Bug 1395504 - Infinite hang of web content process when parent process crashes r=gsvelto
authorHaik Aftandilian <haftandilian@mozilla.com>
Wed, 11 Apr 2018 11:53:06 -0700
changeset 468618 933eb0b6a922418e4106a09e06b736dad465b3c7
parent 468617 ee291d63749722cfc51215f24476fc1d6783f8ea
child 468619 1e78f2ccb865f96d439c62e865f1467732f41b21
push id9165
push userasasaki@mozilla.com
push dateThu, 26 Apr 2018 21:04:54 +0000
treeherdermozilla-beta@064c3804de2e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgsvelto
bugs1395504
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1395504 - Infinite hang of web content process when parent process crashes r=gsvelto Don't free memory in exception handling context to avoid deadlocks and process state corruption. Replace old_handler_.reset() with old_handler_.release() to intentionally leak the sigaction struct instead. MozReview-Commit-ID: lUNygOJCUL
toolkit/crashreporter/breakpad-client/mac/handler/exception_handler.cc
--- a/toolkit/crashreporter/breakpad-client/mac/handler/exception_handler.cc
+++ b/toolkit/crashreporter/breakpad-client/mac/handler/exception_handler.cc
@@ -689,17 +689,24 @@ bool ExceptionHandler::UninstallHandler(
   kern_return_t result = KERN_SUCCESS;
 
   if (old_handler_.get()) {
     sigaction(SIGABRT, old_handler_.get(), NULL);
 #if USE_PROTECTED_ALLOCATIONS
     mprotect(gProtectedData.protected_buffer, PAGE_SIZE,
         PROT_READ | PROT_WRITE);
 #endif
-    old_handler_.reset();
+    // If we're handling an exception, leak the sigaction struct
+    // because it is unsafe to delete objects while in exception
+    // handling context.
+    if (in_exception) {
+      old_handler_.release();
+    } else {
+      old_handler_.reset();
+    }
     gProtectedData.handler = NULL;
   }
 
   if (installed_exception_handler_) {
     mach_port_t current_task = mach_task_self();
 
     // Restore the previous ports
     for (unsigned int i = 0; i < previous_->count; ++i) {