Bug 1427079 - Don't let disposed window be read from parcels; r=snorp

It's possible for parcels derived from the session to outlast the
session lifecycle. This patch makes us return null when trying to
retrieve window objects using stale parcels.

MozReview-Commit-ID: 3Vp6T3uCEBt

--HG--
extra : rebase_source : 5e6b5d71786b326a0f47781cdb8dd5ea90ae71d6

mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoSession.java

@@ -296,7 +296,7 @@ public class GeckoSession extends LayerSession
         }
 
         @Override // IInterface
-        public IBinder asBinder() {
+        public Binder asBinder() {
             if (mBinder == null) {
                 mBinder = new Binder();
                 mBinder.attachInterface(this, Window.class.getName());
@@ -310,8 +310,16 @@ public class GeckoSession extends LayerSession
                                        GeckoBundle settings, String chromeUri,
                                        int screenId, boolean privateMode);
 
-        @WrapForJNI(dispatchTo = "proxy")
-        @Override protected native void disposeNative();
+        @Override // JNIObject
+        protected void disposeNative() {
+            // Detach ourselves from the binder as well, to prevent this window from being
+            // read from any parcels.
+            asBinder().attachInterface(null, Window.class.getName());
+            nativeDisposeNative();
+        }
+
+        @WrapForJNI(dispatchTo = "proxy", stubName = "DisposeNative")
+        private native void nativeDisposeNative();
 
         @WrapForJNI(dispatchTo = "proxy")
         public native void close();

widget/android/GeneratedJNIWrappers.h

@@ -2292,7 +2292,7 @@ public:
         typedef void ReturnType;
         typedef void SetterType;
         typedef mozilla::jni::Args<> Args;
-        static constexpr char name[] = "disposeNative";
+        static constexpr char name[] = "nativeDisposeNative";
         static constexpr char signature[] =
                 "()V";
         static const bool isStatic = false;