From a3f8e98b75d1eb7d2c4483b099bfc9193c82032a Mon Sep 17 00:00:00 2001 From: Patrick Wang Date: Fri, 9 Nov 2012 22:09:24 -0800 Subject: [PATCH] Bug 806625 - Check if TabParent is destroyed before sending IPC message. r=cjones --- dom/ipc/TabParent.cpp | 73 ++++++++++++++++++++++++++++++++++++------- dom/ipc/TabParent.h | 3 ++ 2 files changed, 65 insertions(+), 11 deletions(-) diff --git a/dom/ipc/TabParent.cpp b/dom/ipc/TabParent.cpp index 475fce2ba91..4285e1f212a 100644 --- a/dom/ipc/TabParent.cpp +++ b/dom/ipc/TabParent.cpp @@ -86,6 +86,7 @@ TabParent::TabParent(const TabContext& aContext) , mDimensions(0, 0) , mDPI(0) , mShown(false) + , mIsDestroyed(false) { } @@ -103,6 +104,10 @@ TabParent::SetOwnerElement(nsIDOMElement* aElement) void TabParent::Destroy() { + if (mIsDestroyed) { + return; + } + // If this fails, it's most likely due to a content-process crash, // and auto-cleanup will kick in. Otherwise, the child side will // destroy itself and send back __delete__(). @@ -117,6 +122,7 @@ TabParent::Destroy() if (RenderFrameParent* frame = GetRenderFrame()) { frame->Destroy(); } + mIsDestroyed = true; } bool @@ -214,6 +220,9 @@ TabParent::AnswerCreateWindow(PBrowserParent** retval) void TabParent::LoadURL(nsIURI* aURI) { + if (mIsDestroyed) { + return; + } if (!mShown) { nsAutoCString spec; if (aURI) { @@ -236,12 +245,17 @@ TabParent::Show(const nsIntSize& size) // sigh mShown = true; mDimensions = size; - unused << SendShow(size); + if (!mIsDestroyed) { + unused << SendShow(size); + } } void TabParent::UpdateDimensions(const nsRect& rect, const nsIntSize& size) { + if (mIsDestroyed) { + return; + } unused << SendUpdateDimensions(rect, size); if (RenderFrameParent* rfp = GetRenderFrame()) { rfp->NotifyDimensionsChanged(size.width, size.height); @@ -252,34 +266,46 @@ TabParent::UpdateDimensions(const nsRect& rect, const nsIntSize& size) void TabParent::UpdateFrame(const FrameMetrics& aFrameMetrics) { - unused << SendUpdateFrame(aFrameMetrics); + if (!mIsDestroyed) { + unused << SendUpdateFrame(aFrameMetrics); + } } void TabParent::HandleDoubleTap(const nsIntPoint& aPoint) { - unused << SendHandleDoubleTap(aPoint); + if (!mIsDestroyed) { + unused << SendHandleDoubleTap(aPoint); + } } void TabParent::HandleSingleTap(const nsIntPoint& aPoint) { - unused << SendHandleSingleTap(aPoint); + if (!mIsDestroyed) { + unused << SendHandleSingleTap(aPoint); + } } void TabParent::HandleLongTap(const nsIntPoint& aPoint) { - unused << SendHandleLongTap(aPoint); + if (!mIsDestroyed) { + unused << SendHandleLongTap(aPoint); + } } void TabParent::Activate() { + if (!mIsDestroyed) { unused << SendActivate(); + } } void TabParent::Deactivate() { - unused << SendDeactivate(); + if (!mIsDestroyed) { + unused << SendDeactivate(); + } } NS_IMETHODIMP @@ -340,9 +366,11 @@ TabParent::SendMouseEvent(const nsAString& aType, float aX, float aY, int32_t aButton, int32_t aClickCount, int32_t aModifiers, bool aIgnoreRootScrollFrame) { - unused << PBrowserParent::SendMouseEvent(nsString(aType), aX, aY, - aButton, aClickCount, - aModifiers, aIgnoreRootScrollFrame); + if (!mIsDestroyed) { + unused << PBrowserParent::SendMouseEvent(nsString(aType), aX, aY, + aButton, aClickCount, + aModifiers, aIgnoreRootScrollFrame); + } } void @@ -352,12 +380,17 @@ TabParent::SendKeyEvent(const nsAString& aType, int32_t aModifiers, bool aPreventDefault) { - unused << PBrowserParent::SendKeyEvent(nsString(aType), aKeyCode, aCharCode, - aModifiers, aPreventDefault); + if (!mIsDestroyed) { + unused << PBrowserParent::SendKeyEvent(nsString(aType), aKeyCode, aCharCode, + aModifiers, aPreventDefault); + } } bool TabParent::SendRealMouseEvent(nsMouseEvent& event) { + if (mIsDestroyed) { + return false; + } nsMouseEvent e(event); MaybeForwardEventToRenderFrame(event, &e); return PBrowserParent::SendRealMouseEvent(e); @@ -365,6 +398,9 @@ bool TabParent::SendRealMouseEvent(nsMouseEvent& event) bool TabParent::SendMouseWheelEvent(WheelEvent& event) { + if (mIsDestroyed) { + return false; + } WheelEvent e(event); MaybeForwardEventToRenderFrame(event, &e); return PBrowserParent::SendMouseWheelEvent(event); @@ -372,6 +408,9 @@ bool TabParent::SendMouseWheelEvent(WheelEvent& event) bool TabParent::SendRealKeyEvent(nsKeyEvent& event) { + if (mIsDestroyed) { + return false; + } nsKeyEvent e(event); MaybeForwardEventToRenderFrame(event, &e); return PBrowserParent::SendRealKeyEvent(e); @@ -379,6 +418,9 @@ bool TabParent::SendRealKeyEvent(nsKeyEvent& event) bool TabParent::SendRealTouchEvent(nsTouchEvent& event) { + if (mIsDestroyed) { + return false; + } if (event.message == NS_TOUCH_START) { MOZ_ASSERT((!sEventCapturer && mEventCaptureDepth == 0) || (sEventCapturer == this && mEventCaptureDepth > 0)); @@ -647,6 +689,9 @@ TabParent::HandleQueryContentEvent(nsQueryContentEvent& aEvent) bool TabParent::SendCompositionEvent(nsCompositionEvent& event) { + if (mIsDestroyed) { + return false; + } mIMEComposing = event.message != NS_COMPOSITION_END; mIMECompositionStart = NS_MIN(mIMESelectionAnchor, mIMESelectionFocus); if (mIMECompositionEnding) @@ -665,6 +710,9 @@ TabParent::SendCompositionEvent(nsCompositionEvent& event) bool TabParent::SendTextEvent(nsTextEvent& event) { + if (mIsDestroyed) { + return false; + } if (mIMECompositionEnding) { mIMECompositionText = event.theText; return true; @@ -685,6 +733,9 @@ TabParent::SendTextEvent(nsTextEvent& event) bool TabParent::SendSelectionEvent(nsSelectionEvent& event) { + if (mIsDestroyed) { + return false; + } mIMESelectionAnchor = event.mOffset + (event.mReversed ? event.mLength : 0); mIMESelectionFocus = event.mOffset + (!event.mReversed ? event.mLength : 0); event.seqno = ++mIMESeqno; diff --git a/dom/ipc/TabParent.h b/dom/ipc/TabParent.h index eef891e11f3..7f54e277ed2 100644 --- a/dom/ipc/TabParent.h +++ b/dom/ipc/TabParent.h @@ -296,6 +296,9 @@ private: // dispatch to content. void MaybeForwardEventToRenderFrame(const nsInputEvent& aEvent, nsInputEvent* aOutEvent); + // When true, the TabParent is invalid and we should not send IPC messages + // anymore. + bool mIsDestroyed; }; } // namespace dom