Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-03 12:35:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1389279 - storage::Service needs a death grip when removing strong observer references. r=bkelly

Browse Source 
The observer references were the only thing guranteed to keep the Service
alive, leading to potential use-after-free during the iteration loop to
make sure all the connections were closed.  (Ironically, if they were
fully closed and their instances destroyed, that's when bad things would
happen.)

--HG--
extra : rebase_source : 6c8d6f9e0b75751b10166d7e2c63d5a3cb27d28e
This commit is contained in:
Andrew Sutherland 2017-08-10 23:26:25 -04:00
parent f6b2b07342
commit 040a64f28b
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
storage/mozStorageService.cpp
View File

@ -934,6 +934,13 @@ Service::Observe(nsISupports *, const char *aTopic, const char16_t *)
} else if (strcmp(aTopic, "xpcom-shutdown") == 0) {
shutdown();
} else if (strcmp(aTopic, "xpcom-shutdown-threads") == 0) {
// The Service is kept alive by our strong observer references and
// references held by Connection instances. Since we're about to remove the
// former and then wait for the latter ones to go away, it behooves us to
// hold a strong reference to ourselves so our calls to getConnections() do
// not happen on a deleted object.
RefPtr<Service> kungFuDeathGrip = this;
nsCOMPtr<nsIObserverService> os =
mozilla::services::GetObserverService();