guix-devel/gnu/packages/patches/icecat-CVE-2016-1930-pt12.p...

92 lines
3.9 KiB
Diff

Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/8c184c30caa6
Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230668
# HG changeset patch
# User L. David Baron <dbaron@dbaron.org>
# Date 1452248144 -39600
# Node ID 8c184c30caa6d16f5ec63cce9a77d16f25d2e57e
# Parent 0f7224441f2089001f7934b46ac10cb72d267606
Bug 1230668 - Don't use frame when not in composed document. r=heycam a=sylvestre
diff --git a/layout/style/nsComputedDOMStyle.cpp b/layout/style/nsComputedDOMStyle.cpp
--- a/layout/style/nsComputedDOMStyle.cpp
+++ b/layout/style/nsComputedDOMStyle.cpp
@@ -421,26 +421,31 @@ nsComputedDOMStyle::GetStyleContextForEl
{
MOZ_ASSERT(aElement, "NULL element");
// If the content has a pres shell, we must use it. Otherwise we'd
// potentially mix rule trees by using the wrong pres shell's style
// set. Using the pres shell from the content also means that any
// content that's actually *in* a document will get the style from the
// correct document.
nsIPresShell *presShell = GetPresShellForContent(aElement);
+ bool inDocWithShell = true;
if (!presShell) {
+ inDocWithShell = false;
presShell = aPresShell;
if (!presShell)
return nullptr;
}
- // XXX the !aElement->IsHTML(nsGkAtoms::area)
- // check is needed due to bug 135040 (to avoid using
+ // XXX the !aElement->IsHTML(nsGkAtoms::area)
+ // check is needed due to bug 135040 (to avoid using
// mPrimaryFrame). Remove it once that's fixed.
- if (!aPseudo && aStyleType == eAll && !aElement->IsHTML(nsGkAtoms::area)) {
+ if (!aPseudo && aStyleType == eAll && inDocWithShell &&
+ !aElement->IsHTML(nsGkAtoms::area)) {
+ if (!aPseudo && aStyleType == eAll && inDocWithShell &&
+ !aElement->IsHTMLElement(nsGkAtoms::area)) {
nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement);
if (frame) {
nsStyleContext* result = frame->StyleContext();
// Don't use the style context if it was influenced by
// pseudo-elements, since then it's not the primary style
// for this element.
if (!result->HasPseudoElementData()) {
// this function returns an addrefed style context
@@ -468,17 +473,18 @@ nsComputedDOMStyle::GetStyleContextForEl
nsRefPtr<nsStyleContext> sc;
if (aPseudo) {
nsCSSPseudoElements::Type type = nsCSSPseudoElements::GetPseudoType(aPseudo);
if (type >= nsCSSPseudoElements::ePseudo_PseudoElementCount) {
return nullptr;
}
nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement);
- Element* pseudoElement = frame ? frame->GetPseudoElement(type) : nullptr;
+ Element* pseudoElement =
+ frame && inDocWithShell ? frame->GetPseudoElement(type) : nullptr;
sc = styleSet->ResolvePseudoElementStyle(aElement, type, parentContext,
pseudoElement);
} else {
sc = styleSet->ResolveStyleFor(aElement, parentContext);
}
if (aStyleType == eDefaultOnly) {
// We really only want the user and UA rules. Filter out the other ones.
@@ -592,18 +598,18 @@ nsComputedDOMStyle::UpdateCurrentStyleSo
mFlushedPendingReflows = aNeedsLayoutFlush;
#endif
mPresShell = document->GetShell();
if (!mPresShell || !mPresShell->GetPresContext()) {
return;
}
- // XXX the !mContent->IsHTML(nsGkAtoms::area)
- // check is needed due to bug 135040 (to avoid using
+ // XXX the !mContent->IsHTML(nsGkAtoms::area)
+ // check is needed due to bug 135040 (to avoid using
// mPrimaryFrame). Remove it once that's fixed.
if (!mPseudo && mStyleType == eAll && !mContent->IsHTML(nsGkAtoms::area)) {
mOuterFrame = mContent->GetPrimaryFrame();
mInnerFrame = mOuterFrame;
if (mOuterFrame) {
nsIAtom* type = mOuterFrame->GetType();
if (type == nsGkAtoms::tableOuterFrame) {
// If the frame is an outer table frame then we should get the style