Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(186)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/dom/MessagePort.cpp

Issue 2546313003: M56: Messaging: Fix crash when MessagePort is closed while messages are queued (Closed)
Patch Set: Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/fast/workers/resources/close-context-messageport-crash-iframe.html ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/dom/MessagePort.cpp
diff --git a/third_party/WebKit/Source/core/dom/MessagePort.cpp b/third_party/WebKit/Source/core/dom/MessagePort.cpp
index f4293da4a21c47a8b903915210c05b63b82b243f..23183ae2752cb44b1a29eb5c76fb7ee56a4b2f2f 100644
--- a/third_party/WebKit/Source/core/dom/MessagePort.cpp
+++ b/third_party/WebKit/Source/core/dom/MessagePort.cpp
@@ -190,11 +190,6 @@ bool MessagePort::tryGetMessage(
}
void MessagePort::dispatchMessages() {
- // Because close() doesn't cancel any in flight calls to dispatchMessages() we
- // need to check if the port is still open before dispatch.
- if (m_closed)
- return;
-
// Messages for contexts that are not fully active get dispatched too, but
// JSAbstractEventListener::handleEvent() doesn't call handlers for these.
// The HTML5 spec specifies that any messages sent to a document that is not
@@ -202,14 +197,24 @@ void MessagePort::dispatchMessages() {
if (!started())
return;
- RefPtr<SerializedScriptValue> message;
- std::unique_ptr<MessagePortChannelArray> channels;
- while (tryGetMessage(message, channels)) {
- // close() in Worker onmessage handler should prevent next message from
- // dispatching.
+ while (true) {
+ // Because close() doesn't cancel any in flight calls to dispatchMessages(),
+ // and can be triggered by the onmessage event handler, we need to check if
+ // the port is still open before each dispatch.
+ if (m_closed)
+ break;
+
+ // WorkerGlobalScope::close() in Worker onmessage handler should prevent
+ // the next message from dispatching.
if (getExecutionContext()->isWorkerGlobalScope() &&
- toWorkerGlobalScope(getExecutionContext())->isClosing())
- return;
+ toWorkerGlobalScope(getExecutionContext())->isClosing()) {
+ break;
+ }
+
+ RefPtr<SerializedScriptValue> message;
+ std::unique_ptr<MessagePortChannelArray> channels;
+ if (!tryGetMessage(message, channels))
+ break;
MessagePortArray* ports =
MessagePort::entanglePorts(*getExecutionContext(), std::move(channels));
« no previous file with comments | « third_party/WebKit/LayoutTests/fast/workers/resources/close-context-messageport-crash-iframe.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698