diff options
Diffstat (limited to 'dom/clients/manager/ClientSourceParent.cpp')
-rw-r--r-- | dom/clients/manager/ClientSourceParent.cpp | 67 |
1 files changed, 6 insertions, 61 deletions
diff --git a/dom/clients/manager/ClientSourceParent.cpp b/dom/clients/manager/ClientSourceParent.cpp index 8364871cd4..e2c02c0bfd 100644 --- a/dom/clients/manager/ClientSourceParent.cpp +++ b/dom/clients/manager/ClientSourceParent.cpp @@ -26,60 +26,6 @@ using mozilla::ipc::BackgroundParent; using mozilla::ipc::IPCResult; using mozilla::ipc::PrincipalInfo; -namespace { - -// It would be nice to use a lambda instead of this class, but we cannot -// move capture in lambdas yet and ContentParent cannot be AddRef'd off -// the main thread. -class KillContentParentRunnable final : public Runnable { - RefPtr<ThreadsafeContentParentHandle> mHandle; - - public: - explicit KillContentParentRunnable( - RefPtr<ThreadsafeContentParentHandle>&& aHandle) - : Runnable("KillContentParentRunnable"), mHandle(std::move(aHandle)) { - MOZ_ASSERT(mHandle); - } - - NS_IMETHOD - Run() override { - AssertIsOnMainThread(); - if (RefPtr<ContentParent> contentParent = mHandle->GetContentParent()) { - contentParent->KillHard("invalid ClientSourceParent actor"); - } - return NS_OK; - } -}; - -} // anonymous namespace - -void ClientSourceParent::KillInvalidChild() { - // Try to get the content process before we destroy the actor below. - RefPtr<ThreadsafeContentParentHandle> process = - BackgroundParent::GetContentParentHandle(Manager()->Manager()); - - // First, immediately teardown the ClientSource actor. No matter what - // we want to start this process as soon as possible. - Unused << ClientSourceParent::Send__delete__(this); - - // If we are running in non-e10s, then there is nothing else to do here. - // There is no child process and we don't want to crash the entire browser - // in release builds. In general, though, this should not happen in non-e10s - // so we do assert this condition. - if (!process) { - MOZ_DIAGNOSTIC_ASSERT(false, "invalid ClientSourceParent in non-e10s"); - return; - } - - // In e10s mode we also want to kill the child process. Validation failures - // typically mean someone sent us bogus data over the IPC link. We can't - // trust that process any more. We have to do this on the main thread, so - // there is a small window of time before we kill the process. This is why - // we start the actor destruction immediately above. - nsCOMPtr<nsIRunnable> r = new KillContentParentRunnable(std::move(process)); - MOZ_ALWAYS_SUCCEEDS(SchedulerGroup::Dispatch(r.forget())); -} - mozilla::ipc::IPCResult ClientSourceParent::RecvWorkerSyncPing() { AssertIsOnBackgroundThread(); // Do nothing here. This is purely a sync message allowing the child to @@ -98,8 +44,7 @@ IPCResult ClientSourceParent::RecvExecutionReady( // to make sure the child actor is not giving us garbage. Since we validate // on the child side as well we treat a failure here as fatal. if (!ClientIsValidCreationURL(mClientInfo.PrincipalInfo(), aArgs.url())) { - KillInvalidChild(); - return IPC_OK(); + return IPC_FAIL(this, "Invalid creation URL!"); } mClientInfo.SetURL(aArgs.url()); @@ -216,23 +161,23 @@ ClientSourceParent::~ClientSourceParent() { mExecutionReadyPromise.RejectIfExists(NS_ERROR_FAILURE, __func__); } -void ClientSourceParent::Init() { +IPCResult ClientSourceParent::Init() { // Ensure the principal is reasonable before adding ourself to the service. // Since we validate the principal on the child side as well, any failure // here is treated as fatal. if (NS_WARN_IF(!ClientIsValidPrincipalInfo(mClientInfo.PrincipalInfo()))) { mService->ForgetFutureSource(mClientInfo.ToIPC()); - KillInvalidChild(); - return; + return IPC_FAIL(Manager(), "Invalid PrincipalInfo!"); } // Its possible for AddSource() to fail if there is already an entry for // our UUID. This should not normally happen, but could if someone is // spoofing IPC messages. if (NS_WARN_IF(!mService->AddSource(this))) { - KillInvalidChild(); - return; + return IPC_FAIL(Manager(), "Already registered!"); } + + return IPC_OK(); } const ClientInfo& ClientSourceParent::Info() const { return mClientInfo; } |