Bug 1134252 - Don't crash the content process if RenderFrameParent is not constructed successfully. r=billm, a=ritu
authorMike Conley <mconley@mozilla.com>
Tue, 21 Jul 2015 17:34:36 -0400
changeset 269056 de53326c6530e2842132840f7e1be7673b3531a1
parent 269055 d0d33fb9835e7daebd4e0936e7c0b89a88dd1aca
child 269057 76c17325643357d7becf58ed14d794f9054e413b
push id4932
push userjlund@mozilla.com
push dateMon, 10 Aug 2015 18:23:06 +0000
treeherdermozilla-esr52@6dd5a4f5f745 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbillm, ritu
bugs1134252
milestone41.0a2
Bug 1134252 - Don't crash the content process if RenderFrameParent is not constructed successfully. r=billm, a=ritu We were returning a nullptr from AllocPRenderFrameParent in TabParent, which causes a killhard abort in the child. We suspect this is occurring because the TabParent is attempting to kick off drawing in a tab that's already closed (so there is no frame loader, which means we can't create a PRenderFrameParent). So now, we return a PRenderFrameParent* even if constructing it was unsuccessful, and the child destroys it once it confirms that there is an invalid layer ID associated with the RenderFrame.
dom/ipc/TabParent.cpp
layout/ipc/RenderFrameParent.cpp
--- a/dom/ipc/TabParent.cpp
+++ b/dom/ipc/TabParent.cpp
@@ -2598,28 +2598,26 @@ TabParent::DeallocPColorPickerParent(PCo
 PRenderFrameParent*
 TabParent::AllocPRenderFrameParent()
 {
   MOZ_ASSERT(ManagedPRenderFrameParent().IsEmpty());
   nsRefPtr<nsFrameLoader> frameLoader = GetFrameLoader();
   TextureFactoryIdentifier textureFactoryIdentifier;
   uint64_t layersId = 0;
   bool success = false;
-  if(frameLoader) {
-    PRenderFrameParent* renderFrame = 
-      new RenderFrameParent(frameLoader,
-                            &textureFactoryIdentifier,
-                            &layersId,
-                            &success);
-    MOZ_ASSERT(success);
+
+  PRenderFrameParent* renderFrame =
+    new RenderFrameParent(frameLoader,
+                          &textureFactoryIdentifier,
+                          &layersId,
+                          &success);
+  if (success) {
     AddTabParentToTable(layersId, this);
-    return renderFrame;
-  } else {
-    return nullptr;
   }
+  return renderFrame;
 }
 
 bool
 TabParent::DeallocPRenderFrameParent(PRenderFrameParent* aFrame)
 {
   delete aFrame;
   return true;
 }
--- a/layout/ipc/RenderFrameParent.cpp
+++ b/layout/ipc/RenderFrameParent.cpp
@@ -287,23 +287,22 @@ RenderFrameParent::RenderFrameParent(nsF
                                      uint64_t* aId,
                                      bool* aSuccess)
   : mLayersId(0)
   , mFrameLoader(aFrameLoader)
   , mFrameLoaderDestroyed(false)
   , mBackgroundColor(gfxRGBA(1, 1, 1))
   , mAsyncPanZoomEnabled(false)
 {
+  *aId = 0;
   *aSuccess = false;
   if (!mFrameLoader) {
     return;
   }
 
-  *aId = 0;
-
   nsRefPtr<LayerManager> lm = GetFrom(mFrameLoader);
 
   mAsyncPanZoomEnabled = lm && lm->AsyncPanZoomEnabled();
 
   // Perhaps the document containing this frame currently has no presentation?
   if (lm && lm->GetBackendType() == LayersBackend::LAYERS_CLIENT) {
     *aTextureFactoryIdentifier =
       static_cast<ClientLayerManager*>(lm.get())->GetTextureFactoryIdentifier();