Closed Bug 690425 Opened 13 years ago Closed 12 years ago

HttpChannelChild incorrectly attempts to delete actor when kept alive connection dies

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla13

People

(Reporter: jdm, Assigned: justin.lebar+bug)

References

Details

(Whiteboard: [mentor=jdm] [lang=c++])

Attachments

(2 files)

Stack trace demonstrating the problem
2.26 KB, text/plain
Details
Patch v1
1.22 KB, patch
jdm
: review+
jduell.mcbugs
: review+
Details | Diff | Splinter Review 
Easy way to reproduce:
1. build fennec
2. visit http://ted.mielczarek.org/mozilla/crashme.html, install the addon linked there
3. restart once the addon has installed
4. observe crash in content process
Darn, I forgot to keep in mind that actors can die inadvertently when reviewing the changes in bug 588256. We should get rid of the mIPCOpen assertion in HttpChannelChild::Release and add mIPCOpen as a condition for the whole if branch instead.
Blocks: 588256
Whiteboard: [mentor=jdm] → [mentor=jdm] [lang=c++]
Hmm, from the first look it seems that the parent is not giving the child channel information it is gone, right?  I though this never could happen.  (But maybe I'm out now).
The problem is that if a channel is kept alive in OnStopRequest, we just assume that we should send an IPDL message to delete the actor in Release. However, if we're releasing because the IPDL actor has been destroyed, we should not do this.
Should we delete this if |mKeptAlive && mRefCnt == 1 && !mIPCOpen|, or should we just return mRefCnt?
If the refcount is 1 and mIPCOpen is false, that means that somebody is holding a reference to the channel. Deleting at this point would be bad.
Attached patch Patch v1Splinter Review 

        Attachment #595534 -
        Flags: review?(josh)

    
  

        Attachment #595534 -
        Flags: review?(josh) → review+

    
    

    
  
Comment on attachment 595534 [details] [diff] [review]
Patch v1

Review of attachment 595534 [details] [diff] [review]:
-----------------------------------------------------------------

Yup, looks good.  Thanks!

        Attachment #595534 -
        Flags: review+

    
    

    
  
Landed: cd44c3d677ef
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/cd44c3d677ef
Assignee: nobody → justin.lebar+bug
Target Milestone: --- → mozilla13

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: