Skip to site navigation (Press enter)

[webkit-changes] [262532] trunk/Source/WebCore

youenn Thu, 04 Jun 2020 06:02:37 -0700

Title: [262532] trunk/Source/WebCore

Revision: 262532
Author: you...@apple.com
Date: 2020-06-04 06:01:35 -0700 (Thu, 04 Jun 2020)

Log Message

Read MediaPlayerPrivateMediaStreamAVFObjC::m_canEnqueueDisplayLayer after the lock
https://bugs.webkit.org/show_bug.cgi?id=212693


Reviewed by Eric Carlson.

In case destroyLayers is called and shortly after ensureLayers is also called, the m_canEnqueueDisplayLayer check in enqueueVideoSample
might be bypassed. Make sure to lock before checking m_canEnqueueDisplayLayer in enqueueVideoSample.
For good measure, set m_canEnqueueDisplayLayer to false after locking in destroyLayers.

* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSample):
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayers):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm

Diff

Modified: trunk/Source/WebCore/ChangeLog (262531 => 262532)


--- trunk/Source/WebCore/ChangeLog	2020-06-04 10:35:43 UTC (rev 262531)
+++ trunk/Source/WebCore/ChangeLog	2020-06-04 13:01:35 UTC (rev 262532)
@@ -1,3 +1,18 @@
+2020-06-04  Youenn Fablet  <you...@apple.com>
+
+        Read MediaPlayerPrivateMediaStreamAVFObjC::m_canEnqueueDisplayLayer after the lock
+        https://bugs.webkit.org/show_bug.cgi?id=212693
+
+        Reviewed by Eric Carlson.
+
+        In case destroyLayers is called and shortly after ensureLayers is also called, the m_canEnqueueDisplayLayer check in enqueueVideoSample
+        might be bypassed. Make sure to lock before checking m_canEnqueueDisplayLayer in enqueueVideoSample.
+        For good measure, set m_canEnqueueDisplayLayer to false after locking in destroyLayers.
+
+        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSample):
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayers):
+
 2020-06-03  Chris Dumez  <cdu...@apple.com>
 
         [iOS] Validate index parameter in PlatformPasteboard

Modified: trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm (262531 => 262532)


--- trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm	2020-06-04 10:35:43 UTC (rev 262531)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm	2020-06-04 13:01:35 UTC (rev 262532)
@@ -252,14 +252,11 @@
 
 void MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSample(MediaSample& sample)
 {
-    if (!m_canEnqueueDisplayLayer)
-        return;
-
     auto locker = tryHoldLock(m_sampleBufferDisplayLayerLock);
     if (!locker)
         return;
 
-    if (!m_sampleBufferDisplayLayer || m_sampleBufferDisplayLayer->didFail())
+    if (!m_canEnqueueDisplayLayer || !m_sampleBufferDisplayLayer || m_sampleBufferDisplayLayer->didFail())
         return;
 
     if (sample.videoRotation() != m_videoRotation || sample.videoMirrored() != m_videoMirrored) {
@@ -377,9 +374,9 @@
 
 void MediaPlayerPrivateMediaStreamAVFObjC::destroyLayers()
 {
+    auto locker = holdLock(m_sampleBufferDisplayLayerLock);
+
     m_canEnqueueDisplayLayer = false;
-
-    auto locker = holdLock(m_sampleBufferDisplayLayerLock);
     if (m_sampleBufferDisplayLayer)
         m_sampleBufferDisplayLayer = nullptr;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes