Bug 1477881 - Ensure AutoplayPermissionRequest can't double report a response. r=alwu

We cancel the permission request in the AutoplayPermissionRequest destructor, and if we get a genuine cancel from the doorhanger. The Request reports the cancel to the AutoplayPermissionManager, but we reuse the same manager across different requests. So if a second request for permission comes in, we create a new AutoplayPermissionRequest and fire that off to the front end code, but the first request could be destroyed after the second request is dispatched but before the response for the second request has retuned. Thus and the cancel in the first's destructor could be reported to the manager as the second's result. We should clear the AutoplayPermissionRequest's reference to the Manager in Approve() and Cancel() so that we can't mixup the responses like this. MozReview-Commit-ID: 1qYJfLOaqST --HG-- extra : rebase_source : 871889da5420aff83c50933863ee3dd3d496bc12
2024-10-20 00:35:44 +00:00 · 2018-07-24 10:23:05 +12:00 · 2018-07-24 10:23:05 +12:00 · 1087bd7454
commit 1087bd7454
parent 1cd7dec7b6
1 changed files with 6 additions and 0 deletions
--- a/dom/html/AutoplayPermissionRequest.cpp
+++ b/dom/html/AutoplayPermissionRequest.cpp
@ -96,6 +96,9 @@ AutoplayPermissionRequest::Cancel()
 {
  if (mManager) {
    mManager->DenyPlayRequest();
+    // Clear reference to manager, so we can't double report a result.
+    // This could happen in particular if we call Cancel() in the destructor.
+    mManager = nullptr;
  }
  return NS_OK;
 }
@ -105,6 +108,9 @@ AutoplayPermissionRequest::Allow(JS::HandleValue aChoices)
 {
  if (mManager) {
    mManager->ApprovePlayRequest();
+    // Clear reference to manager, so we can't double report a result.
+    // This could happen in particular if we call Cancel() in the destructor.
+    mManager = nullptr;
  }
  return NS_OK;
 }