New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: nullptr check when closing windows #22948
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we explain how this helps? These aren't smart pointers, if this is an invalid access it's a UAF not a nullptr issue.
WindowVector === std::vector<NativeWindow*>
so unless we're injecting / replacing nullptr
in the vector this won't fix the issue afaik
changing to |
If we make this a vector of weak pointers this solution makes sense, without it I don't think this fix actually helps. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Both DestroyAllWindows
and CloseAllWindows
work on a copied array of windows, and the source array is being updated when a window is created/destroyed, so its values can not be nullptr.
It seems the app destroyed other windows when a window is being closed, and the copied windows array still included freed pointers and crashed when calling window->IsClosed()
. So checking null would not fix the crash as it is a wild pointer instead of null pointer.
// app is doing something like this:
childWindow.once('closed', () => {
parentWindow.destroy()
})
An ideal solution would be forbidding users to delete NativeWindow
and have WindowList
manage the deletion, but that would be a fairly large refactoring. I think a small workaround would be something like:
void WindowList::DestroyAllWindows() {
std::vector<base::WeakPtr<NativeWindow>> windows = ConvertToWeakPtrVector(GetInstance()->windows_);
for (const auto& window : windows) {
if (window)
window->CloseImmediately();
}
}
@zcbenz any reason not maintain the |
I think the internal records should still be a vector of raw ptrs, the purpose of There is crash because |
dbdc2bd
to
4f0938c
Compare
4f0938c
to
6fc806e
Compare
6fc806e
to
2556f97
Compare
Release Notes Persisted
|
I have automatically backported this PR to "8-x-y", please check out #23022 |
I have automatically backported this PR to "9-x-y", please check out #23023 |
I have automatically backported this PR to "7-2-x", please check out #23024 |
Description of Change
Closes #14161.
We weren't performing a nullptr check, so we would experience an
EXC_BAD_ACCESS
crashif an object in the WindowVector is destroyed during cleanup. This fixes that by adding said nullptr check.
cc @zcbenz @deepak1556 @MarshallOfSound
Checklist
npm test
passesRelease Notes
Notes: Fixed an occasional crash when closing all BrowserWindows.