Bug 1430508: Return 0 for ProcessId() when channel IPC is closed. r?dragana
There are some corner cases where we try to attach StreamFilter endpoints to a
channel after its IPC has been closed from from the other side, but request
listeners haven't been notified. This causes crashes in any of several places.
This patch changes nsHttpChannel::ProcessId to return 0 when IPC is closed, so
callers can detect that it's no longer possible to attach endpoints to it.
MozReview-Commit-ID: BZTOqezih0P
--- a/netwerk/protocol/http/HttpChannelParent.cpp
+++ b/netwerk/protocol/http/HttpChannelParent.cpp
@@ -260,16 +260,25 @@ HttpChannelParent::CleanupBackgroundChan
// is still on going. we need to abort AsyncOpen with failure to destroy
// PHttpChannel actor.
if (mAsyncOpenBarrier) {
TryInvokeAsyncOpen(NS_ERROR_FAILURE);
}
}
}
+base::ProcessId
+HttpChannelParent::OtherPid() const
+{
+ if (mIPCClosed) {
+ return 0;
+ }
+ return Manager()->OtherPid();
+}
+
//-----------------------------------------------------------------------------
// HttpChannelParent::nsISupports
//-----------------------------------------------------------------------------
NS_IMPL_ADDREF(HttpChannelParent)
NS_IMPL_RELEASE(HttpChannelParent)
NS_INTERFACE_MAP_BEGIN(HttpChannelParent)
NS_INTERFACE_MAP_ENTRY(nsIInterfaceRequestor)
--- a/netwerk/protocol/http/HttpChannelParent.h
+++ b/netwerk/protocol/http/HttpChannelParent.h
@@ -115,16 +115,18 @@ public:
// Calls SendSetPriority if mIPCClosed is false.
void DoSendSetPriority(int16_t aValue);
// Callback while background channel is ready.
void OnBackgroundParentReady(HttpBackgroundChannelParent* aBgParent);
// Callback while background channel is destroyed.
void OnBackgroundParentDestroyed();
+ base::ProcessId OtherPid() const override;
+
protected:
// used to connect redirected-to channel in parent with just created
// ChildChannel. Used during redirects.
MOZ_MUST_USE bool ConnectChannel(const uint32_t& channelId,
const bool& shouldIntercept);
MOZ_MUST_USE bool
DoAsyncOpen(const URIParams& uri,
--- a/toolkit/components/extensions/webrequest/StreamFilterParent.cpp
+++ b/toolkit/components/extensions/webrequest/StreamFilterParent.cpp
@@ -131,19 +131,22 @@ StreamFilterParent::Create(dom::ContentP
auto& webreq = WebRequestService::GetSingleton();
RefPtr<nsAtom> addonId = NS_Atomize(aAddonId);
nsCOMPtr<nsITraceableChannel> channel = webreq.GetTraceableChannel(aChannelId, addonId, aContentParent);
RefPtr<nsHttpChannel> chan = do_QueryObject(channel);
NS_ENSURE_TRUE(chan, false);
+ auto channelPid = chan->ProcessId();
+ NS_ENSURE_TRUE(channelPid, false);
+
Endpoint<PStreamFilterParent> parent;
Endpoint<PStreamFilterChild> child;
- nsresult rv = PStreamFilter::CreateEndpoints(chan->ProcessId(),
+ nsresult rv = PStreamFilter::CreateEndpoints(channelPid,
aContentParent ? aContentParent->OtherPid()
: base::GetCurrentProcId(),
&parent, &child);
NS_ENSURE_SUCCESS(rv, false);
if (!chan->AttachStreamFilter(Move(parent))) {
return false;
}