SharedMemory::FindFreeAddressSpace will bogusly try to do `munmap(MAP_FAILED, size)`
if the preceding `mmap` fails. This patch guards the `munmap` with a failure check.
Differential Revision: https://phabricator.services.mozilla.com/D192799
As we are seeing test failures that suggest that proper shutdown
sometimes requires extra time in debug builds, let's try to upgrade
kShutdownWaitMs from 8 to 20 seconds for those.
Differential Revision: https://phabricator.services.mozilla.com/D192694
If someone tried to serialize a zero-size ByteBuf, it could add a
zero-length segment to the `BufferList` and cause an assertion failure
later when trying to send the message. This patch makes it a no-op (and
frees the supplied buffer, because the BufferList becomes its owner).
We previously asserted against adding zero-*capacity* segments (likely
also zero size, but possibly not) with WriteBytesZeroCopy, but only on
debug builds, and it was likely happening on release builds despite
that. That case is now allowed.
Also, error handling for `BufferList::WriteBytesZeroCopy` has been
improved. (This doesn't affect `Pickle` because it's using infallible
allocation, and no other instances of `BufferList` seem to use
`WriteBytesZeroCopy` at this time.)
Differential Revision: https://phabricator.services.mozilla.com/D192531
Despite having passed through test-verify cleanly, the crash test is
still sometimes failing due to a dump not being generated.
Increase it to one full second, to give the file dialog time to open. If
this doesn't suffice we'll have to either add another flavor of promise
in the test-only code, or disable the test entirely.
Differential Revision: https://phabricator.services.mozilla.com/D192101
Implement a mochitest confirming the stability of Firefox when the
file-picker crashes (patterned loosely off the existing geolocation
crash tests).
Differential Revision: https://phabricator.services.mozilla.com/D184723
When opening a new Windows file dialog, open it out-of-process if
possible. Fall back to opening it in-process if that fails. (This
behavior is configurable with a pref.)
Differential Revision: https://phabricator.services.mozilla.com/D180343
The IPC subsystem effectively owns IPC actors, and requires an explicit
call to `Close()` to destroy a toplevel actor: releasing the last RefPtr
doesn't cut it. Similarly, the UtilityProcessManager owns the utility
processes it creates, and one must explicitly call `DestroyProcess()`.
Handle both of these lifetime issues by using a custom meta-RefPtr for
WinFileDialogParent which will close the actor and kill the process upon
its final `Release()`.
Differential Revision: https://phabricator.services.mozilla.com/D180345
Create and implement a new top-level IPC protocol, `PWinFileDialog`,
using the primitives from bug 1833450 and the new sandboxing type from
the previous commit.
Again, this commit does not actually create any instances of the new
protocol; that will come in a later commit in this patchset.
Differential Revision: https://phabricator.services.mozilla.com/D180342
Create a new utility-process type for the sole use of out-of-process
instantiation of the Windows file dialog.
We do not sandbox this process type, as in certain test environments
sandboxing has been found to prevent the child process from interacting
with any other windows on the desktop -- including the parent process
window which it will need to assign as the parent of the file dialog.
Technically, no functional changes, as this commit adds no uses of this
type. (That will come later in the patchset.)
Differential Revision: https://phabricator.services.mozilla.com/D180341
This patch adds a new attribute called OverriddenFingerprintingSettings to
nsILoadInfo. The field will be used to decide the granular fingerprinting
protection override of the corresponding channel.
The OverriddenFingerprintingSettings will only get populated if
there is one defined for the context of the channel. Otherwise, a value
of Nothing indicates no granular overrides are present for the channel..
Differential Revision: https://phabricator.services.mozilla.com/D185011
Sorry this is not a particularly easy patch to review. But it should be
mostly straight-forward.
I kept Document::Dispatch mostly for convenience, but could be
cleaned-up too / changed by SchedulerGroup::Dispatch. Similarly maybe
that can just be NS_DispatchToMainThread if we add an NS_IsMainThread
check there or something (to preserve shutdown semantics).
Differential Revision: https://phabricator.services.mozilla.com/D190450
ipc/glue/ProtocolUtils.cpp:84:20: error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return IPCResult(false);
This error is a regression from bug 1778860.
Differential Revision: https://phabricator.services.mozilla.com/D189082
This adds a small function that concatenates the args (because not
only does the BSD `setproctitle` take a single string, but also the
Linux kernel code that implements `/proc/{pid}/cmdline` won't allow the
"arguments" to extend past their original length unless it's a single
string), and connects it to the fork server.
Differential Revision: https://phabricator.services.mozilla.com/D187635
The major changes:
* Instead of importing `base::ReadFileToString`, which is used only to
determine if a `/proc` pseudo-file contains more than a certain number
of characters, we simply `read` enough to determine that information.
* Instead of importing `base::NoDestructor` and wrapping it around STL
containers, we simply `strdup` the strings we need to copy out of
the initial arg/env area. (In theory this could set off LSan if the
copied string later becomes unreachable, but in practice that doesn't
seem to happen, and it's easily fixable if that changes.)
* Chromium copies only the environment strings and allows the argv
strings to be overwritten; this may be safe for how they access the
command line arguments but it may not be for us, so this patch changes
it to copy all of the strings.
Differential Revision: https://phabricator.services.mozilla.com/D187634
This is `content/common/set_process_title_linux.cc` from Chromium git
revision 5df26a3c960c011f068cea1fa9bc5866aaaa8aa2. This patch includes
only the file and doesn't attempt to build it or modify it to work with
our codebase; future patches will do that.
`about:license` already includes `ipc/chromium/` as a location that may
include code covered by the Chromium license, so this shouldn't need any
additional license acknowledgements.
Differential Revision: https://phabricator.services.mozilla.com/D187633
Unnamed POSIX semaphores are not supported on macOS, nor is timed wait supported on
named POSIX semaphores. SysV semaphores have similar limitations.
Mach semaphores are one of the only clean ways to create unnamed, shareable semaphores
on macOS. As of bug 1734735, we now can transparently send the mach ports across to
other processes without much added code, overall making this implementation of Mach
semaphores fairly easy.
Differential Revision: https://phabricator.services.mozilla.com/D188429
Implement a mochitest confirming the stability of Firefox when the
file-picker crashes (patterned loosely off the existing geolocation
crash tests).
Differential Revision: https://phabricator.services.mozilla.com/D184723
When opening a new Windows file dialog, open it out-of-process if
possible. Fall back to opening it in-process if that fails. (This
behavior is configurable with a pref.)
Differential Revision: https://phabricator.services.mozilla.com/D180343
The IPC subsystem effectively owns IPC actors, and requires an explicit
call to `Close()` to destroy a toplevel actor: releasing the last RefPtr
doesn't cut it. Similarly, the UtilityProcessManager owns the utility
processes it creates, and one must explicitly call `DestroyProcess()`.
Handle both of these lifetime issues by using a custom meta-RefPtr for
WinFileDialogParent which will close the actor and kill the process upon
its final `Release()`.
Differential Revision: https://phabricator.services.mozilla.com/D180345
Create and implement a new top-level IPC protocol, `PWinFileDialog`,
using the primitives from bug 1833450 and the new sandboxing type from
the previous commit.
Again, this commit does not actually create any instances of the new
protocol; that will come in a later commit in this patchset.
Differential Revision: https://phabricator.services.mozilla.com/D180342
