Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: avoid contextBridge double free on garbage collection #21592

Merged
merged 2 commits into from Jan 10, 2020
Merged

fix: avoid contextBridge double free on garbage collection #21592

merged 2 commits into from Jan 10, 2020

Conversation

loc
Copy link
Contributor

@loc loc commented Dec 20, 2019

Description of Change

Speculatively fix a crash in contextBridge. Because the elements in the hash-collided linked list are each subject to an object life monitor, they will free themselves. So it's redundant (and crash-y) to free next in the destructor.

Additionally, while we're at it, correct the pointer resetting of the linked list shuffling in the destructor.

Checklist

Release Notes

Notes: Fixed a crash in contextBridge that happens on garbage collection

@electron-cation electron-cation bot added the new-pr 🌱 PR opened in the last 24 hours label Dec 20, 2019
nornagon
nornagon reviewed Dec 20, 2019
View reviewed changes
shell/renderer/api/context_bridge/render_frame_context_bridge_store.cc
@@ -76,11 +78,7 @@ WeakGlobalPairNode::WeakGlobalPairNode(WeakGlobalPair pair) {
this->pair = std::move(pair);
}

WeakGlobalPairNode::~WeakGlobalPairNode() {
if (next) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how... was this ever sensible?

cc @MarshallOfSound

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think past me reasoned that deleting the head of a list should delete everything in the list without thinking about how this particular linked list was being used

@electron-cation electron-cation bot removed the new-pr 🌱 PR opened in the last 24 hours label Dec 21, 2019
@MarshallOfSound MarshallOfSound merged commit 301bd8a into master Jan 10, 2020
@release-clerk
Copy link

release-clerk bot commented Jan 10, 2020

Release Notes Persisted

Fixed a crash in contextBridge that happens on garbage collection

@MarshallOfSound MarshallOfSound deleted the loc/context-bridge-double-free branch January 10, 2020 23:59
This was referenced Jan 11, 2020
Merged
Merged
@trop
Copy link
Contributor

trop bot commented Jan 11, 2020

I have automatically backported this PR to "8-x-y", please check out #21735

@trop trop bot removed the target/8-x-y label Jan 11, 2020
@trop
Copy link
Contributor

trop bot commented Jan 11, 2020

I have automatically backported this PR to "7-1-x", please check out #21736

@sofianguy sofianguy added this to Fixed in 8.0.0-beta.6 in 8.2.x Jan 14, 2020
@sofianguy sofianguy added this to Fixed in 7.1.9 in 7.2.x Jan 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nornagon nornagon nornagon approved these changes

@MarshallOfSound MarshallOfSound MarshallOfSound approved these changes

Assignees
No one assigned
Labels
None yet
Projects
No open projects
7.2.x
Fixed in 7.1.9
8.2.x
Fixed in 8.0.0-beta.6
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@loc @nornagon @MarshallOfSound