{
  MutexAutoLock lock(mMutex);
  return mHadInsecureRedirect;
}

/** nsIRequestObserver methods **/

NS_IMETHODIMP
imgRequest::OnStartRequest(nsIRequest* aRequest, nsISupports* ctxt)
{
  LOG_SCOPE(gImgLog, "imgRequest::OnStartRequest");

  RefPtr<Image> image;

  // Figure out if we're multipart.
  nsCOMPtr<nsIMultiPartChannel> multiPartChannel = do_QueryInterface(aRequest);
  MOZ_ASSERT(multiPartChannel || !mIsMultiPartChannel,
             "Stopped being multipart?"); {
    MutexAutoLock lock(mMutex);
    mNewPartPending = true;
    image = mImage;
    mIsMultiPartChannel = bool(multiPartChannel);
  }

  // If we're not multipart, we shouldn't have an image yet.
  if (image && !multiPartChannel) {
    MOZ_ASSERT_UNREACHABLE("Already have an image for a non-multipart request");
    Cancel(NS_IMAGELIB_ERROR_FAILURE);
    return NS_ERROR_FAILURE;
  }

  /*
   * If mRequest is null here, then we need to set it so that we'll be able to
   * cancel it if our Cancel() method is called.  Note that this can only
   * happen for multipart channels.  We could simply not null out mRequest for
   * non-last parts, if GetIsLastPart() were reliable, but it's not.  See
   * https://bugzilla.mozilla.org/show_bug.cgi?id=339610
   */
  if (!mRequest) {
    MOZ_ASSERT(multiPartChannel, "Should have mRequest unless we're multipart");
    nsCOMPtr<nsIChannel> baseChannel;
    multiPartChannel->GetBaseChannel(getter_AddRefs(baseChannel));
    mRequest = baseChannel;
  }

  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
  if (channel) {
    /* Get our principal */
    nsCOMPtr<nsIScriptSecurityManager>
      secMan = nsContentUtils::GetSecurityManager();
    if (secMan) {
      nsresult rv =
        secMan->GetChannelResultPrincipal(channel, getter_AddRefs(mPrincipal));
      if (NS_FAILED(rv)) {
        return rv;
      }
    }
  }

  SetCacheValidation(mCacheEntry, aRequest);

  mApplicationCache = GetApplicationCache(aRequest);

  // Shouldn't we be dead already if this gets hit?
  // Probably multipart/x-mixed-replace...
  RefPtr<ProgressTracker> progressTracker = GetProgressTracker();
  if (progressTracker->ObserverCount() == 0) {
    this->Cancel(NS_IMAGELIB_ERROR_FAILURE);
  }

  // Try to retarget OnDataAvailable to a decode thread. We must process data
  // URIs synchronously as per the spec however.
  if (!channel || IsData()) {
    return NS_OK;
  }

  nsCOMPtr<nsIThreadRetargetableRequest> retargetable =
    do_QueryInterface(aRequest);
  if (retargetable) {
    nsAutoCString mimeType;
    nsresult rv = channel->GetContentType(mimeType);
    if (NS_SUCCEEDED(rv) && !mimeType.EqualsLiteral(IMAGE_SVG_XML)) {
      // Retarget OnDataAvailable to the DecodePool's IO thread.
      nsCOMPtr<nsIEventTarget> target =
        DecodePool::Singleton()->GetIOEventTarget();
      rv = retargetable->RetargetDeliveryTo(target);
    }
    MOZ_LOG(gImgLog, LogLevel::Warning,
           ("[this=%p] imgRequest::OnStartRequest -- "
            "RetargetDeliveryTo rv %" PRIu32 "=%s\n",
            this, static_cast<uint32_t>(rv), NS_SUCCEEDED(rv) ? "succeeded" : "failed"));
  }

  return NS_OK;
}

NS_IMETHODIMP
imgRequest::OnStopRequest(nsIRequest* aRequest,
                          nsISupports* ctxt, nsresult status)
{
  LOG_FUNC(gImgLog, "imgRequest::OnStopRequest");
  MOZ_ASSERT(NS_IsMainThread(), "Can't send notifications off-main-thread");

  RefPtr<Image> image = GetImage();

  RefPtr<imgRequest> strongThis = this;

  if (mIsMultiPartChannel && mNewPartPending) {
    OnDataAvailable(aRequest, ctxt, nullptr, 0, 0);
  }

  // XXXldb What if this is a non-last part of a multipart request?
  // xxx before we release our reference to mRequest, lets
  // save the last status that we saw so that the
  // imgRequestProxy will have access to it.
  if (mRequest) {
    mRequest = nullptr;  // we no longer need the request
  }

  // stop holding a ref to the channel, since we don't need it anymore
  if (mChannel) {
    mChannel->SetNotificationCallbacks(mPrevChannelSink);
    mPrevChannelSink = nullptr;
    mChannel = nullptr;
  }

  bool lastPart = true;
  nsCOMPtr<nsIMultiPartChannel> mpchan(do_QueryInterface(aRequest));
  if (mpchan) {
    mpchan->GetIsLastPart(&lastPart);
  }

  bool isPartial = false;
  if (image && (status == NS_ERROR_NET_PARTIAL_TRANSFER)) {
    isPartial = true;
    status = NS_OK; // fake happy face
  }

  // Tell the image that it has all of the source data. Note that this can
  // trigger a failure, since the image might be waiting for more non-optional
  // data and this is the point where we break the news that it's not coming.
  if (image) {
    nsresult rv = image->OnImageDataComplete(aRequest, ctxt, status, lastPart);

    // If we got an error in the OnImageDataComplete() call, we don't want to
    // proceed as if nothing bad happened. However, we also want to give
    // precedence to failure status codes from necko, since presumably they're
    // more meaningful.
    if (NS_FAILED(rv) && NS_SUCCEEDED(status)) {
      status = rv;
    }
  }

  // If the request went through, update the cache entry size. Otherwise,
  // cancel the request, which removes us from the cache.
  if (image && NS_SUCCEEDED(status) && !isPartial) {
    // We update the cache entry size here because this is where we finish
    // loading compressed source data, which is part of our size calculus.
    UpdateCacheEntrySize();

  } else if (isPartial) {
    // Remove the partial image from the cache.
    this->EvictFromCache();

  } else {
    mImageErrorCode = status;

    // if the error isn't "just" a partial transfer
    // stops animations, removes from cache
    this->Cancel(status);
  }

  if (!image) {
    // We have to fire the OnStopRequest notifications ourselves because there's
    // no image capable of doing so.
    Progress progress =
      LoadCompleteProgress(lastPart, /* aError = */ false, status);

    RefPtr<ProgressTracker> progressTracker = GetProgressTracker();
    progressTracker->SyncNotifyProgress(progress);
  }

  mTimedChannel = nullptr;
  return NS_OK;
}

struct mimetype_closure
{
  nsACString* newType;
  uint32_t segmentSize;
};

/* prototype for these defined below */
static nsresult
sniff_mimetype_callback(nsIInputStream* in, void* closure,
                        const char* fromRawSegment, uint32_t toOffset,
                        uint32_t count, uint32_t* writeCount);

/** nsThreadRetargetableStreamListener methods **/
NS_IMETHODIMP
imgRequest::CheckListenerChain()
{
  // TODO Might need more checking here.
  NS_ASSERTION(NS_IsMainThread(), "Should be on the main thread!");
  return NS_OK;
}

/** nsIStreamListener methods **/

struct NewPartResult final
{
  explicit NewPartResult(image::Image* aExistingImage)
    : mImage(aExistingImage)
    , mIsFirstPart(!aExistingImage)
    , mSucceeded(false)
    , mShouldResetCacheEntry(false)
  { }

  nsAutoCString mContentType;
  nsAutoCString mContentDisposition;
  RefPtr<image::Image> mImage;
  const bool mIsFirstPart;
  bool mSucceeded;
  bool mShouldResetCacheEntry;
};

static NewPartResult
PrepareForNewPart(nsIRequest* aRequest, nsIInputStream* aInStr, uint32_t aCount,
                  nsIURI* aURI, bool aIsMultipart, image::Image* aExistingImage,
                  ProgressTracker* aProgressTracker, uint32_t aInnerWindowId)
{
  NewPartResult result(aExistingImage);

  if (aInStr) {
    mimetype_closure closure;
    closure.newType = &result.mContentType;
    closure.segmentSize = 0;

    // Look at the first few bytes and see if we can tell what the data is from
    // that since servers tend to lie. :(
    uint32_t out;
    aInStr->ReadSegments(sniff_mimetype_callback, &closure, aCount, &out);

    // We don't support WebP but we are getting reports of Firefox being served
    // WebP content in the wild. In particular this appears to be a problem on
    // Fennec where content authors assume Android implies WebP support. The
    // telemetry below is intended to get a sense of how prevalent this is.
    //
    // From the Google WebP FAQ example and the Modernizr library, websites may
    // supply a tiny WebP image to probe for feature support using scripts. The
    // probes are implemented as data URIs thus we should have all the content
    // upfront. We don't want to consider a probe as having observed WebP since
    // in theory the client should do the right thing when we fail to decode it.
    // See https://developers.google.com/speed/webp/faq for details.
    bool webp = result.mContentType.EqualsLiteral(IMAGE_WEBP);
    bool webpProbe = false;
    if (webp) {
      // The probes from the example/library are all < 90 bytes. Round it up
      // just in case.
      const uint32_t kMaxProbeSize = 100;
      if (closure.segmentSize < kMaxProbeSize &&
          NS_FAILED(aURI->SchemeIs("data", &webpProbe))) {
        webpProbe = false;
      }

      if (webpProbe) {
        Telemetry::ScalarSet(Telemetry::ScalarID::IMAGES_WEBP_PROBE_OBSERVED,
                             true);
      } else {
        Telemetry::ScalarSet(Telemetry::ScalarID::IMAGES_WEBP_CONTENT_OBSERVED,
                             true);
      }
    }

    if (!webpProbe) {
      Telemetry::ScalarAdd(Telemetry::ScalarID::IMAGES_WEBP_CONTENT_FREQUENCY,
                           webp ? NS_LITERAL_STRING("webp") :
                                  NS_LITERAL_STRING("other"), 1);
    }
  }

  nsCOMPtr<nsIChannel> chan(do_QueryInterface(aRequest));
  if (result.mContentType.IsEmpty()) {
    nsresult rv = chan ? chan->GetContentType(result.mContentType)
                       : NS_ERROR_FAILURE;
    if (NS_FAILED(rv)) {
      MOZ_LOG(gImgLog,
              LogLevel::Error, ("imgRequest::PrepareForNewPart -- "
                                "Content type unavailable from the channel\n"));
      if (!aIsMultipart) {
        return result;
      }
    }
  }

  if (chan) {
    chan->GetContentDispositionHeader(result.mContentDisposition);
  }

  MOZ_LOG(gImgLog, LogLevel::Debug,
         ("imgRequest::PrepareForNewPart -- Got content type %s\n",
          result.mContentType.get()));

  // XXX If server lied about mimetype and it's SVG, we may need to copy
  // the data and dispatch back to the main thread, AND tell the channel to
  // dispatch there in the future.

  // Create the new image and give it ownership of our ProgressTracker.
  if (aIsMultipart) {
    // Create the ProgressTracker and image for this part.
    RefPtr<ProgressTracker> progressTracker = new ProgressTracker();
    RefPtr<image::Image> partImage =
      image::ImageFactory::CreateImage(aRequest, progressTracker,
                                       result.mContentType,
                                       aURI, /* aIsMultipart = */ true,
                                       aInnerWindowId);

    if (result.mIsFirstPart) {
      // First part for a multipart channel. Create the MultipartImage wrapper.
      MOZ_ASSERT(aProgressTracker, "Shouldn't have given away tracker yet");
      aProgressTracker->SetIsMultipart();
      result.mImage =
        image::ImageFactory::CreateMultipartImage(partImage, aProgressTracker);
    } else {
      // Transition to the new part.
      auto multipartImage = static_cast<MultipartImage*>(aExistingImage);
      multipartImage->BeginTransitionToPart(partImage);

      // Reset our cache entry size so it doesn't keep growing without bound.
      result.mShouldResetCacheEntry = true;
    }
  } else {
    MOZ_ASSERT(!aExistingImage, "New part for non-multipart channel?");
    MOZ_ASSERT(aProgressTracker, "Shouldn't have given away tracker yet");

    // Create an image using our progress tracker.
    result.mImage =
      image::ImageFactory::CreateImage(aRequest, aProgressTracker,
                                       result.mContentType,
                                       aURI, /* aIsMultipart = */ false,
                                       aInnerWindowId);
  }

  MOZ_ASSERT(result.mImage);
  if (!result.mImage->HasError() || aIsMultipart) {
    // We allow multipart images to fail to initialize (which generally
    // indicates a bad content type) without cancelling the load, because
    // subsequent parts might be fine.
    result.mSucceeded = true;
  }

  return result;
}

class FinishPreparingForNewPartRunnable final : public Runnable
{
public:
  FinishPreparingForNewPartRunnable(imgRequest* aImgRequest,
                                    NewPartResult&& aResult)
    : Runnable("FinishPreparingForNewPartRunnable")
    , mImgRequest(aImgRequest)
    , mResult(aResult)
  {
    MOZ_ASSERT(aImgRequest);
  }

  NS_IMETHOD Run() override
  {
    mImgRequest->FinishPreparingForNewPart(mResult);
    return NS_OK;
  }

private:
  RefPtr<imgRequest> mImgRequest;
  NewPartResult mResult;
};

void
imgRequest::FinishPreparingForNewPart(const NewPartResult& aResult)
{
  MOZ_ASSERT(NS_IsMainThread());

  mContentType = aResult.mContentType;

  SetProperties(aResult.mContentType, aResult.mContentDisposition);

  if (aResult.mIsFirstPart) {
    // Notify listeners that we have an image.
    RefPtr<ProgressTracker> progressTracker = GetProgressTracker();
    progressTracker->OnImageAvailable();
    MOZ_ASSERT(progressTracker->HasImage());
  }

  if (aResult.mShouldResetCacheEntry) {
    ResetCacheEntry();
  }

  if (IsDecodeRequested()) {
    aResult.mImage->StartDecoding(imgIContainer::FLAG_NONE);
  }
}

NS_IMETHODIMP
imgRequest::OnDataAvailable(nsIRequest* aRequest, nsISupports* aContext,
                            nsIInputStream* aInStr, uint64_t aOffset,
                            uint32_t aCount)
{
  LOG_SCOPE_WITH_PARAM(gImgLog, "imgRequest::OnDataAvailable",
                       "count", aCount);

  NS_ASSERTION(aRequest, "imgRequest::OnDataAvailable -- no request!");

  RefPtr<Image> image;
  RefPtr<ProgressTracker> progressTracker;
  bool isMultipart = false;
  bool newPartPending = false;

  // Retrieve and update our state.
  {
    MutexAutoLock lock(mMutex);
    image = mImage;
    progressTracker = mProgressTracker;
    isMultipart = mIsMultiPartChannel;
    newPartPending = mNewPartPending;
    mNewPartPending = false;
  }

  // If this is a new part, we need to sniff its content type and create an
  // appropriate image.
  if (newPartPending) {
    NewPartResult result = PrepareForNewPart(aRequest, aInStr, aCount, mURI,
                                             isMultipart, image,
                                             progressTracker, mInnerWindowId);
    bool succeeded = result.mSucceeded;

    if (result.mImage) {
      image = result.mImage;
      nsCOMPtr<nsIEventTarget> eventTarget;

      // Update our state to reflect this new part.
      {
        MutexAutoLock lock(mMutex);
        mImage = image;

        // We only get an event target if we are not on the main thread, because
        // we have to dispatch in that case. If we are on the main thread, but
        // on a different scheduler group than ProgressTracker would give us,
        // that is okay because nothing in imagelib requires that, just our
        // listeners (which have their own checks).
        if (!NS_IsMainThread()) {
          eventTarget = mProgressTracker->GetEventTarget();
          MOZ_ASSERT(eventTarget);
        }

        mProgressTracker = nullptr;
      }

      // Some property objects are not threadsafe, and we need to send
      // OnImageAvailable on the main thread, so finish on the main thread.
      if (!eventTarget) {
        MOZ_ASSERT(NS_IsMainThread());
        FinishPreparingForNewPart(result);
      } else {
        nsCOMPtr<nsIRunnable> runnable =
          new FinishPreparingForNewPartRunnable(this, std::move(result));
        eventTarget->Dispatch(runnable.forget(), NS_DISPATCH_NORMAL);
      }
    }

    if (!succeeded) {
      // Something went wrong; probably a content type issue.
      Cancel(NS_IMAGELIB_ERROR_FAILURE);
      return NS_BINDING_ABORTED;
    }
  }

  // Notify the image that it has new data.
  if (aInStr) {
    nsresult rv =
      image->OnImageDataAvailable(aRequest, aContext, aInStr, aOffset, aCount);

    if (NS_FAILED(rv)) {
      MOZ_LOG(gImgLog, LogLevel::Warning,
             ("[this=%p] imgRequest::OnDataAvailable -- "
              "copy to RasterImage failed\n", this));
      Cancel(NS_IMAGELIB_ERROR_FAILURE);
      return NS_BINDING_ABORTED;
    }
  }

  return NS_OK;
}

void
imgRequest::SetProperties(const nsACString& aContentType,
                          const nsACString& aContentDisposition)
{
  /* set our mimetype as a property */
  nsCOMPtr<nsISupportsCString> contentType =
    do_CreateInstance("@mozilla.org/supports-cstring;1");
  if (contentType) {
    contentType->SetData(aContentType);
    mProperties->Set("type", contentType);
  }

  /* set our content disposition as a property */
  if (!aContentDisposition.IsEmpty()) {
    nsCOMPtr<nsISupportsCString> contentDisposition =
      do_CreateInstance("@mozilla.org/supports-cstring;1");
    if (contentDisposition) {
      contentDisposition->SetData(aContentDisposition);
      mProperties->Set("content-disposition", contentDisposition);
    }
  }
}

static nsresult
sniff_mimetype_callback(nsIInputStream* in,
                        void* data,
                        const char* fromRawSegment,
                        uint32_t toOffset,
                        uint32_t count,
                        uint32_t* writeCount)
{
  mimetype_closure* closure = static_cast<mimetype_closure*>(data);

  NS_ASSERTION(closure, "closure is null!");

  closure->segmentSize = count;
  if (count > 0) {
    imgLoader::GetMimeTypeFromContent(fromRawSegment, count, *closure->newType);
  }

  *writeCount = 0;
  return NS_ERROR_FAILURE;
}


/** nsIInterfaceRequestor methods **/

NS_IMETHODIMP
imgRequest::GetInterface(const nsIID & aIID, void** aResult)
{
  if (!mPrevChannelSink || aIID.Equals(NS_GET_IID(nsIChannelEventSink))) {
    return QueryInterface(aIID, aResult);
  }

  NS_ASSERTION(mPrevChannelSink != this,
    "Infinite recursion - don't keep track of channel sinks that are us!");
  return mPrevChannelSink->GetInterface(aIID, aResult);
}

/** nsIChannelEventSink methods **/
NS_IMETHODIMP
imgRequest::AsyncOnChannelRedirect(nsIChannel* oldChannel,
                                   nsIChannel* newChannel, uint32_t flags,
                                   nsIAsyncVerifyRedirectCallback* callback)
{
  NS_ASSERTION(mRequest && mChannel,
               "Got a channel redirect after we nulled out mRequest!");
  NS_ASSERTION(mChannel == oldChannel,
               "Got a channel redirect for an unknown channel!");
  NS_ASSERTION(newChannel, "Got a redirect to a NULL channel!");

  SetCacheValidation(mCacheEntry, oldChannel);

  // Prepare for callback
  mRedirectCallback = callback;
  mNewRedirectChannel = newChannel;

  nsCOMPtr<nsIChannelEventSink> sink(do_GetInterface(mPrevChannelSink));
  if (sink) {
    nsresult rv = sink->AsyncOnChannelRedirect(oldChannel, newChannel, flags,
                                               this);
    if (NS_FAILED(rv)) {
        mRedirectCallback = nullptr;
        mNewRedirectChannel = nullptr;
    }
    return rv;
  }

  (void) OnRedirectVerifyCallback(NS_OK);
  return NS_OK;
}

NS_IMETHODIMP
imgRequest::OnRedirectVerifyCallback(nsresult result)
{
  NS_ASSERTION(mRedirectCallback, "mRedirectCallback not set in callback");
  NS_ASSERTION(mNewRedirectChannel, "mNewRedirectChannel not set in callback");

  if (NS_FAILED(result)) {
      mRedirectCallback->OnRedirectVerifyCallback(result);
      mRedirectCallback = nullptr;
      mNewRedirectChannel = nullptr;
      return NS_OK;
  }

  mChannel = mNewRedirectChannel;
  mTimedChannel = do_QueryInterface(mChannel);
  mNewRedirectChannel = nullptr;

  if (LOG_TEST(LogLevel::Debug)) {
    LOG_MSG_WITH_PARAM(gImgLog,
                       "imgRequest::OnChannelRedirect", "old",
                       mFinalURI ? mFinalURI->GetSpecOrDefault().get()
                                 : "");
  }

  // If the previous URI is a non-HTTPS URI, record that fact for later use by
  // security code, which needs to know whether there is an insecure load at any
  // point in the redirect chain.
  bool isHttps = false;
  bool isChrome = false;
  bool schemeLocal = false;
  if (NS_FAILED(mFinalURI->SchemeIs("https", &isHttps)) ||
      NS_FAILED(mFinalURI->SchemeIs("chrome", &isChrome)) ||
      NS_FAILED(NS_URIChainHasFlags(mFinalURI,
                                    nsIProtocolHandler::URI_IS_LOCAL_RESOURCE,
                                    &schemeLocal))  ||
      (!isHttps && !isChrome && !schemeLocal)) {
    MutexAutoLock lock(mMutex);

    // The csp directive upgrade-insecure-requests performs an internal redirect
    // to upgrade all requests from http to https before any data is fetched from
    // the network. Do not pollute mHadInsecureRedirect in case of such an internal
    // redirect.
    nsCOMPtr<nsILoadInfo> loadInfo = mChannel->GetLoadInfo();
    bool upgradeInsecureRequests = loadInfo ?
                                   loadInfo->GetUpgradeInsecureRequests() ||
                                   loadInfo->GetBrowserUpgradeInsecureRequests()
                                            : false;
    if (!upgradeInsecureRequests) {
      mHadInsecureRedirect = true;
    }
  }

  // Update the final URI.
  mChannel->GetURI(getter_AddRefs(mFinalURI));

  if (LOG_TEST(LogLevel::Debug)) {
    LOG_MSG_WITH_PARAM(gImgLog, "imgRequest::OnChannelRedirect", "new",
                       mFinalURI ? mFinalURI->GetSpecOrDefault().get()
                                 : "");
  }

  // Make sure we have a protocol that returns data rather than opens an
  // external application, e.g. 'mailto:'.
  bool doesNotReturnData = false;
  nsresult rv =
    NS_URIChainHasFlags(mFinalURI,
                        nsIProtocolHandler::URI_DOES_NOT_RETURN_DATA,
                        &doesNotReturnData);

  if (NS_SUCCEEDED(rv) && doesNotReturnData) {
    rv = NS_ERROR_ABORT;
  }

  if (NS_FAILED(rv)) {
    mRedirectCallback->OnRedirectVerifyCallback(rv);
    mRedirectCallback = nullptr;
    return NS_OK;
  }

  mRedirectCallback->OnRedirectVerifyCallback(NS_OK);
  mRedirectCallback = nullptr;
  return NS_OK;
}

Coverage Report

Created: 2018-09-25 14:53