From 1941446c1486d89450e15a0c1aaa4d59fc3020e6 Mon Sep 17 00:00:00 2001 From: Boris Zbarsky Date: Wed, 19 Jul 2023 03:57:06 -0400 Subject: [PATCH] Fix thread race in test-only XPC code. (#28041) The clearRegistry block is touching various members of "self" that should only be touched on self.workQueue. But it was being called on whatever queue the client-provided stopReportsWithController method called its completion on. The fix is to dispatch to the queue that getProxyHandleWithCompletion is passed, which is in fact our work queue. --- .../Framework/CHIP/MTRDeviceControllerXPCConnection.mm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/darwin/Framework/CHIP/MTRDeviceControllerXPCConnection.mm b/src/darwin/Framework/CHIP/MTRDeviceControllerXPCConnection.mm index e44308244cc00f..02f1e2c0ac134b 100644 --- a/src/darwin/Framework/CHIP/MTRDeviceControllerXPCConnection.mm +++ b/src/darwin/Framework/CHIP/MTRDeviceControllerXPCConnection.mm @@ -170,9 +170,12 @@ - (void)deregisterReportHandlersWithController:(id)controller [handle.proxy stopReportsWithController:controller nodeId:nodeID.unsignedLongLongValue completion:^{ + // Make sure handle stays alive until we get to this + // completion (in particular while we are working + // with handle.proxy). __auto_type handleRetainer = handle; (void) handleRetainer; - clearRegistry(); + dispatch_async(queue, clearRegistry); }]; } else { MTR_LOG_ERROR("CHIP XPC connection failed to stop reporting");