Bug 1740274 - Avoid accessing Http2Session through raw pointer, r=necko-reviewers,dragana, a=dsmith

  mozilla::OriginAttributes originAttributes;

  switch (mUpstreamState) {

    case GENERATING_HEADERS:

    case GENERATING_HEADERS: {

      // The request headers for this has been processed, so we need to verify

      // that :authority, :scheme, and :path MUST be present. :method MUST NOT

      // be present

      mSocketTransport->GetOriginAttributes(&originAttributes);

      RefPtr<Http2Session> session = Session();

      CreatePushHashKey(mHeaderScheme, mHeaderHost, originAttributes,

                        Session()->Serial(), mHeaderPath, mOrigin, mHashKey);

                        session->Serial(), mHeaderPath, mOrigin, mHashKey);

      LOG3(("Http2PushStream 0x%X hash key %s\n", mStreamID, mHashKey.get()));

      Http2Stream::mRequestHeadersDone = 1;

      Http2Stream::mOpenGenerated = 1;

      Http2Stream::ChangeState(UPSTREAM_COMPLETE);

      break;

    } break;

    case UPSTREAM_COMPLETE:

      // Let's just clear the stream's transmit buffer by pushing it into

    Http2Stream::AdjustInitialWindow();

    // Http2PushedStream::ReadSegments is needed to call TransmitFrame()

    // and actually get this information into the session bytestream

    Session()->TransactionHasDataToWrite(this);

    RefPtr<Http2Session> session = Session();

    session->TransactionHasDataToWrite(this);

  }

  // Otherwise, when we get hooked up, the initial window will get bumped

  // anyway, so we're good to go.

}

void Http2PushedStream::ConnectPushedStream(Http2Stream* stream) {

  Session()->ConnectPushedStream(stream);

  RefPtr<Http2Session> session = Session();

  session->ConnectPushedStream(stream);

}

bool Http2PushedStream::IsOrphaned(TimeStamp now) {

  MOZ_ASSERT(gHttpHandler->ActiveTabPriority());

  mCurrentTopBrowsingContextId = id;

  if (!Session()->UseH2Deps()) {

  RefPtr<Http2Session> session = Session();

  if (!session->UseH2Deps()) {

    return;

  }

  }

  if (mPriorityDependency != oldDependency) {

    Session()->SendPriorityFrame(mStreamID, mPriorityDependency,

                                 mPriorityWeight);

    session->SendPriorityFrame(mStreamID, mPriorityDependency, mPriorityWeight);

  }

}

  LOG3(("Http2Stream::~Http2Stream %p", this));

}

Http2Session* Http2Stream::Session() {

already_AddRefed<Http2Session> Http2Stream::Session() {

  RefPtr<Http2Session> session = do_QueryReferent(mSession);

  MOZ_RELEASE_ASSERT(session);

  return session.get();

  return session.forget();

}

void Http2Stream::ClearPushSource() {

                                   uint32_t* countRead) {

  LOG3(("Http2Stream %p ReadSegments reader=%p count=%d state=%x", this, reader,

        count, mUpstreamState));

  RefPtr<Http2Session> session = Session();

  // Reader is nullptr when this is a push stream.

  MOZ_DIAGNOSTIC_ASSERT(!reader || (reader == Session()));

  MOZ_DIAGNOSTIC_ASSERT(!reader || (reader == session));

  MOZ_ASSERT(OnSocketThread(), "not on socket thread");

      // If not, mark the stream for callback when writing can proceed.

      if (NS_SUCCEEDED(rv) && mUpstreamState == GENERATING_HEADERS &&

          !mRequestHeadersDone) {

        Session()->TransactionHasDataToWrite(this);

        session->TransactionHasDataToWrite(this);

      }

      // mTxinlineFrameUsed represents any queued un-sent frame. It might

        } else {

          GenerateDataFrameHeader(0, true);

          ChangeState(SENDING_FIN_STREAM);

          Session()->TransactionHasDataToWrite(this);

          session->TransactionHasDataToWrite(this);

          rv = NS_BASE_STREAM_WOULD_BLOCK;

        }

      }

  mFlatHttpRequestHeaders.Append(buf, avail);

  nsHttpRequestHead* head = mTransaction->RequestHead();

  RefPtr<Http2Session> session = Session();

  // We can use the simple double crlf because firefox is the

  // only client we are parsing

  mSocketTransport->GetOriginAttributes(&originAttributes);

  CreatePushHashKey(nsDependentCString(head->IsHTTPS() ? "https" : "http"),

                    authorityHeader, originAttributes, Session()->Serial(),

                    authorityHeader, originAttributes, session->Serial(),

                    requestURI, mOrigin, hashkey);

  // check the push cache for GET

    nsHttpTransaction* trans = mTransaction->QueryHttpTransaction();

    if (trans && (pushedStreamWrapper = trans->TakePushedStream()) &&

        (pushedStream = pushedStreamWrapper->GetStream())) {

      if (pushedStream->Session() == Session()) {

      RefPtr<Http2Session> pushSession = pushedStream->Session();

      if (pushSession == session) {

        LOG3(("Pushed Stream match based on OnPush correlation %p",

              pushedStream));

      } else {

        LOG3(("Pushed Stream match failed due to stream mismatch %p %" PRId64

              " %" PRId64 "\n",

              pushedStream, pushedStream->Session()->Serial(),

              Session()->Serial()));

              pushedStream, pushSession->Serial(), session->Serial()));

        pushedStream->OnPushFailed();

        pushedStream = nullptr;

      }

    LOG3(

        ("Pushed Stream Lookup "

         "session=%p key=%s requestcontext=%p cache=%p hit=%p\n",

         Session(), hashkey.get(), requestContext, cache, pushedStream));

         session.get(), hashkey.get(), requestContext, cache, pushedStream));

    if (pushedStream) {

      LOG3(("Pushed Stream Match located %p id=0x%X key=%s\n", pushedStream,

      // There is probably pushed data buffered so trigger a read manually

      // as we can't rely on future network events to do it

      Session()->ConnectPushedStream(this);

      session->ConnectPushedStream(this);

      mOpenGenerated = 1;

      // if the "mother stream" had TRR, this one is a TRR stream too!

      RefPtr<nsHttpConnectionInfo> ci(Transaction()->ConnectionInfo());

      if (ci && ci->GetIsTrrServiceChannel()) {

        Session()->IncrementTrrCounter();

        session->IncrementTrrCounter();

      }

      return NS_OK;

  // It is now OK to assign a streamID that we are assured will

  // be monotonically increasing amongst new streams on this

  // session

  mStreamID = Session()->RegisterStreamID(this);

  RefPtr<Http2Session> session = Session();

  mStreamID = session->RegisterStreamID(this);

  MOZ_ASSERT(mStreamID & 1, "Http2 Stream Channel ID must be odd");

  MOZ_ASSERT(!mOpenGenerated);

  nsAutoCString requestURI;

  head->RequestURI(requestURI);

  LOG3(("Http2Stream %p Stream ID 0x%X [session=%p] for URI %s\n", this,

        mStreamID, Session(), requestURI.get()));

        mStreamID, session.get(), requestURI.get()));

  if (mStreamID >= 0x80000000) {

    // streamID must fit in 31 bits. Evading This is theoretically possible

    useSimpleConnect = false;

    protocol.AppendLiteral("websocket");

  }

  rv = Session()->Compressor()->EncodeHeaderBlock(

  rv = session->Compressor()->EncodeHeaderBlock(

      mFlatHttpRequestHeaders, method, path, authorityHeader, scheme, protocol,

      useSimpleConnect, compressedData);

  NS_ENSURE_SUCCESS(rv, rv);

  int64_t clVal = Session()->Compressor()->GetParsedContentLength();

  int64_t clVal = session->Compressor()->GetParsedContentLength();

  if (clVal != -1) {

    mRequestBodyLenRemaining = clVal;

  }

    }

    dataLength -= frameLen;

    Session()->CreateFrameHeader(mTxInlineFrame.get() + outputOffset,

    session->CreateFrameHeader(mTxInlineFrame.get() + outputOffset,

                               frameLen + (idx ? 0 : 5),

                               (idx) ? Http2Session::FRAME_TYPE_CONTINUATION

                                     : Http2Session::FRAME_TYPE_HEADERS,

  // bump it up to the pull limit set by the channel or session

  // don't allow windows less than push

  uint32_t bump = 0;

  RefPtr<Http2Session> session = Session();

  nsHttpTransaction* trans = mTransaction->QueryHttpTransaction();

  if (trans && trans->InitialRwin()) {

    bump = (trans->InitialRwin() > mClientReceiveWindow)

               ? (trans->InitialRwin() - mClientReceiveWindow)

               : 0;

  } else {

    MOZ_ASSERT(Session()->InitialRwin() >= mClientReceiveWindow);

    bump = Session()->InitialRwin() - mClientReceiveWindow;

    MOZ_ASSERT(session->InitialRwin() >= mClientReceiveWindow);

    bump = session->InitialRwin() - mClientReceiveWindow;

  }

  LOG3(("AdjustInitialwindow increased flow control window %p 0x%X %u\n", this,

  uint8_t* packet = mTxInlineFrame.get() + mTxInlineFrameUsed;

  mTxInlineFrameUsed += Http2Session::kFrameHeaderBytes + 4;

  Session()->CreateFrameHeader(

      packet, 4, Http2Session::FRAME_TYPE_WINDOW_UPDATE, 0, stream->mStreamID);

  session->CreateFrameHeader(packet, 4, Http2Session::FRAME_TYPE_WINDOW_UPDATE,

                             0, stream->mStreamID);

  mClientReceiveWindow += bump;

  bump = PR_htonl(bump);

  uint8_t* packet = mTxInlineFrame.get() + mTxInlineFrameUsed;

  mTxInlineFrameUsed += Http2Session::kFrameHeaderBytes + 5;

  Session()->CreateFrameHeader(packet, 5, Http2Session::FRAME_TYPE_PRIORITY, 0,

  RefPtr<Http2Session> session = Session();

  session->CreateFrameHeader(packet, 5, Http2Session::FRAME_TYPE_PRIORITY, 0,

                             mPushSource->mStreamID);

  mPushSource->SetPriorityDependency(mPriority, mPriorityDependency);

  uint32_t transmittedCount;

  nsresult rv;

  RefPtr<Http2Session> session = Session();

  // In the (relatively common) event that we have a small amount of data

  // split between the inlineframe and the streamframe, then move the stream

  if (rv == NS_BASE_STREAM_WOULD_BLOCK) {

    MOZ_ASSERT(!forceCommitment, "forceCommitment with WOULD_BLOCK");

    Session()->TransactionHasDataToWrite(this);

    session->TransactionHasDataToWrite(this);

  }

  if (NS_FAILED(rv)) {  // this will include WOULD_BLOCK

    return rv;

  // which calls the socket write function. It will accept all of the inline and

  // stream data because of the above 'commitment' even if it has to buffer

  rv = Session()->BufferOutput(reinterpret_cast<char*>(mTxInlineFrame.get()),

  rv = session->BufferOutput(reinterpret_cast<char*>(mTxInlineFrame.get()),

                             mTxInlineFrameUsed, &transmittedCount);

  LOG3(

      ("Http2Stream::TransmitFrame for inline BufferOutput session=%p "

       "stream=%p result %" PRIx32 " len=%d",

       Session(), this, static_cast<uint32_t>(rv), transmittedCount));

       session.get(), this, static_cast<uint32_t>(rv), transmittedCount));

  MOZ_ASSERT(rv != NS_BASE_STREAM_WOULD_BLOCK,

             "inconsistent inline commitment result");

  MOZ_ASSERT(transmittedCount == mTxInlineFrameUsed,

             "inconsistent inline commitment count");

  Http2Session::LogIO(Session(), this, "Writing from Inline Buffer",

  Http2Session::LogIO(session, this, "Writing from Inline Buffer",

                      reinterpret_cast<char*>(mTxInlineFrame.get()),

                      transmittedCount);

    // If there is already data buffered, just add to that to form

    // a single TLS Application Data Record - otherwise skip the memcpy

    if (Session()->AmountOfOutputBuffered()) {

      rv = Session()->BufferOutput(buf, mTxStreamFrameSize, &transmittedCount);

    if (session->AmountOfOutputBuffered()) {

      rv = session->BufferOutput(buf, mTxStreamFrameSize, &transmittedCount);

    } else {

      rv = Session()->OnReadSegment(buf, mTxStreamFrameSize, &transmittedCount);

      rv = session->OnReadSegment(buf, mTxStreamFrameSize, &transmittedCount);

    }

    LOG3(

        ("Http2Stream::TransmitFrame for regular session=%p "

         "stream=%p result %" PRIx32 " len=%d",

         Session(), this, static_cast<uint32_t>(rv), transmittedCount));

         session.get(), this, static_cast<uint32_t>(rv), transmittedCount));

    MOZ_ASSERT(rv != NS_BASE_STREAM_WOULD_BLOCK,

               "inconsistent stream commitment result");

    MOZ_ASSERT(transmittedCount == mTxStreamFrameSize,

               "inconsistent stream commitment count");

    Http2Session::LogIO(Session(), this, "Writing from Transaction Buffer", buf,

    Http2Session::LogIO(session, this, "Writing from Transaction Buffer", buf,

                        transmittedCount);

    *countUsed += mTxStreamFrameSize;

  }

  if (!mAttempting0RTT) {

    Session()->FlushOutputQueue();

    session->FlushOutputQueue();

  }

  // calling this will trigger waiting_for if mRequestBodyLenRemaining is 0

    if (dataLength) SetSentFin(true);

  }

  Session()->CreateFrameHeader(mTxInlineFrame.get(), dataLength,

  RefPtr<Http2Session> session = Session();

  session->CreateFrameHeader(mTxInlineFrame.get(), dataLength,

                             Http2Session::FRAME_TYPE_DATA, frameFlags,

                             mStreamID);

  if (httpResponseCode == 421) {

    // Origin Frame requires 421 to remove this origin from the origin set

    Session()->Received421(mTransaction->ConnectionInfo());

    RefPtr<Http2Session> session = Session();

    session->Received421(mTransaction->ConnectionInfo());

  }

  if (aHeadersIn.Length() && aHeadersOut.Length()) {

}

bool Http2Stream::AllowFlowControlledWrite() {

  return (Session()->ServerSessionWindow() > 0) && (mServerReceiveWindow > 0);

  RefPtr<Http2Session> session = Session();

  return (session->ServerSessionWindow() > 0) && (mServerReceiveWindow > 0);

}

void Http2Stream::UpdateServerReceiveWindow(int32_t delta) {

        ("Http2Stream::UpdateServerReceived UnPause %p 0x%X "

         "Open stream window\n",

         this, mStreamID));

    Session()->TransactionHasDataToWrite(this);

    RefPtr<Http2Session> session = Session();

    session->TransactionHasDataToWrite(this);

  }

}

}

void Http2Stream::UpdatePriorityDependency() {

  if (!Session()->UseH2Deps()) {

  RefPtr<Http2Session> session = Session();

  if (!session->UseH2Deps()) {

    return;

  }

void Http2Stream::TopBrowsingContextIdChangedInternal(uint64_t id) {

  MOZ_ASSERT(gHttpHandler->ActiveTabPriority());

  RefPtr<Http2Session> session = Session();

  LOG3(

      ("Http2Stream::TopBrowsingContextIdChangedInternal "

       "%p bcId=%" PRIx64 "\n",

  mCurrentTopBrowsingContextId = id;

  if (!Session()->UseH2Deps()) {

  if (!session->UseH2Deps()) {

    return;

  }

    modifyStreamID = mPushSource->StreamID();

  }

  if (modifyStreamID) {

    Session()->SendPriorityFrame(modifyStreamID, mPriorityDependency,

    session->SendPriorityFrame(modifyStreamID, mPriorityDependency,

                               mPriorityWeight);

  }

}

  nsresult rv = NS_ERROR_UNEXPECTED;

  uint32_t dataLength;

  RefPtr<Http2Session> session = Session();

  switch (mUpstreamState) {

    case GENERATING_HEADERS:

      }

      if (mRequestHeadersDone && !mOpenGenerated) {

        if (!Session()->TryToActivate(this)) {

        if (!session->TryToActivate(this)) {

          LOG3(("Http2Stream::OnReadSegment %p cannot activate now. queued.\n",

                this));

          return *countRead ? NS_OK : NS_BASE_STREAM_WOULD_BLOCK;

            ("Http2Stream this=%p, id 0x%X request body suspended because "

             "remote window is stream=%" PRId64 " session=%" PRId64 ".\n",

             this, mStreamID, mServerReceiveWindow,

             Session()->ServerSessionWindow()));

             session->ServerSessionWindow()));

        mBlockedOnRwin = true;

        return NS_BASE_STREAM_WOULD_BLOCK;

      }

        dataLength = Http2Session::kMaxFrameData;

      }

      if (dataLength > Session()->ServerSessionWindow()) {

        dataLength = static_cast<uint32_t>(Session()->ServerSessionWindow());

      if (dataLength > session->ServerSessionWindow()) {

        dataLength = static_cast<uint32_t>(session->ServerSessionWindow());

      }

      if (dataLength > mServerReceiveWindow) {

           " session window=%" PRId64 " "

           "max frame=%d USING=%u\n",

           this, mStreamID, count, mChunkSize, mServerReceiveWindow,

           Session()->ServerSessionWindow(), Http2Session::kMaxFrameData,

           session->ServerSessionWindow(), Http2Session::kMaxFrameData,

           dataLength));

      Session()->DecrementServerSessionWindow(dataLength);

      session->DecrementServerSessionWindow(dataLength);

      mServerReceiveWindow -= dataLength;

      LOG3(("Http2Stream %p id 0x%x request len remaining %" PRId64 ", "

    rv = mPushSource->GetBufferedData(buf, count, countWritten);

    if (NS_FAILED(rv)) return rv;

    Session()->ConnectPushedStream(this);

    RefPtr<Http2Session> session = Session();

    session->ConnectPushedStream(this);

    return NS_OK;

  }

  // This is a no-op on pull streams. Pushed streams override this.

  virtual void SetPushComplete(){};

  Http2Session* Session();

  already_AddRefed<Http2Session> Session();

  [[nodiscard]] static nsresult MakeOriginURL(const nsACString& origin,

                                              nsCOMPtr<nsIURI>& url);

  if (pushedStreamWrapper) {

    Http2PushedStream* pushedStream = pushedStreamWrapper->GetStream();

    if (pushedStream) {

      RefPtr<Http2Session> session = pushedStream->Session();

      LOG(("  ProcessNewTransaction %p tied to h2 session push %p\n", trans,

           pushedStream->Session()));

      return pushedStream->Session()->AddStream(trans, trans->Priority(), false,

                                                false, nullptr)

           session.get()));

      return session->AddStream(trans, trans->Priority(), false, false, nullptr)

                 ? NS_OK

                 : NS_ERROR_UNEXPECTED;

    }