Bug 1073345: Block duplicate Shmems from the GMP SharedMemory cache r=cpearce a=abillings
authorRandell Jesup <rjesup@jesup.org>
Wed, 01 Oct 2014 20:39:04 -0400
changeset 216911 07582278fef2
parent 216910 abc995cad178
child 216912 ff91afbb6355
push id3963
push userrjesup@wgate.com
push date2014-10-02 14:00 +0000
treeherdermozilla-beta@ff91afbb6355 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerscpearce, abillings
bugs1073345
milestone33.0
Bug 1073345: Block duplicate Shmems from the GMP SharedMemory cache r=cpearce a=abillings
content/media/gmp/GMPSharedMemManager.cpp
--- a/content/media/gmp/GMPSharedMemManager.cpp
+++ b/content/media/gmp/GMPSharedMemManager.cpp
@@ -36,29 +36,43 @@ GMPSharedMemManager::MgrAllocShmem(GMPSh
       return true;
     }
   }
 
   // Didn't find a buffer free with enough space; allocate one
   size_t pagesize = ipc::SharedMemory::SystemPageSize();
   aSize = (aSize + (pagesize-1)) & ~(pagesize-1); // round up to page size
   bool retval = Alloc(aSize, aType, aMem);
+  // The allocator (or NeedsShmem call) should never return less than we ask for...
+  MOZ_ASSERT(aMem->Size<uint8_t>() >= aSize);
   if (retval) {
     mData->mGmpAllocated[aClass]++;
   }
   return retval;
 }
 
 bool
 GMPSharedMemManager::MgrDeallocShmem(GMPSharedMem::GMPMemoryClasses aClass, ipc::Shmem& aMem)
 {
   mData->CheckThread();
 
   size_t size = aMem.Size<uint8_t>();
   size_t total = 0;
+
+  // XXX Bug NNNNNNN Until we put better guards on ipc::shmem, verify we
+  // weren't fed an shmem we already had.
+  for (uint32_t i = 0; i < GetGmpFreelist(aClass).Length(); i++) {
+    if (NS_WARN_IF(aMem == GetGmpFreelist(aClass)[i])) {
+      // Safest to crash in this case; should never happen in normal
+      // operation.
+      MOZ_CRASH("Deallocating Shmem we already have in our cache!");
+      //return true;
+    }
+  }
+
   // XXX This works; there are better pool algorithms.  We need to avoid
   // "falling off a cliff" with too low a number
   if (GetGmpFreelist(aClass).Length() > 10) {
     Dealloc(GetGmpFreelist(aClass)[0]);
     GetGmpFreelist(aClass).RemoveElementAt(0);
     // The allocation numbers will be fubar on the Child!
     mData->mGmpAllocated[aClass]--;
   }