Skip to content

Commit ccf8a79

Browse files
trop[bot]codebytere
trop[bot]
authored and
codebytere
committed
fix: use OS process handle to clear object registry (electron#14364)
RenderProcessHost switch can happen between ipc calls when speculative process are invvolved, which will lead to deletion of entries on current context. Use OS process handles to uniquely associate a destruction handler for a render process.
1 parent 3301e05 commit ccf8a79

File tree

4 files changed

+10
-7
lines changed

4 files changed

+10
-7
lines changed

atom/browser/api/atom_api_web_contents.cc

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -766,7 +766,8 @@ void WebContents::RenderViewCreated(content::RenderViewHost* render_view_host) {
766766
}
767767

768768
void WebContents::RenderViewDeleted(content::RenderViewHost* render_view_host) {
769-
Emit("render-view-deleted", render_view_host->GetProcess()->GetID());
769+
Emit("render-view-deleted", render_view_host->GetProcess()->GetID(),
770+
base::GetProcId(render_view_host->GetProcess()->GetHandle()));
770771
}
771772

772773
void WebContents::RenderProcessGone(base::TerminationStatus status) {

atom/renderer/renderer_client_base.cc

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
#include "atom/renderer/content_settings_observer.h"
1717
#include "atom/renderer/preferences_manager.h"
1818
#include "base/command_line.h"
19-
#include "base/process/process_handle.h"
19+
#include "base/process/process.h"
2020
#include "base/strings/string_split.h"
2121
#include "base/strings/stringprintf.h"
2222
#include "chrome/renderer/media/chrome_key_systems.h"
@@ -94,7 +94,8 @@ void RendererClientBase::DidCreateScriptContext(
9494
content::RenderFrame* render_frame) {
9595
// global.setHidden("contextId", `${processId}-${++nextContextId}`)
9696
std::string context_id = base::StringPrintf(
97-
"%" CrPRIdPid "-%d", base::GetCurrentProcId(), ++next_context_id_);
97+
"%" CrPRIdPid "-%d", base::GetProcId(base::Process::Current().Handle()),
98+
++next_context_id_);
9899
v8::Isolate* isolate = context->GetIsolate();
99100
v8::Local<v8::String> key = mate::StringToSymbol(isolate, "contextId");
100101
v8::Local<v8::Private> private_key = v8::Private::ForApi(isolate, key);

lib/browser/objects-registry.js

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -98,9 +98,10 @@ class ObjectsRegistry {
9898

9999
// Private: Clear the storage when renderer process is destoryed.
100100
registerDeleteListener (webContents, contextId) {
101-
const processId = webContents.getProcessId()
102-
const listener = (event, deletedProcessId) => {
103-
if (deletedProcessId === processId) {
101+
// contextId => ${OSProcessId}-${contextCount}
102+
const OSProcessId = contextId.split('-')[0]
103+
const listener = (event, deletedProcessId, deletedOSProcessId) => {
104+
if (deletedOSProcessId && deletedOSProcessId.toString() === OSProcessId) {
104105
webContents.removeListener('render-view-deleted', listener)
105106
this.clear(webContents, contextId)
106107
}

spec/fixtures/api/render-view-deleted.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
}
1818

1919
// This should trigger a dereference and a remote getURL call should fail
20-
contents.emit('render-view-deleted', {}, contents.getProcessId())
20+
contents.emit('render-view-deleted', {}, '', contents.getOSProcessId())
2121
try {
2222
contents.getURL()
2323
ipcRenderer.send('error-message', 'No error thrown')

0 commit comments

Comments
 (0)