Title: [271530] trunk/Source/WebCore
- Revision
- 271530
- Author
- [email protected]
- Date
- 2021-01-15 12:43:12 -0800 (Fri, 15 Jan 2021)
Log Message
CRASH in MediaSourcePrivateAVFObjC::removeSourceBuffer()
https://bugs.webkit.org/show_bug.cgi?id=220647
<rdar://73173684>
Reviewed by Darin Adler.
In exceptional circumstances, the MediaPlayerPrivateMediaSourceAVFObjC can be destroyed before
MediaSourcePrivateAVFObjC, which leaves behind a null WeakPtr. Null check m_player before
using everywhere in MediaSourcePrivateAVFObjC.
Drive-by fix: it would be invalid to pass in a null player to MediaSourcePrivateAVFObjC::create(),
so modify that method to take a reference rather than a pointer.
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::load):
* platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
* platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
(WebCore::MediaSourcePrivateAVFObjC::create):
(WebCore::MediaSourcePrivateAVFObjC::MediaSourcePrivateAVFObjC):
(WebCore::MediaSourcePrivateAVFObjC::removeSourceBuffer):
(WebCore::MediaSourcePrivateAVFObjC::durationChanged):
(WebCore::MediaSourcePrivateAVFObjC::markEndOfStream):
(WebCore::MediaSourcePrivateAVFObjC::readyState const):
(WebCore::MediaSourcePrivateAVFObjC::setReadyState):
(WebCore::MediaSourcePrivateAVFObjC::waitForSeekCompleted):
(WebCore::MediaSourcePrivateAVFObjC::seekCompleted):
(WebCore::MediaSourcePrivateAVFObjC::currentMediaTime const):
(WebCore::MediaSourcePrivateAVFObjC::sourceBufferPrivateDidChangeActiveState):
(WebCore::MediaSourcePrivateAVFObjC::sourceBufferKeyNeeded):
(WebCore::MediaSourcePrivateAVFObjC::setSourceBufferWithSelectedVideo):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (271529 => 271530)
--- trunk/Source/WebCore/ChangeLog 2021-01-15 20:33:47 UTC (rev 271529)
+++ trunk/Source/WebCore/ChangeLog 2021-01-15 20:43:12 UTC (rev 271530)
@@ -1,3 +1,36 @@
+2021-01-15 Jer Noble <[email protected]>
+
+ CRASH in MediaSourcePrivateAVFObjC::removeSourceBuffer()
+ https://bugs.webkit.org/show_bug.cgi?id=220647
+ <rdar://73173684>
+
+ Reviewed by Darin Adler.
+
+ In exceptional circumstances, the MediaPlayerPrivateMediaSourceAVFObjC can be destroyed before
+ MediaSourcePrivateAVFObjC, which leaves behind a null WeakPtr. Null check m_player before
+ using everywhere in MediaSourcePrivateAVFObjC.
+
+ Drive-by fix: it would be invalid to pass in a null player to MediaSourcePrivateAVFObjC::create(),
+ so modify that method to take a reference rather than a pointer.
+
+ * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
+ (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::load):
+ * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
+ * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
+ (WebCore::MediaSourcePrivateAVFObjC::create):
+ (WebCore::MediaSourcePrivateAVFObjC::MediaSourcePrivateAVFObjC):
+ (WebCore::MediaSourcePrivateAVFObjC::removeSourceBuffer):
+ (WebCore::MediaSourcePrivateAVFObjC::durationChanged):
+ (WebCore::MediaSourcePrivateAVFObjC::markEndOfStream):
+ (WebCore::MediaSourcePrivateAVFObjC::readyState const):
+ (WebCore::MediaSourcePrivateAVFObjC::setReadyState):
+ (WebCore::MediaSourcePrivateAVFObjC::waitForSeekCompleted):
+ (WebCore::MediaSourcePrivateAVFObjC::seekCompleted):
+ (WebCore::MediaSourcePrivateAVFObjC::currentMediaTime const):
+ (WebCore::MediaSourcePrivateAVFObjC::sourceBufferPrivateDidChangeActiveState):
+ (WebCore::MediaSourcePrivateAVFObjC::sourceBufferKeyNeeded):
+ (WebCore::MediaSourcePrivateAVFObjC::setSourceBufferWithSelectedVideo):
+
2021-01-15 Chris Dumez <[email protected]>
[GPUProcess] Improve the GPUProcess' memory pressure handler
Modified: trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm (271529 => 271530)
--- trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm 2021-01-15 20:33:47 UTC (rev 271529)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm 2021-01-15 20:43:12 UTC (rev 271530)
@@ -270,7 +270,7 @@
{
ALWAYS_LOG(LOGIDENTIFIER);
- m_mediaSourcePrivate = MediaSourcePrivateAVFObjC::create(this, client);
+ m_mediaSourcePrivate = MediaSourcePrivateAVFObjC::create(*this, client);
m_mediaSourcePrivate->setVideoLayer(m_sampleBufferDisplayLayer.get());
m_mediaSourcePrivate->setDecompressionSession(m_decompressionSession.get());
Modified: trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h (271529 => 271530)
--- trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h 2021-01-15 20:33:47 UTC (rev 271529)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h 2021-01-15 20:43:12 UTC (rev 271530)
@@ -59,7 +59,7 @@
#endif
{
public:
- static Ref<MediaSourcePrivateAVFObjC> create(MediaPlayerPrivateMediaSourceAVFObjC*, MediaSourcePrivateClient*);
+ static Ref<MediaSourcePrivateAVFObjC> create(MediaPlayerPrivateMediaSourceAVFObjC&, MediaSourcePrivateClient*);
virtual ~MediaSourcePrivateAVFObjC();
MediaPlayerPrivateMediaSourceAVFObjC* player() const { return m_player.get(); }
@@ -116,7 +116,7 @@
void failedToCreateRenderer(RendererType);
private:
- MediaSourcePrivateAVFObjC(MediaPlayerPrivateMediaSourceAVFObjC*, MediaSourcePrivateClient*);
+ MediaSourcePrivateAVFObjC(MediaPlayerPrivateMediaSourceAVFObjC&, MediaSourcePrivateClient*);
void sourceBufferPrivateDidChangeActiveState(SourceBufferPrivateAVFObjC*, bool active);
void sourceBufferPrivateDidReceiveInitializationSegment(SourceBufferPrivateAVFObjC*);
Modified: trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm (271529 => 271530)
--- trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm 2021-01-15 20:33:47 UTC (rev 271529)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm 2021-01-15 20:43:12 UTC (rev 271530)
@@ -46,7 +46,7 @@
#pragma mark -
#pragma mark MediaSourcePrivateAVFObjC
-Ref<MediaSourcePrivateAVFObjC> MediaSourcePrivateAVFObjC::create(MediaPlayerPrivateMediaSourceAVFObjC* parent, MediaSourcePrivateClient* client)
+Ref<MediaSourcePrivateAVFObjC> MediaSourcePrivateAVFObjC::create(MediaPlayerPrivateMediaSourceAVFObjC& parent, MediaSourcePrivateClient* client)
{
auto mediaSourcePrivate = adoptRef(*new MediaSourcePrivateAVFObjC(parent, client));
client->setPrivateAndOpen(mediaSourcePrivate.copyRef());
@@ -53,7 +53,7 @@
return mediaSourcePrivate;
}
-MediaSourcePrivateAVFObjC::MediaSourcePrivateAVFObjC(MediaPlayerPrivateMediaSourceAVFObjC* parent, MediaSourcePrivateClient* client)
+MediaSourcePrivateAVFObjC::MediaSourcePrivateAVFObjC(MediaPlayerPrivateMediaSourceAVFObjC& parent, MediaSourcePrivateClient* client)
: m_player(makeWeakPtr(parent))
, m_client(client)
, m_isEnded(false)
@@ -110,7 +110,8 @@
size_t pos = m_activeSourceBuffers.find(buffer);
if (pos != notFound) {
m_activeSourceBuffers.remove(pos);
- m_player->notifyActiveSourceBuffersChanged();
+ if (m_player)
+ m_player->notifyActiveSourceBuffersChanged();
}
pos = m_sourceBuffers.find(buffer);
@@ -130,12 +131,13 @@
void MediaSourcePrivateAVFObjC::durationChanged(const MediaTime&)
{
- m_player->durationChanged();
+ if (m_player)
+ m_player->durationChanged();
}
void MediaSourcePrivateAVFObjC::markEndOfStream(EndOfStreamStatus status)
{
- if (status == EosNoError)
+ if (status == EosNoError && m_player)
m_player->setNetworkState(MediaPlayer::NetworkState::Loaded);
m_isEnded = true;
}
@@ -148,27 +150,30 @@
MediaPlayer::ReadyState MediaSourcePrivateAVFObjC::readyState() const
{
- return m_player->readyState();
+ return m_player ? m_player->readyState() : MediaPlayer::ReadyState::HaveNothing;
}
void MediaSourcePrivateAVFObjC::setReadyState(MediaPlayer::ReadyState readyState)
{
- m_player->setReadyState(readyState);
+ if (m_player)
+ m_player->setReadyState(readyState);
}
void MediaSourcePrivateAVFObjC::waitForSeekCompleted()
{
- m_player->waitForSeekCompleted();
+ if (m_player)
+ m_player->waitForSeekCompleted();
}
void MediaSourcePrivateAVFObjC::seekCompleted()
{
- m_player->seekCompleted();
+ if (m_player)
+ m_player->seekCompleted();
}
MediaTime MediaSourcePrivateAVFObjC::currentMediaTime() const
{
- return m_player->currentMediaTime();
+ return m_player ? m_player->currentMediaTime() : MediaTime::invalidTime();
}
void MediaSourcePrivateAVFObjC::sourceBufferPrivateDidChangeActiveState(SourceBufferPrivateAVFObjC* buffer, bool active)
@@ -175,7 +180,8 @@
{
if (active && !m_activeSourceBuffers.contains(buffer)) {
m_activeSourceBuffers.append(buffer);
- m_player->notifyActiveSourceBuffersChanged();
+ if (m_player)
+ m_player->notifyActiveSourceBuffersChanged();
}
if (!active) {
@@ -182,7 +188,8 @@
size_t position = m_activeSourceBuffers.find(buffer);
if (position != notFound) {
m_activeSourceBuffers.remove(position);
- m_player->notifyActiveSourceBuffersChanged();
+ if (m_player)
+ m_player->notifyActiveSourceBuffersChanged();
}
}
}
@@ -191,7 +198,8 @@
void MediaSourcePrivateAVFObjC::sourceBufferKeyNeeded(SourceBufferPrivateAVFObjC* buffer, Uint8Array* initData)
{
m_sourceBuffersNeedingSessions.append(buffer);
- player()->keyNeeded(initData);
+ if (m_player)
+ m_player->keyNeeded(initData);
}
#endif
@@ -325,7 +333,7 @@
m_sourceBufferWithSelectedVideo = sourceBuffer;
- if (m_sourceBufferWithSelectedVideo) {
+ if (m_sourceBufferWithSelectedVideo && m_player) {
m_sourceBufferWithSelectedVideo->setVideoLayer(m_player->sampleBufferDisplayLayer());
m_sourceBufferWithSelectedVideo->setDecompressionSession(m_player->decompressionSession());
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
