Modified: releases/WebKitGTK/webkit-2.30/Source/WebCore/ChangeLog (272712 => 272713)
--- releases/WebKitGTK/webkit-2.30/Source/WebCore/ChangeLog 2021-02-11 09:29:22 UTC (rev 272712)
+++ releases/WebKitGTK/webkit-2.30/Source/WebCore/ChangeLog 2021-02-11 09:31:45 UTC (rev 272713)
@@ -1,3 +1,14 @@
+2020-11-27 Philippe Normand <[email protected]>
+
+ [GStreamer] AudioSourceProvider can potentially invoke an already-freed client
+ https://bugs.webkit.org/show_bug.cgi?id=217952
+
+ Reviewed by Xabier Rodriguez-Calvar.
+
+ * platform/audio/gstreamer/AudioSourceProviderGStreamer.cpp:
+ (WebCore::AudioSourceProviderGStreamer::deinterleavePadsConfigured): Check the provider has
+ a client before setting up the audio format.
+
2020-11-26 Michael Catanzaro <[email protected]>
[WPE][GTK] Use Internet Explorer quirk for Google Docs
Modified: releases/WebKitGTK/webkit-2.30/Source/WebCore/platform/audio/gstreamer/AudioSourceProviderGStreamer.cpp (272712 => 272713)
--- releases/WebKitGTK/webkit-2.30/Source/WebCore/platform/audio/gstreamer/AudioSourceProviderGStreamer.cpp 2021-02-11 09:29:22 UTC (rev 272712)
+++ releases/WebKitGTK/webkit-2.30/Source/WebCore/platform/audio/gstreamer/AudioSourceProviderGStreamer.cpp 2021-02-11 09:31:45 UTC (rev 272713)
@@ -127,7 +127,7 @@
{
m_notifier->invalidate();
- GRefPtr<GstElement> deinterleave = adoptGRef(gst_bin_get_by_name(GST_BIN(m_audioSinkBin.get()), "deinterleave"));
+ auto deinterleave = adoptGRef(gst_bin_get_by_name(GST_BIN_CAST(m_audioSinkBin.get()), "deinterleave"));
if (deinterleave && m_client) {
g_signal_handler_disconnect(deinterleave.get(), m_deinterleavePadAddedHandlerId);
g_signal_handler_disconnect(deinterleave.get(), m_deinterleaveNoMorePadsHandlerId);
@@ -134,8 +134,7 @@
g_signal_handler_disconnect(deinterleave.get(), m_deinterleavePadRemovedHandlerId);
}
- if (m_pipeline)
- gst_element_set_state(m_pipeline.get(), GST_STATE_NULL);
+ setClient(nullptr);
g_object_unref(m_frontLeftAdapter);
g_object_unref(m_frontRightAdapter);
@@ -231,20 +230,24 @@
void AudioSourceProviderGStreamer::setClient(AudioSourceProviderClient* client)
{
- if (m_client)
+ if (m_client == client)
return;
- ASSERT(client);
m_client = client;
if (m_pipeline)
- gst_element_set_state(m_pipeline.get(), GST_STATE_PLAYING);
+ gst_element_set_state(m_pipeline.get(), m_client ? GST_STATE_PLAYING : GST_STATE_NULL);
+ // FIXME: This early return should ideally be replaced by a removal of the m_audioSinkBin from
+ // its parent pipeline. https://bugs.webkit.org/show_bug.cgi?id=219245
+ if (!m_client)
+ return;
+
// The volume element is used to mute audio playback towards the
// autoaudiosink. This is needed to avoid double playback of audio
// from our audio sink and from the WebAudio AudioDestination node
// supposedly configured already by application side.
- GRefPtr<GstElement> volumeElement = adoptGRef(gst_bin_get_by_name(GST_BIN(m_audioSinkBin.get()), "volume"));
+ auto volumeElement = adoptGRef(gst_bin_get_by_name(GST_BIN_CAST(m_audioSinkBin.get()), "volume"));
if (volumeElement)
g_object_set(volumeElement.get(), "mute", TRUE, nullptr);
@@ -375,11 +378,9 @@
void AudioSourceProviderGStreamer::deinterleavePadsConfigured()
{
- m_notifier->notify(MainThreadNotification::DeinterleavePadsConfigured, [this] {
- ASSERT(m_client);
- ASSERT(m_deinterleaveSourcePads == gNumberOfChannels);
-
- m_client->setFormat(m_deinterleaveSourcePads, gSampleBitRate);
+ m_notifier->notify(MainThreadNotification::DeinterleavePadsConfigured, [numberOfChannels = m_deinterleaveSourcePads, sampleRate = gSampleBitRate, client = m_client] {
+ if (client)
+ client->setFormat(numberOfChannels, sampleRate);
});
}
