Bug 1298979 - Check whether ProxyContext exists before using it r=billm
authorRob Wu <rob@robwu.nl>
Thu, 25 Aug 2016 19:36:30 -0700
changeset 354561 f9f94cf30f5342dfa4acb3ec9c1be60f5874d673
parent 354560 6d7fe14316447cd8d8cb1354fb9d9890b488d029
child 354562 2fa53669115d638c51a641f579344d3a107af767
push id6570
push userraliiev@mozilla.com
push dateMon, 14 Nov 2016 12:26:13 +0000
treeherdermozilla-beta@f455459b2ae5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbillm
bugs1298979, 1288902
milestone51.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1298979 - Check whether ProxyContext exists before using it r=billm Due to asynchronicity or malice we can receive messages for unknown ProxyContexts. Immediately reject such messages. (this addresses https://bugzil.la/1288902#c3) MozReview-Commit-ID: GEgkZC8CUEG
toolkit/components/extensions/Extension.jsm
--- a/toolkit/components/extensions/Extension.jsm
+++ b/toolkit/components/extensions/Extension.jsm
@@ -441,33 +441,41 @@ let ParentAPIManager = {
       case "API:RemoveListener":
         this.removeListener(data);
         break;
     }
   },
 
   createProxyContext(data, target) {
     let {extensionId, childId, principal} = data;
+    if (this.proxyContexts.has(childId)) {
+      Cu.reportError("A WebExtension context with the given ID already exists!");
+      return;
+    }
     let extension = GlobalManager.getExtension(extensionId);
 
     let context = new ProxyContext(extension, data, target.messageManager, principal);
     this.proxyContexts.set(childId, context);
   },
 
   closeProxyContext(childId) {
-    if (!this.proxyContexts.has(childId)) {
+    let context = this.proxyContexts.get(childId);
+    if (!context) {
       return;
     }
-    let context = this.proxyContexts.get(childId);
     context.unload();
     this.proxyContexts.delete(childId);
   },
 
   call(data, target) {
     let context = this.proxyContexts.get(data.childId);
+    if (!context) {
+      Cu.reportError("WebExtension context not found!");
+      return;
+    }
     function callback(...cbArgs) {
       let lastError = context.lastError;
 
       target.messageManager.sendAsyncMessage("API:CallResult", {
         childId: data.childId,
         callId: data.callId,
         args: cbArgs,
         lastError: lastError ? lastError.message : null,
@@ -488,16 +496,20 @@ let ParentAPIManager = {
         callId: data.callId,
         lastError: msg,
       });
     }
   },
 
   addListener(data, target) {
     let context = this.proxyContexts.get(data.childId);
+    if (!context) {
+      Cu.reportError("WebExtension context not found!");
+      return;
+    }
 
     function listener(...listenerArgs) {
       target.messageManager.sendAsyncMessage("API:RunListener", {
         childId: data.childId,
         path: data.path,
         args: listenerArgs,
       });
     }
@@ -505,16 +517,19 @@ let ParentAPIManager = {
     context.listenerProxies.set(data.path, listener);
 
     let args = Cu.cloneInto(data.args, context.sandbox);
     findPathInObject(context.apiObj, data.path).addListener(listener, ...args);
   },
 
   removeListener(data) {
     let context = this.proxyContexts.get(data.childId);
+    if (!context) {
+      Cu.reportError("WebExtension context not found!");
+    }
     let listener = context.listenerProxies.get(data.path);
     findPathInObject(context.apiObj, data.path).removeListener(listener);
   },
 };
 
 ParentAPIManager.init();
 
 // All moz-extension URIs use a machine-specific UUID rather than the