Bug 1477881 - Ensure AutoplayPermissionRequest can't double report a response. r?alwu
We cancel the permission request in the AutoplayPermissionRequest destructor,
and if we get a genuine cancel from the doorhanger. The Request reports the
cancel to the AutoplayPermissionManager, but we reuse the same manager across
different requests. So if a second request for permission comes in, we create a
new AutoplayPermissionRequest and fire that off to the front end code, but the
first request could be destroyed after the second request is dispatched but
before the response for the second request has retuned. Thus and the cancel in
the first's destructor could be reported to the manager as the second's result.
We should clear the AutoplayPermissionRequest's reference to the Manager in
Approve() and Cancel() so that we can't mixup the responses like this.
MozReview-Commit-ID: 1qYJfLOaqST
--- a/dom/html/AutoplayPermissionRequest.cpp
+++ b/dom/html/AutoplayPermissionRequest.cpp
@@ -91,25 +91,31 @@ AutoplayPermissionRequest::GetIsHandling
return NS_OK;
}
NS_IMETHODIMP
AutoplayPermissionRequest::Cancel()
{
if (mManager) {
mManager->DenyPlayRequest();
+ // Clear reference to manager, so we can't double report a result.
+ // This could happen in particular if we call Cancel() in the destructor.
+ mManager = nullptr;
}
return NS_OK;
}
NS_IMETHODIMP
AutoplayPermissionRequest::Allow(JS::HandleValue aChoices)
{
if (mManager) {
mManager->ApprovePlayRequest();
+ // Clear reference to manager, so we can't double report a result.
+ // This could happen in particular if we call Cancel() in the destructor.
+ mManager = nullptr;
}
return NS_OK;
}
NS_IMETHODIMP
AutoplayPermissionRequest::GetRequester(
nsIContentPermissionRequester** aRequester)
{