Bug 1748482 - Check XML parser for brokenness in various methods. r=s…

…maug Differential Revision: https://phabricator.services.mozilla.com/D135096
iaxat · Jan 5, 2022 · d83308e · d83308e
1 parent 1617ea1
commit d83308e
Showing 1 changed file with 68 additions and 1 deletion.
diff --git a/parser/htmlparser/nsParser.cpp b/parser/htmlparser/nsParser.cpp
@@ -394,6 +394,12 @@ nsParser::CancelParsingEvents() {
 nsresult nsParser::WillBuildModel(nsString& aFilename) {
   if (!mParserContext) return NS_ERROR_HTMLPARSER_INVALIDPARSERCONTEXT;
 
+  if (mInternalState == NS_ERROR_OUT_OF_MEMORY) {
+    // Checking NS_ERROR_OUT_OF_MEMORY instead of NS_FAILED
+    // to avoid introducing unintentional changes to behavior.
+    return mInternalState;
+  }
+
   if (eUnknownDetect != mParserContext->mAutoDetectStatus) return NS_OK;
 
   if (eDTDMode_unknown == mParserContext->mDTDMode ||
@@ -562,6 +568,12 @@ nsParser::Terminate(void) {
 
 NS_IMETHODIMP
 nsParser::ContinueInterruptedParsing() {
+  if (mInternalState == NS_ERROR_OUT_OF_MEMORY) {
+    // Checking NS_ERROR_OUT_OF_MEMORY instead of NS_FAILED
+    // to avoid introducing unintentional changes to behavior.
+    return mInternalState;
+  }
+
   // If there are scripts executing, then the content sink is jumping the gun
   // (probably due to a synchronous XMLHttpRequest) and will re-enable us
   // later, see bug 460706.
@@ -680,6 +692,12 @@ NS_IMETHODIMP
 nsParser::Parse(nsIURI* aURL, void* aKey) {
   MOZ_ASSERT(aURL, "Error: Null URL given");
 
+  if (mInternalState == NS_ERROR_OUT_OF_MEMORY) {
+    // Checking NS_ERROR_OUT_OF_MEMORY instead of NS_FAILED
+    // to avoid introducing unintentional changes to behavior.
+    return mInternalState;
+  }
+
   nsresult result = NS_ERROR_HTMLPARSER_BADURL;
 
   if (aURL) {
@@ -690,7 +708,8 @@ nsParser::Parse(nsIURI* aURL, void* aKey) {
     }
     nsString theName;  // Not nsAutoString due to length and usage
     if (!CopyUTF8toUTF16(spec, theName, mozilla::fallible)) {
-      return NS_ERROR_OUT_OF_MEMORY;
+      mInternalState = NS_ERROR_OUT_OF_MEMORY;
+      return mInternalState;
     }
 
     nsScanner* theScanner = new nsScanner(theName, false);
@@ -719,6 +738,12 @@ nsresult nsParser::Parse(const nsAString& aSourceBuffer, void* aKey,
                          bool aLastCall) {
   nsresult result = NS_OK;
 
+  if (mInternalState == NS_ERROR_OUT_OF_MEMORY) {
+    // Checking NS_ERROR_OUT_OF_MEMORY instead of NS_FAILED
+    // to avoid introducing unintentional changes to behavior.
+    return mInternalState;
+  }
+
   // Don't bother if we're never going to parse this.
   if (mInternalState == NS_ERROR_HTMLPARSER_STOPPARSING) {
     return result;
@@ -826,6 +851,12 @@ nsresult nsParser::Parse(const nsAString& aSourceBuffer, void* aKey,
 NS_IMETHODIMP
 nsParser::ParseFragment(const nsAString& aSourceBuffer,
                         nsTArray<nsString>& aTagStack) {
+  if (mInternalState == NS_ERROR_OUT_OF_MEMORY) {
+    // Checking NS_ERROR_OUT_OF_MEMORY instead of NS_FAILED
+    // to avoid introducing unintentional changes to behavior.
+    return mInternalState;
+  }
+
   nsresult result = NS_OK;
   nsAutoString theContext;
   uint32_t theCount = aTagStack.Length();
@@ -929,6 +960,12 @@ nsParser::ParseFragment(const nsAString& aSourceBuffer,
  */
 nsresult nsParser::ResumeParse(bool allowIteration, bool aIsFinalChunk,
                                bool aCanInterrupt) {
+  if (mInternalState == NS_ERROR_OUT_OF_MEMORY) {
+    // Checking NS_ERROR_OUT_OF_MEMORY instead of NS_FAILED
+    // to avoid introducing unintentional changes to behavior.
+    return mInternalState;
+  }
+
   nsresult result = NS_OK;
 
   if (!mBlocked && mInternalState != NS_ERROR_HTMLPARSER_STOPPARSING) {
@@ -1043,6 +1080,12 @@ nsresult nsParser::ResumeParse(bool allowIteration, bool aIsFinalChunk,
  *  tokenization phase, and try to make sense out of them.
  */
 nsresult nsParser::BuildModel() {
+  if (mInternalState == NS_ERROR_OUT_OF_MEMORY) {
+    // Checking NS_ERROR_OUT_OF_MEMORY instead of NS_FAILED
+    // to avoid introducing unintentional changes to behavior.
+    return mInternalState;
+  }
+
   nsITokenizer* theTokenizer = nullptr;
 
   nsresult result = NS_OK;
@@ -1065,6 +1108,12 @@ nsresult nsParser::BuildModel() {
  *******************************************************************/
 
 nsresult nsParser::OnStartRequest(nsIRequest* request) {
+  if (mInternalState == NS_ERROR_OUT_OF_MEMORY) {
+    // Checking NS_ERROR_OUT_OF_MEMORY instead of NS_FAILED
+    // to avoid introducing unintentional changes to behavior.
+    return mInternalState;
+  }
+
   MOZ_ASSERT(eNone == mParserContext->mStreamListenerState,
              "Parser's nsIStreamListener API was not setup "
              "correctly in constructor.");
@@ -1252,6 +1301,12 @@ static nsresult ParserWriteFunc(nsIInputStream* in, void* closure,
 nsresult nsParser::OnDataAvailable(nsIRequest* request,
                                    nsIInputStream* pIStream,
                                    uint64_t sourceOffset, uint32_t aLength) {
+  if (mInternalState == NS_ERROR_OUT_OF_MEMORY) {
+    // Checking NS_ERROR_OUT_OF_MEMORY instead of NS_FAILED
+    // to avoid introducing unintentional changes to behavior.
+    return mInternalState;
+  }
+
   MOZ_ASSERT((eOnStart == mParserContext->mStreamListenerState ||
               eOnDataAvail == mParserContext->mStreamListenerState),
              "Error: OnStartRequest() must be called before OnDataAvailable()");
@@ -1321,6 +1376,12 @@ nsresult nsParser::OnDataAvailable(nsIRequest* request,
  *  has been collected from the net.
  */
 nsresult nsParser::OnStopRequest(nsIRequest* request, nsresult status) {
+  if (mInternalState == NS_ERROR_OUT_OF_MEMORY) {
+    // Checking NS_ERROR_OUT_OF_MEMORY instead of NS_FAILED
+    // to avoid introducing unintentional changes to behavior.
+    return mInternalState;
+  }
+
   nsresult rv = NS_OK;
 
   CParserContext* pc = mParserContext;
@@ -1377,6 +1438,12 @@ bool nsParser::WillTokenize(bool aIsFinalChunk) {
  * you run out of data.
  */
 nsresult nsParser::Tokenize(bool aIsFinalChunk) {
+  if (mInternalState == NS_ERROR_OUT_OF_MEMORY) {
+    // Checking NS_ERROR_OUT_OF_MEMORY instead of NS_FAILED
+    // to avoid introducing unintentional changes to behavior.
+    return mInternalState;
+  }
+
   nsITokenizer* theTokenizer;
 
   nsresult result = NS_ERROR_NOT_AVAILABLE;