Mercurial > mozreview > gecko / changeset / 968cad980dabe6bf92dc17f7d23a8abfb3ca585a
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1432409 part 1 - Prevent nsDeviceContextSpecProxy using RemotePrintJobChild if initialization fails. r=dholbert draft
authorJonathan Watt <jwatt@jwatt.org>
Tue, 20 Feb 2018 00:54:32 +0000
changeset 757117 968cad980dabe6bf92dc17f7d23a8abfb3ca585a
parent 750849 679f0b767fc68047fef60ad8339565b8e11f6cef
child 757118 db86106b6f4586a4566936c0335f86894d5c4f7e
push id99671
push userjwatt@jwatt.org
push dateTue, 20 Feb 2018 00:56:02 +0000
reviewersdholbert
bugs1432409
milestone60.0a1
Bug 1432409 part 1 - Prevent nsDeviceContextSpecProxy using RemotePrintJobChild if initialization fails. r=dholbert When RemotePrintJobChild::InitializePrint sends a message to the parent process to ask it to initialize printing it spins the event loop and waits for a reply. If the parent fails to initialize printing it will send back an error message followed immediately by a second message telling the child process to delete its RemotePrintJobParent. The error message causes the nested event loop to terminate and blocks RemotePrintJobChild::InitializePrint. We then do various async things to clean up, some of which can try to post messages to the parent process's RemotePrintJobParent. This is a problem since the delete message is pending in the content process's event loop resulting in a race between the code that wants to use the RemotePrintJobChild to send a message to the parent process, and the delete event that will make us crash if anyone tries to use the RemotePrintJobChild. This patch makes sure that nsDeviceContextSpecProxy's BeginDocument, EndDocument and AbortDocument are no-ops and will not try to use the RemotePrintJobChild if initialization failed. MozReview-Commit-ID: 2H6GHjngX7R
widget/nsDeviceContextSpecProxy.cpp file | annotate | diff | comparison | revisions 
--- a/widget/nsDeviceContextSpecProxy.cpp
+++ b/widget/nsDeviceContextSpecProxy.cpp
@@ -134,32 +134,44 @@ nsDeviceContextSpecProxy::GetPrintingSca
 }
 
 NS_IMETHODIMP
 nsDeviceContextSpecProxy::BeginDocument(const nsAString& aTitle,
                                         const nsAString& aPrintToFileName,
                                         int32_t aStartPage, int32_t aEndPage)
 {
   mRecorder = new mozilla::layout::DrawEventRecorderPRFileDesc();
-  return mRemotePrintJob->InitializePrint(nsString(aTitle),
-                                          nsString(aPrintToFileName),
-                                          aStartPage, aEndPage);
+  nsresult rv = mRemotePrintJob->InitializePrint(nsString(aTitle),
+                                                 nsString(aPrintToFileName),
+                                                 aStartPage, aEndPage);
+  if (NS_FAILED(rv)) {
+    // The parent process will send a 'delete' message to tell this process to
+    // delete our RemotePrintJobChild.  As soon as we return to the event loop
+    // and evaluate that message we will crash if we try to access
+    // mRemotePrintJob.  We must not try to use it again.
+    mRemotePrintJob = nullptr;
+  }
+  return rv;
 }
 
 NS_IMETHODIMP
 nsDeviceContextSpecProxy::EndDocument()
 {
-  Unused << mRemotePrintJob->SendFinalizePrint();
+  if (mRemotePrintJob) {
+    Unused << mRemotePrintJob->SendFinalizePrint();
+  }
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsDeviceContextSpecProxy::AbortDocument()
 {
-  Unused << mRemotePrintJob->SendAbortPrint(NS_OK);
+  if (mRemotePrintJob) {
+    Unused << mRemotePrintJob->SendAbortPrint(NS_OK);
+  }
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsDeviceContextSpecProxy::BeginPage()
 {
   mRecorder->OpenFD(mRemotePrintJob->GetNextPageFD());
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.