Bug 1517275 - Add a null check before trying to use a controller. r=botond, a=RyanVM
authorKartikaya Gupta <kgupta@mozilla.com>
Thu, 03 Jan 2019 02:54:35 +0000
changeset 509326 662cf99f3994de6e70e01b1df85bb78b94b7174c
parent 509325 7751d966a700459e772c29432209eb0085a77824
child 509327 5c4518a4eb1f7f32da81477d094872bfdf87d698
push id1905
push userffxbld-merge
push dateMon, 21 Jan 2019 12:33:13 +0000
treeherdermozilla-release@c2fca1944d8c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbotond, RyanVM
bugs1517275
milestone65.0
Bug 1517275 - Add a null check before trying to use a controller. r=botond, a=RyanVM In test code (which is where this codepath is mostly exercised), the controller should never be null here. However this codepath is sadly also used in production code on Android, and there we might experience a page navigation or a similarly destructive action while the flush is inflight. That can result in a null pointer dereference. Differential Revision: https://phabricator.services.mozilla.com/D15597
gfx/layers/apz/src/APZCTreeManager.cpp
--- a/gfx/layers/apz/src/APZCTreeManager.cpp
+++ b/gfx/layers/apz/src/APZCTreeManager.cpp
@@ -1124,20 +1124,27 @@ static bool WillHandleInput(const PanGes
 
 void APZCTreeManager::FlushApzRepaints(LayersId aLayersId) {
   // Previously, paints were throttled and therefore this method was used to
   // ensure any pending paints were flushed. Now, paints are flushed
   // immediately, so it is safe to simply send a notification now.
   APZCTM_LOG("Flushing repaints for layers id 0x%" PRIx64 "\n",
              uint64_t(aLayersId));
   RefPtr<GeckoContentController> controller = GetContentController(aLayersId);
+#ifndef MOZ_WIDGET_ANDROID
+  // On Android, this code is run in production and may actually get a nullptr
+  // controller here. On other platforms this code is test-only and should never
+  // get a nullptr.
   MOZ_ASSERT(controller);
-  controller->DispatchToRepaintThread(NewRunnableMethod(
-      "layers::GeckoContentController::NotifyFlushComplete", controller,
-      &GeckoContentController::NotifyFlushComplete));
+#endif
+  if (controller) {
+    controller->DispatchToRepaintThread(NewRunnableMethod(
+        "layers::GeckoContentController::NotifyFlushComplete", controller,
+        &GeckoContentController::NotifyFlushComplete));
+  }
 }
 
 nsEventStatus APZCTreeManager::ReceiveInputEvent(
     InputData& aEvent, ScrollableLayerGuid* aOutTargetGuid,
     uint64_t* aOutInputBlockId) {
   APZThreadUtils::AssertOnControllerThread();
 
   // Ignore input events when there are active tabs that are recording or