Bug 1433856 - Block PluginModuleChromeParent::CleanupFromTimeout from recursing. r=jimm

CleanupFromTimeout is (transitively) recursing in calls to Close(), as that now leads to shutting down the plugin broker thread and CleanupFromTimeout was being rerun since nsThread::Shutdown runs tasks..
2024-11-30 00:01:50 +00:00 · 2018-01-29 18:15:18 -08:00 · 2018-01-29 18:15:18 -08:00 · 1dd54ad783
commit 1dd54ad783
parent c6dc5f3406
2 changed files with 12 additions and 0 deletions
--- a/dom/plugins/ipc/PluginModuleParent.cpp
+++ b/dom/plugins/ipc/PluginModuleParent.cpp
@ -647,6 +647,7 @@ PluginModuleChromeParent::PluginModuleChromeParent(const char* aFilePath,
    , mFlashProcess2(0)
    , mFinishInitTask(nullptr)
 #endif
+    , mIsCleaningFromTimeout(false)
 {
    NS_ASSERTION(mSubprocess, "Out of memory!");
    mSandboxLevel = aSandboxLevel;
@ -804,6 +805,15 @@ PluginModuleChromeParent::CleanupFromTimeout(const bool aFromHangUI)
        return;
    }

+    // Avoid recursively calling this method.  MessageChannel::Close() can
+    // cause this task to be re-launched.
+    if (mIsCleaningFromTimeout) {
+      return;
+    }
+
+    AutoRestore<bool> resetCleaningFlag(mIsCleaningFromTimeout);
+    mIsCleaningFromTimeout = true;
+
    /* If the plugin container was terminated by the Plugin Hang UI,
       then either the I/O thread detects a channel error, or the
       main thread must set the error (whomever gets there first).
--- a/dom/plugins/ipc/PluginModuleParent.h
+++ b/dom/plugins/ipc/PluginModuleParent.h
@ -605,6 +605,8 @@ private:
    TakeFullMinidumpCallback mTakeFullMinidumpCallback;

    TerminateChildProcessCallback mTerminateChildProcessCallback;
+
+    bool mIsCleaningFromTimeout;
 };

 } // namespace plugins