From dd0e3148bc8c71bd2102b3bd68a5ff6f972d8f72 Mon Sep 17 00:00:00 2001 From: Nika Layzell Date: Mon, 9 Sep 2019 12:04:13 +0000 Subject: [PATCH] Bug 1579437 - Check for discarded BrowsingContext in more places, r=farre Differential Revision: https://phabricator.services.mozilla.com/D45088 --HG-- extra : moz-landing-system : lando --- docshell/base/BrowsingContext.cpp | 9 ++++++++- docshell/base/BrowsingContext.h | 4 +++- dom/media/mediacontrol/MediaControlUtils.h | 6 +++--- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/docshell/base/BrowsingContext.cpp b/docshell/base/BrowsingContext.cpp index 68a07b1c1dc4..577ebb6eddab 100644 --- a/docshell/base/BrowsingContext.cpp +++ b/docshell/base/BrowsingContext.cpp @@ -945,7 +945,12 @@ void BrowsingContext::PostMessageMoz(JSContext* aCx, aSubjectPrincipal, aError); } -void BrowsingContext::Transaction::Commit(BrowsingContext* aBrowsingContext) { +nsresult BrowsingContext::Transaction::Commit( + BrowsingContext* aBrowsingContext) { + if (NS_WARN_IF(aBrowsingContext->IsDiscarded())) { + return NS_ERROR_FAILURE; + } + if (!Validate(aBrowsingContext, nullptr)) { MOZ_CRASH("Cannot commit invalid BrowsingContext transaction"); } @@ -973,7 +978,9 @@ void BrowsingContext::Transaction::Commit(BrowsingContext* aBrowsingContext) { } Apply(aBrowsingContext); + return NS_OK; } + bool BrowsingContext::Transaction::Validate(BrowsingContext* aBrowsingContext, ContentParent* aSource) { #define MOZ_BC_FIELD(name, ...) \ diff --git a/docshell/base/BrowsingContext.h b/docshell/base/BrowsingContext.h index cf49ace715f6..faedaed2cb3e 100644 --- a/docshell/base/BrowsingContext.h +++ b/docshell/base/BrowsingContext.h @@ -357,8 +357,10 @@ class BrowsingContext : public nsWrapperCache, public BrowsingContextBase { // in all processes. This method will call the correct `MaySet` and // `DidSet` methods, as well as move the value. // + // If the target has been discarded, changes will be ignored. + // // NOTE: This method mutates `this`, resetting all members to `Nothing()` - void Commit(BrowsingContext* aOwner); + nsresult Commit(BrowsingContext* aOwner); // This method should be called before invoking `Apply` on this transaction // object. diff --git a/dom/media/mediacontrol/MediaControlUtils.h b/dom/media/mediacontrol/MediaControlUtils.h index c655e80b06b9..b738dec742c6 100644 --- a/dom/media/mediacontrol/MediaControlUtils.h +++ b/dom/media/mediacontrol/MediaControlUtils.h @@ -63,7 +63,7 @@ const char* ToMediaControlActionsStr( void NotifyMediaStarted(uint64_t aWindowID) { RefPtr bc = GetBrowingContextByWindowID(aWindowID); - if (!bc) { + if (!bc || bc->IsDiscarded()) { return; } LOG("Notify media started in BC %" PRId64, bc->Id()); @@ -73,7 +73,7 @@ void NotifyMediaStarted(uint64_t aWindowID) { void NotifyMediaStopped(uint64_t aWindowID) { RefPtr bc = GetBrowingContextByWindowID(aWindowID); - if (!bc) { + if (!bc || bc->IsDiscarded()) { return; } LOG("Notify media stopped in BC %" PRId64, bc->Id()); @@ -83,7 +83,7 @@ void NotifyMediaStopped(uint64_t aWindowID) { void NotifyMediaAudibleChanged(uint64_t aWindowID, bool aAudible) { RefPtr bc = GetBrowingContextByWindowID(aWindowID); - if (!bc) { + if (!bc || bc->IsDiscarded()) { return; } LOG("Notify media became %s in BC %" PRId64,