Bug 1064529 - Don't misuse invalid ipc::FileDescriptor in memory report requests. r=njn

This commit is contained in:
Jed Davis 2014-09-18 17:59:00 +02:00
parent 8b8b87c506
commit 1149458fa3
5 changed files with 19 additions and 12 deletions

View File

@ -202,7 +202,7 @@ public:
NS_DECL_ISUPPORTS NS_DECL_ISUPPORTS
MemoryReportRequestChild(uint32_t aGeneration, bool aAnonymize, MemoryReportRequestChild(uint32_t aGeneration, bool aAnonymize,
const FileDescriptor& aDMDFile); const MaybeFileDesc& aDMDFile);
NS_IMETHOD Run(); NS_IMETHOD Run();
private: private:
virtual ~MemoryReportRequestChild(); virtual ~MemoryReportRequestChild();
@ -215,11 +215,13 @@ private:
NS_IMPL_ISUPPORTS(MemoryReportRequestChild, nsIRunnable) NS_IMPL_ISUPPORTS(MemoryReportRequestChild, nsIRunnable)
MemoryReportRequestChild::MemoryReportRequestChild( MemoryReportRequestChild::MemoryReportRequestChild(
uint32_t aGeneration, bool aAnonymize, const FileDescriptor& aDMDFile) uint32_t aGeneration, bool aAnonymize, const MaybeFileDesc& aDMDFile)
: mGeneration(aGeneration), mAnonymize(aAnonymize), : mGeneration(aGeneration), mAnonymize(aAnonymize)
mDMDFile(aDMDFile)
{ {
MOZ_COUNT_CTOR(MemoryReportRequestChild); MOZ_COUNT_CTOR(MemoryReportRequestChild);
if (aDMDFile.type() == MaybeFileDesc::TFileDescriptor) {
mDMDFile = aDMDFile.get_FileDescriptor();
}
} }
MemoryReportRequestChild::~MemoryReportRequestChild() MemoryReportRequestChild::~MemoryReportRequestChild()
@ -707,7 +709,7 @@ PMemoryReportRequestChild*
ContentChild::AllocPMemoryReportRequestChild(const uint32_t& aGeneration, ContentChild::AllocPMemoryReportRequestChild(const uint32_t& aGeneration,
const bool &aAnonymize, const bool &aAnonymize,
const bool &aMinimizeMemoryUsage, const bool &aMinimizeMemoryUsage,
const FileDescriptor& aDMDFile) const MaybeFileDesc& aDMDFile)
{ {
MemoryReportRequestChild *actor = MemoryReportRequestChild *actor =
new MemoryReportRequestChild(aGeneration, aAnonymize, aDMDFile); new MemoryReportRequestChild(aGeneration, aAnonymize, aDMDFile);
@ -765,7 +767,7 @@ ContentChild::RecvPMemoryReportRequestConstructor(
const uint32_t& aGeneration, const uint32_t& aGeneration,
const bool& aAnonymize, const bool& aAnonymize,
const bool& aMinimizeMemoryUsage, const bool& aMinimizeMemoryUsage,
const FileDescriptor& aDMDFile) const MaybeFileDesc& aDMDFile)
{ {
MemoryReportRequestChild *actor = MemoryReportRequestChild *actor =
static_cast<MemoryReportRequestChild*>(aChild); static_cast<MemoryReportRequestChild*>(aChild);

View File

@ -161,7 +161,7 @@ public:
AllocPMemoryReportRequestChild(const uint32_t& aGeneration, AllocPMemoryReportRequestChild(const uint32_t& aGeneration,
const bool& aAnonymize, const bool& aAnonymize,
const bool& aMinimizeMemoryUsage, const bool& aMinimizeMemoryUsage,
const FileDescriptor& aDMDFile) MOZ_OVERRIDE; const MaybeFileDesc& aDMDFile) MOZ_OVERRIDE;
virtual bool virtual bool
DeallocPMemoryReportRequestChild(PMemoryReportRequestChild* actor) MOZ_OVERRIDE; DeallocPMemoryReportRequestChild(PMemoryReportRequestChild* actor) MOZ_OVERRIDE;
@ -170,7 +170,7 @@ public:
const uint32_t& aGeneration, const uint32_t& aGeneration,
const bool& aAnonymize, const bool& aAnonymize,
const bool &aMinimizeMemoryUsage, const bool &aMinimizeMemoryUsage,
const FileDescriptor &aDMDFile) MOZ_OVERRIDE; const MaybeFileDesc &aDMDFile) MOZ_OVERRIDE;
virtual PCycleCollectWithLogsChild* virtual PCycleCollectWithLogsChild*
AllocPCycleCollectWithLogsChild(const bool& aDumpAllTraces, AllocPCycleCollectWithLogsChild(const bool& aDumpAllTraces,

View File

@ -2596,7 +2596,7 @@ ContentParent::Observe(nsISupports* aSubject,
// The pre-%n part of the string should be all ASCII, so the byte // The pre-%n part of the string should be all ASCII, so the byte
// offset in identOffset should be correct as a char offset. // offset in identOffset should be correct as a char offset.
MOZ_ASSERT(cmsg[identOffset - 1] == '='); MOZ_ASSERT(cmsg[identOffset - 1] == '=');
FileDescriptor dmdFileDesc; MaybeFileDesc dmdFileDesc = void_t();
#ifdef MOZ_DMD #ifdef MOZ_DMD
nsAutoString dmdIdent(Substring(msg, identOffset)); nsAutoString dmdIdent(Substring(msg, identOffset));
if (!dmdIdent.IsEmpty()) { if (!dmdIdent.IsEmpty()) {
@ -2984,7 +2984,7 @@ PMemoryReportRequestParent*
ContentParent::AllocPMemoryReportRequestParent(const uint32_t& aGeneration, ContentParent::AllocPMemoryReportRequestParent(const uint32_t& aGeneration,
const bool &aAnonymize, const bool &aAnonymize,
const bool &aMinimizeMemoryUsage, const bool &aMinimizeMemoryUsage,
const FileDescriptor &aDMDFile) const MaybeFileDesc &aDMDFile)
{ {
MemoryReportRequestParent* parent = new MemoryReportRequestParent(); MemoryReportRequestParent* parent = new MemoryReportRequestParent();
return parent; return parent;

View File

@ -455,7 +455,7 @@ private:
AllocPMemoryReportRequestParent(const uint32_t& aGeneration, AllocPMemoryReportRequestParent(const uint32_t& aGeneration,
const bool &aAnonymize, const bool &aAnonymize,
const bool &aMinimizeMemoryUsage, const bool &aMinimizeMemoryUsage,
const FileDescriptor &aDMDFile) MOZ_OVERRIDE; const MaybeFileDesc &aDMDFile) MOZ_OVERRIDE;
virtual bool DeallocPMemoryReportRequestParent(PMemoryReportRequestParent* actor) MOZ_OVERRIDE; virtual bool DeallocPMemoryReportRequestParent(PMemoryReportRequestParent* actor) MOZ_OVERRIDE;
virtual PCycleCollectWithLogsParent* virtual PCycleCollectWithLogsParent*

View File

@ -303,6 +303,11 @@ struct VolumeInfo {
bool isFake; bool isFake;
}; };
union MaybeFileDesc {
FileDescriptor;
void_t;
};
intr protocol PContent intr protocol PContent
{ {
parent opens PCompositor; parent opens PCompositor;
@ -377,7 +382,7 @@ child:
async SetProcessSandbox(); async SetProcessSandbox();
PMemoryReportRequest(uint32_t generation, bool anonymize, PMemoryReportRequest(uint32_t generation, bool anonymize,
bool minimizeMemoryUsage, FileDescriptor DMDFile); bool minimizeMemoryUsage, MaybeFileDesc DMDFile);
/** /**
* Notify the AudioChannelService in the child processes. * Notify the AudioChannelService in the child processes.