Closed Bug 1301519 Opened 8 years ago Closed 8 years ago

GetCurrentThreadWorkerPrivate() crashes if called due to nsCycleCollector_shutdown()

Categories

(Core :: DOM: Workers, defect)

Product:
Core
Component:
DOM: Workers
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla51
Tracking Flags:
Tracking Status
firefox51 --- fixed

People

(Reporter: bkelly, Assigned: bkelly)

References

Details

Attachments

(1 file, 1 obsolete file)

Don't crash if GetCurrentThreadWorkerPrivate() is called during worker shutdown. r=baku
1.49 KB, patch
baku
: review+
Details | Diff | Splinter Review 
While working on bug 1300658 I have run into a crash in GetCurrentThreadWorkerPrivate().  Basically we are getting a nullptr context private here:

  https://dxr.mozilla.org/mozilla-central/source/dom/workers/RuntimeService.cpp#1459

This is happening because the GetCurrentThreadWorkerPrivate() is being called in clean up code triggered by the nsCycleCollector_shutdown() here:

  https://dxr.mozilla.org/mozilla-central/source/dom/workers/RuntimeService.cpp#1071

The cycle collector shutdown occurs after clearing the context private.
Currently there is a window during ~WorkerJSRuntime() where the context private has been cleared, but the CycleCollectedRuntime::Get() method will still return non-nullptr.

This is a problem if anything tries to call GetCurrentThreadWorkerPrivate() during this window.  Unfortunately, ~WorkerJSRuntime() also calls nsCycleCollector_shutdown() at this point.  This can execute arbitrary code through the destructors of cycle collected objects.

This patch makes us handle the nullptr context private a bit better.

https://treeherder.mozilla.org/#/jobs?repo=try&revision=a95c0fdabb09
Attachment #8789572 - Flags: review?(amarchesini)
Removed unrelated code from patch.  Please see previous comments for explanation.
Attachment #8789572 - Attachment is obsolete: true
Attachment #8789572 - Flags: review?(amarchesini)
Attachment #8789573 - Flags: review?(amarchesini)
Attachment #8789573 - Flags: review?(amarchesini) → review+
Pushed by bkelly@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/00f3449636ba
Don't crash if GetCurrentThreadWorkerPrivate() is called during worker shutdown. r=baku
https://hg.mozilla.org/mozilla-central/rev/00f3449636ba
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox51: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: