Issue mcp-graveyard/UXP#1643 - Follow up: Add a null check for mOwner in ResizeObserverNotificationHelper::Unregister

A race condition seemed to exist between tab destruction and un-registering a ResizeObserver resulting in a null deref crash. The original reporter in Forum Topic 25311 experienced this on msn.com so that was the functional test reference.
author: Matt A. Tobin <email@mattatobin.com> 2020-09-29 15:03:13 -0400
committer: Matt A. Tobin <email@mattatobin.com> 2020-09-29 15:03:13 -0400
commit: 96b775f4bf48bbdb4e31186e7c7ae550aa6a120a (patch)
tree: fbef557f50d316d6c750ba1af1509f8ace103d79
parent: 1fcf1965670ad5b6685fd1713fbec3725c3cece4 (diff)
download: uxp-96b775f4bf48bbdb4e31186e7c7ae550aa6a120a.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/dom/base/ResizeObserverController.cpp b/dom/base/ResizeObserverController.cpp
index 7a6e6ba449..117e67fbfd 100644
--- a/dom/base/ResizeObserverController.cpp
+++ b/dom/base/ResizeObserverController.cpp
@@ -58,6 +58,12 @@ ResizeObserverNotificationHelper::Register()
 void
 ResizeObserverNotificationHelper::Unregister()
 {
+  if (!mOwner) {
+    // We've outlived our owner, so there's nothing registered anymore.
+    mRegistered = false;
+    return;
+  }
+
   if (!mRegistered) {
     return;
   }
author	Matt A. Tobin <email@mattatobin.com>	2020-09-29 15:03:13 -0400
committer	Matt A. Tobin <email@mattatobin.com>	2020-09-29 15:03:13 -0400
commit	96b775f4bf48bbdb4e31186e7c7ae550aa6a120a (patch)
tree	fbef557f50d316d6c750ba1af1509f8ace103d79
parent	1fcf1965670ad5b6685fd1713fbec3725c3cece4 (diff)
download	uxp-96b775f4bf48bbdb4e31186e7c7ae550aa6a120a.tar.gz