1246788 - crash in jemalloc_crash | arena_dalloc | mozilla::AndroidBridge::RunDelayedUiThreadTasks

Status: RESOLVED FIXED

(Core Graveyard :: Widget: Android, defect)

Description

[(inactive) Jim Chen [:jchen] [:darchons]]

This bug was filed from the Socorro interface and is 
report bp-74f9f4c4-585d-45b2-bd41-5abbe2160202.
=============================================================

Discussed with :rbarker on IRC, and we think these crashes are caused by race conditions in AndroidBridge::PostTaskToUiThread and AndroidBridge::RunDelayedUiThreadTasks, i.e. access to mDelayedTaskQueue is not synchronized. I think that used to be okay, but now we are using PostTaskToUiThread in several places off of UI thread, so we should synchronize.

We should probably add a lock to synchronize mDelayedTaskQueue access, and make sure to temporarily unlock when running a particular task, so that a task posting another task doesn't cause a deadlock (or use a re-entrant lock).

Comment 1

[(inactive) Jim Chen [:jchen] [:darchons]]

Attachment: Properly synchronize and manage UI thread tasks (v1)

I think there's a memory leak too to go with the race condition... The inner
task isn't deleted after it runs in AndroidBridge::RunDelayedUiThreadTasks.

This patch adds proper synchronization to the UI thread task queue so we don't
run into race conditions. It also uses UniquePtr to manage the contained task,
to fix the memory leak.

Comment 2

[Pulsebot]

https://hg.mozilla.org/integration/mozilla-inbound/rev/3bf743cb7421

Comment 3

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/3bf743cb7421