tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 83a675a5416e6e905aa8eed1e995335f88d21eb3
parent 6588af5b35bd597264aaebaacbdaefbfaa2f44c7
Author: Nika Layzell <nika@thelayzells.com>
Date:   Wed, 10 Dec 2025 21:25:42 +0000

Bug 1924125 - Avoid memmove for STL types through nsTHashtable, r=xpcom-reviewers,toolkit-telemetry-reviewers,emilio

Differential Revision: https://phabricator.services.mozilla.com/D274377

Diffstat:

Mdocshell/base/ChildProcessChannelListener.h | 4++--


Mdom/webtransport/parent/WebTransportParent.h | 6++++--


Mtoolkit/components/glean/bindings/private/Ping.cpp | 3++-


Mxpcom/ds/nsTHashtable.h | 13++++++++++++-


4 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/docshell/base/ChildProcessChannelListener.h b/docshell/base/ChildProcessChannelListener.h
@@ -45,8 +45,8 @@ class ChildProcessChannelListener final {
   };
 
   // TODO Backtrack.
-  nsTHashMap<nsUint64HashKey, Callback> mCallbacks;
-  nsTHashMap<nsUint64HashKey, CallbackArgs> mChannelArgs;
+  nsTHashMap<NoMemMoveKey<nsUint64HashKey>, Callback> mCallbacks;
+  nsTHashMap<NoMemMoveKey<nsUint64HashKey>, CallbackArgs> mChannelArgs;
 };
 
 }  // namespace mozilla::dom
diff --git a/dom/webtransport/parent/WebTransportParent.h b/dom/webtransport/parent/WebTransportParent.h
@@ -103,9 +103,11 @@ class WebTransportParent : public PWebTransportParent,
     OnResetOrStopSendingCallback mCallback;
     nsCOMPtr<T> mStream;
   };
-  nsTHashMap<nsUint64HashKey, StreamHash<nsIWebTransportBidirectionalStream>>
+  nsTHashMap<NoMemMoveKey<nsUint64HashKey>,
+             StreamHash<nsIWebTransportBidirectionalStream>>
       mBidiStreamCallbackMap;
-  nsTHashMap<nsUint64HashKey, StreamHash<nsIWebTransportSendStream>>
+  nsTHashMap<NoMemMoveKey<nsUint64HashKey>,
+             StreamHash<nsIWebTransportSendStream>>
       mUniStreamCallbackMap;
 };
 
diff --git a/toolkit/components/glean/bindings/private/Ping.cpp b/toolkit/components/glean/bindings/private/Ping.cpp
@@ -23,7 +23,8 @@ namespace mozilla::glean {
 
 namespace impl {
 
-using CallbackMapType = nsTHashMap<uint32_t, FalliblePingTestCallback>;
+using CallbackMapType =
+    nsTHashMap<NoMemMoveKey<nsUint32HashKey>, FalliblePingTestCallback>;
 using MetricIdToCallbackMutex = StaticDataMutex<UniquePtr<CallbackMapType>>;
 static Maybe<MetricIdToCallbackMutex::AutoLock> GetCallbackMapLock() {
   static MetricIdToCallbackMutex sCallbacks("sCallbacks");
diff --git a/xpcom/ds/nsTHashtable.h b/xpcom/ds/nsTHashtable.h
@@ -650,6 +650,15 @@ static void FixedSizeEntryMover(PLDHashTable*, const PLDHashEntryHdr* aFrom,
   memcpy(aTo, aFrom, N);
 }
 
+// Helper type which wraps the access to EntryType::ALLOW_MEMMOVE. This is done
+// to ensure that the MOZ_NEEDS_MEMMOVABLE_TYPE attribute is applied to the
+// entry if we're going to use FixedSizeEntryMover, performing extra
+// compile-time checks against the use of non-memmoveable types.
+template <class EntryType, bool = EntryType::ALLOW_MEMMOVE>
+struct MOZ_NEEDS_MEMMOVABLE_TYPE CheckAllowMemmove : std::true_type {};
+template <class EntryType>
+struct CheckAllowMemmove<EntryType, false> : std::false_type {};
+
 }  // namespace detail
 }  // namespace mozilla
 
@@ -675,7 +684,9 @@ template <class EntryType>
   // function avoids that problem.
   static const PLDHashTableOps sOps = {
       s_HashKey, s_MatchEntry,
-      EntryType::ALLOW_MEMMOVE
+      // We intentionally indirect the access of ALLOW_MEMMOVE through
+      // CheckAllowMemmove to perform some additional static analysis.
+      mozilla::detail::CheckAllowMemmove<EntryType>::value
           ? mozilla::detail::FixedSizeEntryMover<sizeof(EntryType)>
           : s_CopyEntry,
       // Simplify hashtable clearing in case our entries are trivially