From f12dd38922e8623252977299b84da97a5b520fd9 Mon Sep 17 00:00:00 2001 From: Kershaw Chang Date: Tue, 23 Nov 2021 20:13:09 +0000 Subject: [PATCH] Bug 1736611 - Avoid creating runnables after SocketProcessHost is destroyed, r=necko-reviewers,dragana Differential Revision: https://phabricator.services.mozilla.com/D131489 --- netwerk/base/nsIOService.cpp | 4 ++-- netwerk/ipc/SocketProcessHost.cpp | 33 +++++++++++++++++++++++++------ netwerk/ipc/SocketProcessHost.h | 3 ++- 3 files changed, 31 insertions(+), 9 deletions(-) diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp index cf8553bcad50..9ce2384be703 100644 --- a/netwerk/base/nsIOService.cpp +++ b/netwerk/base/nsIOService.cpp @@ -628,9 +628,9 @@ void nsIOService::OnProcessLaunchComplete(SocketProcessHost* aHost, LOG(("nsIOService::OnProcessLaunchComplete aSucceeded=%d\n", aSucceeded)); - mSocketProcessLaunchComplete = true; + mSocketProcessLaunchComplete = aSucceeded; - if (mShutdown || !SocketProcessReady()) { + if (mShutdown || !SocketProcessReady() || !aSucceeded) { return; } diff --git a/netwerk/ipc/SocketProcessHost.cpp b/netwerk/ipc/SocketProcessHost.cpp index 5bd6bdf87d04..9c52d89b3334 100644 --- a/netwerk/ipc/SocketProcessHost.cpp +++ b/netwerk/ipc/SocketProcessHost.cpp @@ -38,7 +38,7 @@ bool SocketProcessHost::sLaunchWithMacSandbox = false; SocketProcessHost::SocketProcessHost(Listener* aListener) : GeckoChildProcessHost(GeckoProcessType_Socket), mListener(aListener), - mTaskFactory(this), + mTaskFactory(Some(this)), mLaunchPhase(LaunchPhase::Unlaunched), mShutdownRequested(false), mChannelClosed(false) { @@ -78,6 +78,18 @@ bool SocketProcessHost::Launch() { return true; } +static void HandleErrorAfterDestroy( + RefPtr&& aListener) { + if (!aListener) { + return; + } + + NS_DispatchToMainThread(NS_NewRunnableFunction( + "HandleErrorAfterDestroy", [listener = std::move(aListener)]() { + listener->OnProcessLaunchComplete(nullptr, false); + })); +} + void SocketProcessHost::OnChannelConnected(int32_t peer_pid) { MOZ_ASSERT(!NS_IsMainThread()); @@ -88,8 +100,13 @@ void SocketProcessHost::OnChannelConnected(int32_t peer_pid) { RefPtr runnable; { MonitorAutoLock lock(mMonitor); - runnable = mTaskFactory.NewRunnableMethod( - &SocketProcessHost::OnChannelConnectedTask); + if (!mTaskFactory) { + HandleErrorAfterDestroy(std::move(mListener)); + return; + } + runnable = + (*mTaskFactory) + .NewRunnableMethod(&SocketProcessHost::OnChannelConnectedTask); } NS_DispatchToMainThread(runnable); } @@ -103,8 +120,12 @@ void SocketProcessHost::OnChannelError() { RefPtr runnable; { MonitorAutoLock lock(mMonitor); - runnable = - mTaskFactory.NewRunnableMethod(&SocketProcessHost::OnChannelErrorTask); + if (!mTaskFactory) { + HandleErrorAfterDestroy(std::move(mListener)); + return; + } + runnable = (*mTaskFactory) + .NewRunnableMethod(&SocketProcessHost::OnChannelErrorTask); } NS_DispatchToMainThread(runnable); } @@ -223,7 +244,7 @@ void SocketProcessHost::OnChannelClosed() { void SocketProcessHost::DestroyProcess() { { MonitorAutoLock lock(mMonitor); - mTaskFactory.RevokeAll(); + mTaskFactory.reset(); } GetCurrentSerialEventTarget()->Dispatch(NS_NewRunnableFunction( diff --git a/netwerk/ipc/SocketProcessHost.h b/netwerk/ipc/SocketProcessHost.h index beb1e13c8918..105a90e3a296 100644 --- a/netwerk/ipc/SocketProcessHost.h +++ b/netwerk/ipc/SocketProcessHost.h @@ -6,6 +6,7 @@ #ifndef mozilla_net_SocketProcessHost_h #define mozilla_net_SocketProcessHost_h +#include "mozilla/Maybe.h" #include "mozilla/UniquePtr.h" #include "mozilla/ipc/GeckoChildProcessHost.h" #include "mozilla/MemoryReportingProcess.h" @@ -109,7 +110,7 @@ class SocketProcessHost final : public mozilla::ipc::GeckoChildProcessHost { DISALLOW_COPY_AND_ASSIGN(SocketProcessHost); RefPtr mListener; - mozilla::ipc::TaskFactory mTaskFactory; + mozilla::Maybe> mTaskFactory; enum class LaunchPhase { Unlaunched, Waiting, Complete }; LaunchPhase mLaunchPhase;