Bug 1266309 - Use fallible rust thread::Builder. r=kinetik
authorRalph Giles <giles@mozilla.com>
Wed, 25 May 2016 13:57:29 -0700
changeset 338043 3b6fb13e56de5ad9a53cda7209e22eb1c51451bb
parent 338042 eff54d521d78abcacfbd8426ccb9cc71b0182ce5
child 338044 f59273abb81006a6bd85c8287849eacd32d63ca7
push id6249
push userjlund@mozilla.com
push dateMon, 01 Aug 2016 13:59:36 +0000
treeherdermozilla-beta@bad9d4f5bf7e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskinetik
bugs1266309
milestone49.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1266309 - Use fallible rust thread::Builder. r=kinetik We think thread::spawn() may be panicking in low memory conditions. Test this by using the fallible thread::Builder API and converting spawn Results into an error return. MozReview-Commit-ID: 36pDaWsR2p8
media/libstagefright/binding/mp4parse/capi.rs
--- a/media/libstagefright/binding/mp4parse/capi.rs
+++ b/media/libstagefright/binding/mp4parse/capi.rs
@@ -113,17 +113,24 @@ pub unsafe extern "C" fn mp4parse_read(c
 
     let mut context: &mut MediaContext = &mut *context;
 
     // Wrap the buffer we've been give in a slice.
     let b = std::slice::from_raw_parts(buffer, size);
     let mut c = Cursor::new(b);
 
     // Parse in a subthread to catch any panics.
-    let task = std::thread::spawn(move || read_mp4(&mut c, &mut context));
+    // We must use the thread::Builder API to avoid spawn itself
+    // panicking if thread creation fails. See bug 1266309.
+    let task = match std::thread::Builder::new()
+        .name("mp4parse_read isolation".to_string())
+        .spawn(move || read_mp4(&mut c, &mut context)) {
+            Ok(task) => task,
+            Err(_) => return MP4PARSE_ASSERT,
+    };
     // The task's JoinHandle will return an error result if the
     // thread panicked, and will wrap the closure's return'd
     // result in an Ok(..) otherwise, meaning we could see
     // Ok(Err(Error::..)) here. So map thread failures back
     // to an mp4parse::Error before converting to a C return value.
     match task.join().unwrap_or(Err(Error::AssertCaught)) {
         Ok(_) => MP4PARSE_OK,
         Err(Error::InvalidData) => MP4PARSE_ERROR_INVALID,