Closed Bug 1333142 Opened 8 years ago Closed 8 years ago

Audit all AsyncOpen2 implementations for leakiness

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla54
Tracking Flags:
Tracking Status
firefox52 --- wontfix
firefox53 --- fixed
firefox54 --- fixed

People

(Reporter: bzbarsky, Assigned: mcmanus)

Details

(Keywords: memory-leak, Whiteboard: [necko-next])

Attachments

(1 file)

audit asyncopen2 impls for callback release on failure
11.51 KB, patch
dragana
: review+
gchang
: approval-mozilla-aurora+
Details | Diff | Splinter Review
When AsyncOpen2 got implemented, it seems to have introduces various leak footguns akin to the one that got tickled in bug 1333106. For example, in addition to the HTTP bits I'm fixing in bug 1333106, nsBaseChannel::AsyncOpen nulls out mListener on failure codepaths, but nsBaseChannel::AsyncOpen2 does not. I'm fixing the HTTP bits, but we should probably audit all other AsyncOpen2 implementations and ensure that they do the right thing. It doesn't help too much that it's not clear what the right thing _is_. If the right thing is that callers should drop the channel ref as soon as AsyncOpen2 fails, then we need to audit the callers instead, of course.
Flags: needinfo?(mcmanus)
Flags: needinfo?(ckerschb)
(In reply to Boris Zbarsky [:bz] (still a bit busy) from comment #0) > When AsyncOpen2 got implemented, it seems to have introduces various leak > footguns akin to the one that got tickled in bug 1333106. For example, in > addition to the HTTP bits I'm fixing in bug 1333106, > nsBaseChannel::AsyncOpen nulls out mListener on failure codepaths, but > nsBaseChannel::AsyncOpen2 does not. > seems like it should. christoph? > I'm fixing the HTTP bits, but we should probably audit all other AsyncOpen2 > implementations and ensure that they do the right thing. > > It doesn't help too much that it's not clear what the right thing _is_. If > the right thing is that callers should drop the channel ref as soon as > AsyncOpen2 fails, then we need to audit the callers instead, of course. they shouldn't have to do that - though it seems like a good idea
Flags: needinfo?(mcmanus)
> they shouldn't have to do that Then we really need to audit all of our channels' AsyncOpen implementations carefully too. I bet at least some forget to drop references on failure in some cases....
(In reply to Patrick McManus [:mcmanus] from comment #1) > (In reply to Boris Zbarsky [:bz] (still a bit busy) from comment #0) > > When AsyncOpen2 got implemented, it seems to have introduces various leak > > footguns akin to the one that got tickled in bug 1333106. For example, in > > addition to the HTTP bits I'm fixing in bug 1333106, > > nsBaseChannel::AsyncOpen nulls out mListener on failure codepaths, but > > nsBaseChannel::AsyncOpen2 does not. > > > seems like it should. christoph? Yes, code around AsyncOpen2() should behave exactly the same like asyncOpen() does/did. In that particular case AsyncOpen2() on failure should also result in nulling out mListener. > > I'm fixing the HTTP bits, but we should probably audit all other AsyncOpen2 > > implementations and ensure that they do the right thing. Pat, any chance I could convince Necko folks to look into auditing all of those callsites?
Flags: needinfo?(ckerschb)
Christoph has a question for you :)
Flags: needinfo?(mcmanus)
Whiteboard: [necko-next]
I'll go through these
Flags: needinfo?(mcmanus)
Assignee: nobody → mcmanus
Status: NEW → ASSIGNED
I found a few more instances of the same problem, and a couple cases where even asyncOpen() wasn't releasing the callbacks.
Attachment #8835103 - Flags: review?(dd.mozilla) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/b5f610c22132f1af5c816c70fe7036986c9b23c1 Bug 1333142 - audit asyncopen2 impls for callback release on failure r=dragana
https://hg.mozilla.org/mozilla-central/rev/b5f610c22132
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox54: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
(In reply to Patrick McManus [:mcmanus] from comment #8) > I found a few more instances of the same problem, and a couple cases where > even asyncOpen() wasn't releasing the callbacks. Thanks a lot for auditing and fixing all of these!
Please request Aurora/Beta approval on this when you get a chance.
Flags: needinfo?(mcmanus)
I'm thinking just aurora on this one. These potential leaks are only negative test cases and now that the basic http channels are covered separately, are unlikely to be invoked at high volume. And on the risk side the patch is fairly broad - so we can let it bake for a cycle.
Flags: needinfo?(mcmanus)
Comment on attachment 8835103 [details] [diff] [review] audit asyncopen2 impls for callback release on failure Approval Request Comment [Feature/Bug causing the regression]: AsyncOpen2 Security Checks [User impact if declined]: security error path leaks in icon, jar, wyciwyg, and addon created channels. [Is this code covered by automated tests?]: 50/50 [Has the fix been verified in Nightly?]: in nightly [Needs manual test from QE? If yes, steps to reproduce]: no [List of other uplifts needed for the feature/fix]:none [Is the change risky?]: touches a fairly broad range of code, and correct related legacy leaks older than the asyncopen2 checks [Why is the change risky/not risky?]:see above and comment 13 [String changes made/needed]:
Attachment #8835103 - Flags: approval-mozilla-aurora?
Comment on attachment 8835103 [details] [diff] [review] audit asyncopen2 impls for callback release on failure Fix a leaking issue related AsyncOpen2. Aurora53+.
Attachment #8835103 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: