diff options
| author | joth@chromium.org <joth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-07 21:18:40 +0000 |
|---|---|---|
| committer | joth@chromium.org <joth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-07 21:18:40 +0000 |
| commit | 9a9a6eb0d5e9522bb6bd5638958d50c841834b09 (patch) | |
| tree | cd44499c35fe750fee4431767f049295eda33a6a /content/child | |
| parent | 36ee5e1e77c00ea3fb3afcbd116d4cbe00506515 (diff) | |
| download | chromium_src-9a9a6eb0d5e9522bb6bd5638958d50c841834b09.zip chromium_src-9a9a6eb0d5e9522bb6bd5638958d50c841834b09.tar.gz chromium_src-9a9a6eb0d5e9522bb6bd5638958d50c841834b09.tar.bz2 | |
Fix a fd leak in NPChannelBase on Posix
NPChannelBase::GetChannel is leaking file descriptor when requesting
a channel_handle which has the same key of a previous request but
conveys a different fd, causing a "leak" of opened file descriptors
in the renderer.
This is not a huge deal for Chrome, in which the renderer processes
are typically short lived (fd cleanup is performed by the OS on
their termination), but can be a problem for WebView.
A known NPChannel client which is exhibiting the fd leak issue is
the JavaBridgeDispatcher.
BUG=b/11384229
Review URL: https://codereview.chromium.org/61893005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@233688 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/child')
| -rw-r--r-- | content/child/npapi/np_channel_base.cc | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/content/child/npapi/np_channel_base.cc b/content/child/npapi/np_channel_base.cc index 081910c..85ade5a 100644 --- a/content/child/npapi/np_channel_base.cc +++ b/content/child/npapi/np_channel_base.cc @@ -12,6 +12,7 @@ #include "ipc/ipc_sync_message.h" #if defined(OS_POSIX) +#include "base/file_util.h" #include "ipc/ipc_channel_posix.h" #endif @@ -63,6 +64,14 @@ NPChannelBase* NPChannelBase::GetChannel( const IPC::ChannelHandle& channel_handle, IPC::Channel::Mode mode, ChannelFactory factory, base::MessageLoopProxy* ipc_message_loop, bool create_pipe_now, base::WaitableEvent* shutdown_event) { +#if defined(OS_POSIX) + // On POSIX the channel_handle conveys an FD (socket) which is duped by the + // kernel during the IPC message exchange (via the SCM_RIGHTS mechanism). + // Ensure we do not leak this FD. + int fd = channel_handle.socket.auto_close ? channel_handle.socket.fd : -1; + file_util::ScopedFD auto_close_fd(&fd); +#endif + scoped_refptr<NPChannelBase> channel; std::string channel_key = channel_handle.name; ChannelMap::const_iterator iter = GetChannelMap()->find(channel_key); @@ -76,6 +85,9 @@ NPChannelBase* NPChannelBase::GetChannel( if (!channel->channel_valid()) { channel->channel_handle_ = channel_handle; +#if defined(OS_POSIX) + ignore_result(auto_close_fd.release()); +#endif if (mode & IPC::Channel::MODE_SERVER_FLAG) { channel->channel_handle_.name = IPC::Channel::GenerateVerifiedChannelID(channel_key); |