Mercurial > mozreview > gecko / changeset / 59e2510a9d4c2343dcde91a572a3d354a15c162f
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1310152 - AsyncClone may try to reuse a freed Critical Section in Sqlite. r=asuth draft
authorMarco Bonardo <mbonardo@mozilla.com>
Thu, 03 Nov 2016 15:31:31 +0100
changeset 433342 59e2510a9d4c2343dcde91a572a3d354a15c162f
parent 432230 3e73fd638e687a4d7f46613586e5156b8e2af846
child 535863 3086954236ee47e1cb8f0bd9345cf2a4dcb3314b
push id34551
push usermak77@bonardo.net
push dateThu, 03 Nov 2016 15:05:59 +0000
reviewersasuth
bugs1310152
milestone52.0a1
Bug 1310152 - AsyncClone may try to reuse a freed Critical Section in Sqlite. r=asuth MozReview-Commit-ID: LW0esWlNfQQ
storage/mozStorageConnection.cpp file | annotate | diff | comparison | revisions
storage/test/unit/test_storage_connection.js file | annotate | diff | comparison | revisions 
--- a/storage/mozStorageConnection.cpp
+++ b/storage/mozStorageConnection.cpp
@@ -421,17 +421,17 @@ public:
     , mClone(aClone)
     , mReadOnly(aReadOnly)
     , mCallback(aCallback)
   {
     MOZ_ASSERT(NS_IsMainThread());
   }
 
   NS_IMETHOD Run() override {
-    MOZ_ASSERT (NS_GetCurrentThread() == mClone->getAsyncExecutionTarget());
+    MOZ_ASSERT (NS_GetCurrentThread() == mConnection->getAsyncExecutionTarget());
 
     nsresult rv = mConnection->initializeClone(mClone, mReadOnly);
     if (NS_FAILED(rv)) {
       return Dispatch(rv, nullptr);
     }
     return Dispatch(NS_OK,
                     NS_ISUPPORTS_CAST(mozIStorageAsyncConnection*, mClone));
   }
@@ -1327,17 +1327,20 @@ Connection::AsyncClone(bool aReadOnly,
     flags = (~SQLITE_OPEN_CREATE & flags);
   }
 
   RefPtr<Connection> clone = new Connection(mStorageService, flags,
                                               mAsyncOnly);
 
   RefPtr<AsyncInitializeClone> initEvent =
     new AsyncInitializeClone(this, clone, aReadOnly, aCallback);
-  nsCOMPtr<nsIEventTarget> target = clone->getAsyncExecutionTarget();
+  // Dispatch to our async thread, since the originating connection must remain
+  // valid and open for the whole cloning process.  This also ensures we are
+  // properly serialized with a `close` operation, rather than race with it.
+  nsCOMPtr<nsIEventTarget> target = getAsyncExecutionTarget();
   if (!target) {
     return NS_ERROR_UNEXPECTED;
   }
   return target->Dispatch(initEvent, NS_DISPATCH_NORMAL);
 }
 
 nsresult
 Connection::initializeClone(Connection* aClone, bool aReadOnly)
--- a/storage/test/unit/test_storage_connection.js
+++ b/storage/test/unit/test_storage_connection.js
@@ -426,25 +426,26 @@ add_task(function* test_async_open_with_
     }
   });
   do_check_true(found);
   stmt.finalize();
   yield asyncClose(adb);
 });
 
 add_task(function* test_clone_trivial_async() {
-  let db1 = getService().openDatabase(getTestDB());
-  do_print("Opened adb1");
-  do_check_true(db1 instanceof Ci.mozIStorageAsyncConnection);
-  let adb2 = yield asyncClone(db1, true);
-  do_check_true(adb2 instanceof Ci.mozIStorageAsyncConnection);
-  do_print("Cloned to adb2");
-  db1.close();
-  do_print("Closed db1");
-  yield asyncClose(adb2);
+  do_print("Open connection");
+  let db = getService().openDatabase(getTestDB());
+  do_check_true(db instanceof Ci.mozIStorageAsyncConnection);
+  do_print("AsyncClone connection");
+  let clone = yield asyncClone(db, true);
+  do_check_true(clone instanceof Ci.mozIStorageAsyncConnection);
+  do_print("Close connection");
+  yield asyncClose(db);
+  do_print("Close clone");
+  yield asyncClose(clone);
 });
 
 add_task(function* test_clone_no_optional_param_async() {
   "use strict";
   do_print("Testing async cloning");
   let adb1 = yield openAsyncDatabase(getTestDB(), null);
   do_check_true(adb1 instanceof Ci.mozIStorageAsyncConnection);
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.