Bug 1430508 - Return 0 for ProcessId() when channel IPC is closed. r=dragana, a=jcristau
authorKris Maglione <maglione.k@gmail.com>
Sun, 14 Jan 2018 17:40:09 -0800
changeset 445687 86ba26a98381e474145f646b54ba2a84321a6233
parent 445686 ec621584ec3a6550303b85fe5ea975d6676bf256
child 445688 ff6f39465890eabd327328f5c7d80fb1f9917649
push id1629
push userryanvm@gmail.com
push dateThu, 18 Jan 2018 14:27:59 +0000
treeherdermozilla-release@ff6f39465890 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdragana, jcristau
bugs1430508
milestone58.0
Bug 1430508 - Return 0 for ProcessId() when channel IPC is closed. r=dragana, a=jcristau There are some corner cases where we try to attach StreamFilter endpoints to a channel after its IPC has been closed from from the other side, but request listeners haven't been notified. This causes crashes in any of several places. This patch changes nsHttpChannel::ProcessId to return 0 when IPC is closed, so callers can detect that it's no longer possible to attach endpoints to it. MozReview-Commit-ID: BZTOqezih0P
netwerk/protocol/http/HttpChannelParent.cpp
netwerk/protocol/http/HttpChannelParent.h
toolkit/components/extensions/webrequest/StreamFilterParent.cpp
--- a/netwerk/protocol/http/HttpChannelParent.cpp
+++ b/netwerk/protocol/http/HttpChannelParent.cpp
@@ -260,16 +260,25 @@ HttpChannelParent::CleanupBackgroundChan
     // is still on going. we need to abort AsyncOpen with failure to destroy
     // PHttpChannel actor.
     if (mAsyncOpenBarrier) {
       TryInvokeAsyncOpen(NS_ERROR_FAILURE);
     }
   }
 }
 
+base::ProcessId
+HttpChannelParent::OtherPid() const
+{
+  if (mIPCClosed) {
+    return 0;
+  }
+  return Manager()->OtherPid();
+}
+
 //-----------------------------------------------------------------------------
 // HttpChannelParent::nsISupports
 //-----------------------------------------------------------------------------
 
 NS_IMPL_ADDREF(HttpChannelParent)
 NS_IMPL_RELEASE(HttpChannelParent)
 NS_INTERFACE_MAP_BEGIN(HttpChannelParent)
   NS_INTERFACE_MAP_ENTRY(nsIInterfaceRequestor)
--- a/netwerk/protocol/http/HttpChannelParent.h
+++ b/netwerk/protocol/http/HttpChannelParent.h
@@ -115,16 +115,18 @@ public:
   // Calls SendSetPriority if mIPCClosed is false.
   void DoSendSetPriority(int16_t aValue);
 
   // Callback while background channel is ready.
   void OnBackgroundParentReady(HttpBackgroundChannelParent* aBgParent);
   // Callback while background channel is destroyed.
   void OnBackgroundParentDestroyed();
 
+  base::ProcessId OtherPid() const override;
+
 protected:
   // used to connect redirected-to channel in parent with just created
   // ChildChannel.  Used during redirects.
   MOZ_MUST_USE bool ConnectChannel(const uint32_t& channelId,
                                    const bool& shouldIntercept);
 
   MOZ_MUST_USE bool
   DoAsyncOpen(const URIParams&           uri,
--- a/toolkit/components/extensions/webrequest/StreamFilterParent.cpp
+++ b/toolkit/components/extensions/webrequest/StreamFilterParent.cpp
@@ -131,19 +131,22 @@ StreamFilterParent::Create(dom::ContentP
   auto& webreq = WebRequestService::GetSingleton();
 
   RefPtr<nsAtom> addonId = NS_Atomize(aAddonId);
   nsCOMPtr<nsITraceableChannel> channel = webreq.GetTraceableChannel(aChannelId, addonId, aContentParent);
 
   RefPtr<nsHttpChannel> chan = do_QueryObject(channel);
   NS_ENSURE_TRUE(chan, false);
 
+  auto channelPid = chan->ProcessId();
+  NS_ENSURE_TRUE(channelPid, false);
+
   Endpoint<PStreamFilterParent> parent;
   Endpoint<PStreamFilterChild> child;
-  nsresult rv = PStreamFilter::CreateEndpoints(chan->ProcessId(),
+  nsresult rv = PStreamFilter::CreateEndpoints(channelPid,
                                                aContentParent ? aContentParent->OtherPid()
                                                               : base::GetCurrentProcId(),
                                                &parent, &child);
   NS_ENSURE_SUCCESS(rv, false);
 
   if (!chan->AttachStreamFilter(Move(parent))) {
     return false;
   }