зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1677555 - Always release imgRequestProxy async. r=tnikkel
In this particular case the issue wouldn't end up in any sort of memory corruption if we didn't safely crash, but these are quite tricky to reason about, so it's better to avoid the reentrancy altogether if possible. I tried to convert the fuzzer test-case in a crashtest but failed (as in, it didn't crash without the patch under the test harness). Differential Revision: https://phabricator.services.mozilla.com/D115943
This commit is contained in:
Родитель
1258043a90
Коммит
5b5089618f
|
@ -188,14 +188,11 @@ class StyleImageRequestCleanupTask final : public mozilla::Runnable {
|
|||
// This is defined here for parallelism with LoadURI.
|
||||
void Gecko_LoadData_Drop(StyleLoadData* aData) {
|
||||
if (aData->resolved_image) {
|
||||
// We want to dispatch this async to prevent reentrancy issues, as
|
||||
// imgRequestProxy going away can destroy documents, etc, see bug 1677555.
|
||||
auto task = MakeRefPtr<StyleImageRequestCleanupTask>(*aData);
|
||||
if (NS_IsMainThread()) {
|
||||
task->Run();
|
||||
} else {
|
||||
// if Resolve was not called at some point, mDocGroup is not set.
|
||||
SchedulerGroup::Dispatch(TaskCategory::Other, task.forget());
|
||||
}
|
||||
}
|
||||
|
||||
// URIs are safe to refcount from any thread.
|
||||
NS_IF_RELEASE(aData->resolved_uri);
|
||||
|
|
Загрузка…
Ссылка в новой задаче