Closed Bug 690425 Opened 8 years ago Closed 8 years ago

HttpChannelChild incorrectly attempts to delete actor when kept alive connection dies

Categories

(Core :: Networking: HTTP, defect)

x86
macOS
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla13

People

(Reporter: jdm, Assigned: justin.lebar+bug)

References

Details

(Whiteboard: [mentor=jdm] [lang=c++])

Attachments

(2 files)

Easy way to reproduce:
1. build fennec
2. visit http://ted.mielczarek.org/mozilla/crashme.html, install the addon linked there
3. restart once the addon has installed
4. observe crash in content process
Darn, I forgot to keep in mind that actors can die inadvertently when reviewing the changes in bug 588256. We should get rid of the mIPCOpen assertion in HttpChannelChild::Release and add mIPCOpen as a condition for the whole if branch instead.
Blocks: 588256
Whiteboard: [mentor=jdm] → [mentor=jdm] [lang=c++]
Hmm, from the first look it seems that the parent is not giving the child channel information it is gone, right?  I though this never could happen.  (But maybe I'm out now).
The problem is that if a channel is kept alive in OnStopRequest, we just assume that we should send an IPDL message to delete the actor in Release. However, if we're releasing because the IPDL actor has been destroyed, we should not do this.
Should we delete this if |mKeptAlive && mRefCnt == 1 && !mIPCOpen|, or should we just return mRefCnt?
If the refcount is 1 and mIPCOpen is false, that means that somebody is holding a reference to the channel. Deleting at this point would be bad.
Attached patch Patch v1Splinter Review
Attachment #595534 - Flags: review?(josh)
Attachment #595534 - Flags: review?(josh) → review+
Comment on attachment 595534 [details] [diff] [review]
Patch v1

Review of attachment 595534 [details] [diff] [review]:
-----------------------------------------------------------------

Yup, looks good.  Thanks!
Attachment #595534 - Flags: review+
Landed: cd44c3d677ef
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
https://hg.mozilla.org/mozilla-central/rev/cd44c3d677ef
Assignee: nobody → justin.lebar+bug
Target Milestone: --- → mozilla13
You need to log in before you can comment on or make changes to this bug.