Bug 1266309 - Use fallible rust thread::Builder. r=kinetik
authorRalph Giles <giles@mozilla.com>
Wed, 25 May 2016 13:57:29 -0700
push dateMon, 01 Aug 2016 13:59:36 +0000
Bug 1266309 - Use fallible rust thread::Builder. r=kinetik We think thread::spawn() may be panicking in low memory conditions. Test this by using the fallible thread::Builder API and converting spawn Results into an error return. MozReview-Commit-ID: 36pDaWsR2p8
--- a/media/libstagefright/binding/mp4parse/capi.rs
+++ b/media/libstagefright/binding/mp4parse/capi.rs
@@ -113,17 +113,24 @@ pub unsafe extern "C" fn mp4parse_read(c
     let mut context: &mut MediaContext = &mut *context;
     // Wrap the buffer we've been give in a slice.
     let b = std::slice::from_raw_parts(buffer, size);
     let mut c = Cursor::new(b);
     // Parse in a subthread to catch any panics.
-    let task = std::thread::spawn(move || read_mp4(&mut c, &mut context));
+    // We must use the thread::Builder API to avoid spawn itself
+    // panicking if thread creation fails. See bug 1266309.
+    let task = match std::thread::Builder::new()
+        .name("mp4parse_read isolation".to_string())
+        .spawn(move || read_mp4(&mut c, &mut context)) {
+            Ok(task) => task,
+            Err(_) => return MP4PARSE_ASSERT,
+    };
     // The task's JoinHandle will return an error result if the
     // thread panicked, and will wrap the closure's return'd
     // result in an Ok(..) otherwise, meaning we could see
     // Ok(Err(Error::..)) here. So map thread failures back
     // to an mp4parse::Error before converting to a C return value.
     match task.join().unwrap_or(Err(Error::AssertCaught)) {
         Ok(_) => MP4PARSE_OK,
         Err(Error::InvalidData) => MP4PARSE_ERROR_INVALID,