From 5c6bfb7d9acc0636bd08d79bf47f66ed5a8e26e3 Mon Sep 17 00:00:00 2001 From: Yaron Tausky Date: Thu, 20 Feb 2020 13:06:18 +0000 Subject: [PATCH] Bug 1610692 - Move call that can run content code out of constructor. r=dom-workers-and-storage-reviewers,asuth ServiceWorkerRegistration::UpdateState can call content code, which in turn can result in the registrations getting deleted. This commit moves the call outside the constructor, so the registration's creator has a chance to get a proper RefPtr to it. Differential Revision: https://phabricator.services.mozilla.com/D61706 --HG-- extra : moz-landing-system : lando --- dom/serviceworkers/ServiceWorkerRegistration.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/dom/serviceworkers/ServiceWorkerRegistration.cpp b/dom/serviceworkers/ServiceWorkerRegistration.cpp index 18b80aca5705..9d969fea6fc5 100644 --- a/dom/serviceworkers/ServiceWorkerRegistration.cpp +++ b/dom/serviceworkers/ServiceWorkerRegistration.cpp @@ -50,7 +50,6 @@ ServiceWorkerRegistration::ServiceWorkerRegistration( KeepAliveIfHasListenersFor(NS_LITERAL_STRING("updatefound")); - UpdateState(mDescriptor); mInner->SetServiceWorkerRegistration(this); } @@ -81,6 +80,10 @@ ServiceWorkerRegistration::CreateForMainThread( RefPtr registration = new ServiceWorkerRegistration(aWindow->AsGlobal(), aDescriptor, inner); + // This is not called from within the constructor, as it may call content code + // which can cause the deletion of the registration, so we need to keep a + // strong reference while calling it. + registration->UpdateState(aDescriptor); return registration.forget(); } @@ -104,6 +107,10 @@ ServiceWorkerRegistration::CreateForWorker( RefPtr registration = new ServiceWorkerRegistration(aGlobal, aDescriptor, inner); + // This is not called from within the constructor, as it may call content code + // which can cause the deletion of the registration, so we need to keep a + // strong reference while calling it. + registration->UpdateState(aDescriptor); return registration.forget(); }