diff options
author | Luis Hector Chavez <lhchavez@google.com> | 2018-05-23 07:04:29 -0700 |
---|---|---|
committer | Treehugger Robot <treehugger-gerrit@google.com> | 2018-05-30 17:20:22 +0000 |
commit | 0c4351892b6ce29a34474b164d301cae78d6c0ac (patch) | |
tree | 376ab3ab225dccdecffc487c092f228163f0375b | |
parent | d973b822b933d740467c358dbf90ec277c6abe8b (diff) | |
download | libchrome-0c4351892b6ce29a34474b164d301cae78d6c0ac.tar.gz |
[mojo]: Avoid a crash when NodeController pending invitations diverge
This change avoids a crash when NodeController::pending_broker_clients_
and NodeController::pending_invitations_ diverge. This might happen with
complex enough node topologies, where there is a node that proxies
invitations to a set of other nodes.
Bug: 62219143
Test: ARC still boots
Change-Id: Ia678f464fafb69628600ec00dac19da3b6868fe0
Reviewed-on: https://chromium-review.googlesource.com/1069728
Reviewed-by: Ken Rockot <rockot@chromium.org>
Commit-Queue: Luis Hector Chavez <lhchavez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#560857}
(cherry picked from commit 30a0b449c8f7036c300d808db96b391220b7698f)
-rw-r--r-- | libchrome_tools/patch/mojo-Avoid-a-crash-when-NodeController-pending-invit.patch | 44 | ||||
-rw-r--r-- | mojo/edk/system/node_controller.cc | 9 |
2 files changed, 51 insertions, 2 deletions
diff --git a/libchrome_tools/patch/mojo-Avoid-a-crash-when-NodeController-pending-invit.patch b/libchrome_tools/patch/mojo-Avoid-a-crash-when-NodeController-pending-invit.patch new file mode 100644 index 0000000000..082d17eba6 --- /dev/null +++ b/libchrome_tools/patch/mojo-Avoid-a-crash-when-NodeController-pending-invit.patch @@ -0,0 +1,44 @@ +From 30a0b449c8f7036c300d808db96b391220b7698f Mon Sep 17 00:00:00 2001 +From: Luis Hector Chavez <lhchavez@google.com> +Date: Wed, 23 May 2018 00:39:19 +0000 +Subject: [PATCH] [mojo]: Avoid a crash when NodeController pending invitations + diverge + +This change avoids a crash when NodeController::pending_broker_clients_ +and NodeController::pending_invitations_ diverge. This might happen with +complex enough node topologies, where there is a node that proxies +invitations to a set of other nodes. + +BUG=845709 + +Change-Id: Ia678f464fafb69628600ec00dac19da3b6868fe0 +Reviewed-on: https://chromium-review.googlesource.com/1069728 +Reviewed-by: Ken Rockot <rockot@chromium.org> +Commit-Queue: Luis Hector Chavez <lhchavez@chromium.org> +Cr-Commit-Position: refs/heads/master@{#560857} +--- + mojo/edk/system/node_controller.cc | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/mojo/edk/system/node_controller.cc b/mojo/edk/system/node_controller.cc +index 73b16b1..e608f0c 100644 +--- a/mojo/edk/system/node_controller.cc ++++ b/mojo/edk/system/node_controller.cc +@@ -1102,8 +1102,13 @@ void NodeController::OnAcceptBrokerClient(const ports::NodeName& from_node, + while (!pending_broker_clients.empty()) { + const ports::NodeName& child_name = pending_broker_clients.front(); + auto it = pending_children_.find(child_name); +- DCHECK(it != pending_children_.end()); +- broker->AddBrokerClient(child_name, it->second->CopyRemoteProcessHandle()); ++ // If for any reason we don't have a pending invitation for the invitee, ++ // there's nothing left to do: we've already swapped the relevant state into ++ // the stack. ++ if (it != pending_children_.end()) { ++ broker->AddBrokerClient(child_name, ++ it->second->CopyRemoteProcessHandle()); ++ } + pending_broker_clients.pop(); + } + +-- +2.17.0.921.gf22659ad46-goog diff --git a/mojo/edk/system/node_controller.cc b/mojo/edk/system/node_controller.cc index 73b16b14ae..e608f0c009 100644 --- a/mojo/edk/system/node_controller.cc +++ b/mojo/edk/system/node_controller.cc @@ -1102,8 +1102,13 @@ void NodeController::OnAcceptBrokerClient(const ports::NodeName& from_node, while (!pending_broker_clients.empty()) { const ports::NodeName& child_name = pending_broker_clients.front(); auto it = pending_children_.find(child_name); - DCHECK(it != pending_children_.end()); - broker->AddBrokerClient(child_name, it->second->CopyRemoteProcessHandle()); + // If for any reason we don't have a pending invitation for the invitee, + // there's nothing left to do: we've already swapped the relevant state into + // the stack. + if (it != pending_children_.end()) { + broker->AddBrokerClient(child_name, + it->second->CopyRemoteProcessHandle()); + } pending_broker_clients.pop(); } |