Bug 1524188 - Avoid array mutation when cleaning browsing contexts. r=nika
authorAndreas Farre <farre@mozilla.com>
Fri, 01 Feb 2019 08:33:26 +0000
changeset 456386 cc322acff7a7b3c37d341f33070bdcb38111e98e
parent 456385 0ab76cc4232f56936e1a2609823f0c13272ca449
child 456387 1e25e9a46505c5a2ca346d6e71e10a6ce3cfaa4e
push id77261
push userafarre@mozilla.com
push dateFri, 01 Feb 2019 08:58:29 +0000
treeherderautoland@cc322acff7a7 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnika
bugs1524188
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1524188 - Avoid array mutation when cleaning browsing contexts. r=nika Detaching a browsing context may mutate its parent or toplevel list. Take copies when iterating and detaching browsing contexts of crashed processes. Differential Revision: https://phabricator.services.mozilla.com/D18254
docshell/base/CanonicalBrowsingContext.cpp
--- a/docshell/base/CanonicalBrowsingContext.cpp
+++ b/docshell/base/CanonicalBrowsingContext.cpp
@@ -32,23 +32,28 @@ CanonicalBrowsingContext::CanonicalBrows
 
 // TODO(farre): CanonicalBrowsingContext::CleanupContexts starts from the
 // list of root BrowsingContexts. This isn't enough when separate
 // BrowsingContext nodes of a BrowsingContext tree, not in a crashing
 // child process, are from that process and thus needs to be
 // cleaned. [Bug 1472108]
 /* static */ void CanonicalBrowsingContext::CleanupContexts(
     uint64_t aProcessId) {
+  nsTArray<RefPtr<BrowsingContext>> contexts;
   for (auto& group : *BrowsingContextGroup::sAllGroups) {
     for (auto& context : group->Toplevels()) {
       if (Cast(context)->IsOwnedByProcess(aProcessId)) {
-        context->Detach();
+        contexts.AppendElement(context);
       }
     }
   }
+
+  for (auto& context : contexts) {
+    context->Detach();
+  }
 }
 
 /* static */ already_AddRefed<CanonicalBrowsingContext>
 CanonicalBrowsingContext::Get(uint64_t aId) {
   MOZ_RELEASE_ASSERT(XRE_IsParentProcess());
   return BrowsingContext::Get(aId).downcast<CanonicalBrowsingContext>();
 }