Bug 1322610 - MOZ_DIAGNOSTIC_ASSERT that serialized load context is not null in HttpChannelChild r=mcmanus
As part of network security, we currently crash the main process in NeckoParent::GetValidatedOriginAttributes if the SerializedLoadContext is null. This makes it difficult to find out who created the channel that has a null SLC. Adding this assertion to the child allows us to get a nice stack trace and maybe identify the root cause.
MozReview-Commit-ID: 7rz91oEaiRi
--- a/netwerk/protocol/http/HttpChannelChild.cpp
+++ b/netwerk/protocol/http/HttpChannelChild.cpp
@@ -58,16 +58,20 @@
#endif
using namespace mozilla::dom;
using namespace mozilla::ipc;
namespace mozilla {
namespace net {
+#if defined(NIGHTLY_BUILD) || defined(MOZ_DEV_EDITION) || defined(DEBUG)
+static bool gIPCSecurityDisabled = false;
+#endif
+
NS_IMPL_ISUPPORTS(InterceptStreamListener,
nsIStreamListener,
nsIRequestObserver,
nsIProgressEventSink)
NS_IMETHODIMP
InterceptStreamListener::OnStartRequest(nsIRequest* aRequest, nsISupports* aContext)
{
@@ -176,16 +180,25 @@ HttpChannelChild::HttpChannelChild()
, mEventTargetMutex("HttpChannelChild::EventTargetMutex")
{
LOG(("Creating HttpChannelChild @%p\n", this));
mChannelCreationTime = PR_Now();
mChannelCreationTimestamp = TimeStamp::Now();
mAsyncOpenTime = TimeStamp::Now();
mEventQ = new ChannelEventQueue(static_cast<nsIHttpChannel*>(this));
+
+#if defined(NIGHTLY_BUILD) || defined(MOZ_DEV_EDITION) || defined(DEBUG)
+ static bool sSecurityPrefChecked = false;
+ if (!sSecurityPrefChecked) {
+ Preferences::AddBoolVarCache(&gIPCSecurityDisabled,
+ "network.disable.ipc.security");
+ sSecurityPrefChecked = true;
+ }
+#endif
}
HttpChannelChild::~HttpChannelChild()
{
LOG(("Destroying HttpChannelChild @%p\n", this));
ReleaseMainThreadOnlyReferences();
}
@@ -1820,19 +1833,22 @@ HttpChannelChild::ConnectParent(uint32_t
// This must happen before the constructor message is sent. Otherwise messages
// from the parent could arrive quickly and be delivered to the wrong event
// target.
SetEventTarget();
HttpChannelConnectArgs connectArgs(registrarId, mShouldParentIntercept);
PBrowserOrId browser = static_cast<ContentChild*>(gNeckoChild->Manager())
->GetBrowserOrId(tabChild);
+ IPC::SerializedLoadContext slc(this);
+ MOZ_DIAGNOSTIC_ASSERT(gIPCSecurityDisabled || slc.IsNotNull(),
+ "SerializedLoadContext should not be null");
if (!gNeckoChild->
SendPHttpChannelConstructor(this, browser,
- IPC::SerializedLoadContext(this),
+ slc,
connectArgs)) {
return NS_ERROR_FAILURE;
}
{
MOZ_ASSERT(!mBgChild);
RefPtr<HttpBackgroundChannelChild> bgChild =
@@ -2463,18 +2479,21 @@ HttpChannelChild::ContinueAsyncOpen()
// target.
SetEventTarget();
// The socket transport in the chrome process now holds a logical ref to us
// until OnStopRequest, or we do a redirect, or we hit an IPDL error.
AddIPDLReference();
PBrowserOrId browser = cc->GetBrowserOrId(tabChild);
+ IPC::SerializedLoadContext slc(this);
+ MOZ_DIAGNOSTIC_ASSERT(gIPCSecurityDisabled || slc.IsNotNull(),
+ "SerializedLoadContext should not be null");
if (!gNeckoChild->SendPHttpChannelConstructor(this, browser,
- IPC::SerializedLoadContext(this),
+ slc,
openArgs)) {
return NS_ERROR_FAILURE;
}
{
// Service worker might use the same HttpChannelChild to do async open
// twice. Need to disconnect with previous background channel before
// creating the new one.