diff options
author | dmichael@chromium.org <dmichael@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-11 10:59:04 +0000 |
---|---|---|
committer | dmichael@chromium.org <dmichael@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-11 10:59:04 +0000 |
commit | e3a89a5d24cd86c3ed3e6cf3a182fd1bdb9fc855 (patch) | |
tree | c82ce6f581e39779052086ef3d7efdf9c581ad72 /ipc/ipc_channel_proxy.h | |
parent | c6fe36be35540c722cd7d1778272d1f27b4c82ae (diff) | |
download | chromium_src-e3a89a5d24cd86c3ed3e6cf3a182fd1bdb9fc855.zip chromium_src-e3a89a5d24cd86c3ed3e6cf3a182fd1bdb9fc855.tar.gz chromium_src-e3a89a5d24cd86c3ed3e6cf3a182fd1bdb9fc855.tar.bz2 |
Eliminate a potential race in IPC::ChannelProxy
Doing the following steps with ChannelProxy leads to a data race:
1) Create the ChannelProxy, but don't initialize it.
2) Add a filter.
3) Init the ChannelProxy.
The problem is, AddFilter() posts a task from the Listener thread to the IPC task runner to do OnAddFilter. Prior to this patch, OnAddFilter will try to read channel_ even though channel_ may not have been initialized, and it's accessed without any synchronization.
This patch only really adds the filter if peer_pid_ has been set on the IPC::Channel thread; otherwise, it waits until the connection has been established to really add filters.
See the bug for more detail.
BUG=244383
Review URL: https://codereview.chromium.org/183553004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@256188 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'ipc/ipc_channel_proxy.h')
-rw-r--r-- | ipc/ipc_channel_proxy.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipc/ipc_channel_proxy.h b/ipc/ipc_channel_proxy.h index dca8c97..b0247c4 100644 --- a/ipc/ipc_channel_proxy.h +++ b/ipc/ipc_channel_proxy.h @@ -233,6 +233,10 @@ class IPC_EXPORT ChannelProxy : public Sender, public base::NonThreadSafe { // List of filters. This is only accessed on the IPC thread. std::vector<scoped_refptr<MessageFilter> > filters_; scoped_refptr<base::SingleThreadTaskRunner> ipc_task_runner_; + + // Note, channel_ may be set on the Listener thread or the IPC thread. + // But once it has been set, it must only be read or cleared on the IPC + // thread. scoped_ptr<Channel> channel_; std::string channel_id_; bool channel_connected_called_; |