Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: avoid contextBridge crash when RenderFrame address is reused #21501

Merged
merged 2 commits into from Dec 13, 2019
Merged

fix: avoid contextBridge crash when RenderFrame address is reused #21501

merged 2 commits into from Dec 13, 2019

Conversation

loc
Copy link
Contributor

@loc loc commented Dec 13, 2019

Description of Change

Fix a crash that was happening because
a) the RenderFramePersistenceStore map was keyed on a pointer, which are not guaranteed to be unique in the process and
b) the RenderFramePersistanceStore was not removing itself from the map when it was released, causing a bad access exception.

h/t @nornagon for help debugging.

Checklist

Release Notes

Notes: Fixed contextBridge crash when opening and closing many windows.

@loc @nornagon
fix: avoid contextBridge crash when RenderFrame address is reused
a770b3e 
Co-Authored-By: Jeremy Apthorp <nornagon@nornagon.net>
@electron-cation electron-cation bot added the new-pr 🌱 PR opened in the last 24 hours label Dec 13, 2019
deepak1556
deepak1556 reviewed Dec 13, 2019
View reviewed changes
shell/renderer/api/atom_api_context_bridge.cc
context_bridge::RenderFramePersistenceStore* GetOrCreateStore(
content::RenderFrame* render_frame) {
auto it = GetStoreMap().find(render_frame);
if (it == GetStoreMap().end()) {
auto it = context_bridge::GetStoreMap().find(render_frame->GetRoutingID());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will there be a possibility of cross process access to this function ? GetRoutingID is not unique across processes.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@deepak1556 No, the bridge operates across two contexts in the same process

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for confirming.

@zcbenz zcbenz mentioned this pull request Dec 13, 2019
Merged
ckerr
ckerr reviewed Dec 13, 2019
View reviewed changes
shell/renderer/api/context_bridge/render_frame_context_bridge_store.h Outdated
@@ -58,11 +58,15 @@ class RenderFramePersistenceStore final : public content::RenderFrameObserver {
// proxy maps are weak globals, i.e. these are not retained beyond
// there normal JS lifetime. You must check IsEmpty()

int32_t routing_id_;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(nit) This is set in the constructor and never changes, so might as well be const

@MarshallOfSound MarshallOfSound merged commit 19cd8f3 into master Dec 13, 2019
@release-clerk
Copy link

release-clerk bot commented Dec 13, 2019

Release Notes Persisted

Fixed contextBridge crash when opening and closing many windows.

@MarshallOfSound MarshallOfSound deleted the loc/context-bridge-bad-access branch December 13, 2019 18:13
This was referenced Dec 13, 2019
Merged
Merged
@trop
Copy link
Contributor

trop bot commented Dec 13, 2019

I have automatically backported this PR to "8-x-y", please check out #21513

@trop
Copy link
Contributor

trop bot commented Dec 13, 2019

I have automatically backported this PR to "7-1-x", please check out #21514

@electron-cation electron-cation bot removed the new-pr 🌱 PR opened in the last 24 hours label Dec 16, 2019
@sofianguy sofianguy added this to Fixed in 8.0.0-beta.5 in 8.2.x Jan 14, 2020
@sofianguy sofianguy added this to Fixed in 7.1.5 in 7.2.x Jan 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ckerr ckerr ckerr left review comments

@MarshallOfSound MarshallOfSound MarshallOfSound approved these changes

@deepak1556 deepak1556 deepak1556 approved these changes

@nornagon nornagon Awaiting requested review from nornagon

Assignees
No one assigned
Labels
None yet
Projects
No open projects
7.2.x
Fixed in 7.1.5
8.2.x
Fixed in 8.0.0-beta.5
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@loc @ckerr @deepak1556 @MarshallOfSound