Bug 1484524: Workaround for a nullptr-induced crash in cache IPC r=edenchuang
authorYaron Tausky <ytausky@mozilla.com>
Wed, 10 Oct 2018 12:36:41 +0000
changeset 496420 e18103445f9e44d015e300cf9249f4ffa994ccc8
parent 496419 42bd6d4455a4771a4f8ccc036a702816ab81e803
child 496421 43470b75b0d4c3f53ac5f8f50f1789873e50430b
push id9984
push userffxbld-merge
push dateMon, 15 Oct 2018 21:07:35 +0000
treeherdermozilla-beta@183d27ea8570 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersedenchuang
bugs1484524
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1484524: Workaround for a nullptr-induced crash in cache IPC r=edenchuang DOM cache IPC code requires a StrongWorkerRef to its worker when invoked from a WorkerGlobalScope. Under certain condition, e.g. when worker termination was initiated, it's no longer possible to obtain such a reference, and said code fails silently by storing a nullptr in the CacheOpArgs object. This leads to a crash when that object gets serialized. This is a temporary workaround for this problem, until a more reasonable solution is implemented. Differential Revision: https://phabricator.services.mozilla.com/D8200
dom/cache/TypeUtils.cpp
--- a/dom/cache/TypeUtils.cpp
+++ b/dom/cache/TypeUtils.cpp
@@ -506,13 +506,33 @@ TypeUtils::SerializeCacheStream(nsIInput
 
   cacheStream.controlChild() = nullptr;
   cacheStream.controlParent() = nullptr;
 
   UniquePtr<AutoIPCStream> autoStream(new AutoIPCStream(cacheStream.stream()));
   autoStream->Serialize(aStream, GetIPCManager());
 
   aStreamCleanupList.AppendElement(std::move(autoStream));
+
+  // This nested condition guards against silent failures in IPC code
+  // that would cause a crash when the message is sent. Specifically,
+  // if IPCStreamSource::Initialize fails to get a StrongWorkerRef
+  // (e.g. when the worker terminates), a nullptr is silently stored
+  // in IPCRemoteStreamType.
+  // This is a workaround, requested in bug 1484524, and a more
+  // reasonable solution should replace it.
+  if (cacheStream.stream().type() == OptionalIPCStream::TIPCStream) {
+    const auto& ipcStream = cacheStream.stream().get_IPCStream();
+    if (ipcStream.type() == IPCStream::TIPCRemoteStream) {
+      const auto& ipcRemoteStream = ipcStream.get_IPCRemoteStream();
+      using mozilla::ipc::IPCRemoteStreamType;
+      if (ipcRemoteStream.stream().type() == IPCRemoteStreamType::TPChildToParentStreamChild) {
+        if (!ipcRemoteStream.stream().get_PChildToParentStreamChild()) {
+          aRv.Throw(NS_ERROR_FAILURE);
+        }
+      }
+    }
+  }
 }
 
 } // namespace cache
 } // namespace dom
 } // namespace mozilla