0

Mojo: Eliminate re-entrancy in MultiplexRouter

ProcessTasks() can destroy messages, which can lead to endpoint closure,
which can trigger ProcessTasks(). This is causing stack overflows, and
the re-entrancy is not necessary.

Fixed: 335577804
Change-Id: I83d921554872d031378c725d8eae80e4cfdece4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5472164
Commit-Queue: Ken Rockot <rockot@google.com>
Reviewed-by: Yuzhu Shen <yzshen@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1291413}
This commit is contained in:
Ken Rockot
2024-04-23 17:58:08 +00:00
committed by Chromium LUCI CQ
parent 417a5df82b
commit 576d944eff
2 changed files with 7 additions and 1 deletions
mojo/public/cpp/bindings/lib

@ -8,6 +8,7 @@
#include <utility>
#include "base/auto_reset.h"
#include "base/containers/contains.h"
#include "base/containers/flat_set.h"
#include "base/feature_list.h"
@ -922,9 +923,10 @@ void MultiplexRouter::ProcessTasks(
base::SequencedTaskRunner* current_task_runner) {
AssertLockAcquired();
if (posted_to_process_tasks_)
if (posted_to_process_tasks_ || processing_tasks_)
return;
base::AutoReset<bool> processing_tasks(&processing_tasks_, true);
while (!tasks_.empty() && !paused_) {
std::unique_ptr<Task> task(std::move(tasks_.front()));
tasks_.pop_front();

@ -341,6 +341,10 @@ class COMPONENT_EXPORT(MOJO_CPP_BINDINGS) MultiplexRouter
bool posted_to_process_tasks_ = false;
scoped_refptr<base::SequencedTaskRunner> posted_to_task_runner_;
// Indicates whether we're currently within ProcessTasks(). Used to avoid
// re-entrancy into that method.
bool processing_tasks_ = false;
bool encountered_error_ = false;
// Indicates whether this router is paused, meaning it is not currently