Bug 1601423 - Don't send a postMessage IPC message if the source BC has been discarded. r=farre draft
authorAndrew McCreight <continuation@gmail.com>
Tue, 10 Dec 2019 21:00:10 +0000
changeset 2527399 3379abc171b55574608981f66fdff05ffb832761
parent 2526795 f5d38101ac7c0bb452a09a08226f65d9e5d29f8c
child 2527400 40fa649dde6386597ddb757d3cb16d28a8441f95
push id463375
push userreviewbot
push dateTue, 10 Dec 2019 21:00:35 +0000
treeherdertry@40fa649dde63 [default view] [failures only]
reviewersfarre
bugs1601423
milestone73.0a1
Bug 1601423 - Don't send a postMessage IPC message if the source BC has been discarded. r=farre Differential Diff: PHID-DIFF-ddozem7euoejcqhsiwdj
docshell/base/BrowsingContext.cpp
--- a/docshell/base/BrowsingContext.cpp
+++ b/docshell/base/BrowsingContext.cpp
@@ -1063,27 +1063,30 @@ void BrowsingContext::PostMessageMoz(JSC
   }
 
   RefPtr<BrowsingContext> sourceBc;
   PostMessageData data;
   data.targetOrigin() = aTargetOrigin;
   data.subjectPrincipal() = &aSubjectPrincipal;
   RefPtr<nsGlobalWindowInner> callerInnerWindow;
   // We don't need to get the caller's agentClusterId since that is used for
-  // checking whehter it's okay to sharing memory (and it's not allowed to share
+  // checking whether it's okay to sharing memory (and it's not allowed to share
   // memory cross processes)
   if (!nsGlobalWindowOuter::GatherPostMessageData(
           aCx, aTargetOrigin, getter_AddRefs(sourceBc), data.origin(),
           getter_AddRefs(data.targetOriginURI()),
           getter_AddRefs(data.callerPrincipal()),
           getter_AddRefs(callerInnerWindow),
           getter_AddRefs(data.callerDocumentURI()),
           /* aCallerAgentClusterId */ nullptr, aError)) {
     return;
   }
+  if (sourceBc && sourceBc->IsDiscarded()) {
+    return;
+  }
   data.source() = sourceBc;
   data.isFromPrivateWindow() =
       callerInnerWindow &&
       nsScriptErrorBase::ComputeIsFromPrivateWindow(callerInnerWindow);
 
   JS::Rooted<JS::Value> transferArray(aCx);
   aError = nsContentUtils::CreateJSValueFromSequenceOfObject(aCx, aTransfer,
                                                              &transferArray);