Title: [278500] trunk/Source/WebKit
- Revision
- 278500
- Author
- [email protected]
- Date
- 2021-06-04 15:17:40 -0700 (Fri, 04 Jun 2021)
Log Message
Flaky crash under UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() on the bots
https://bugs.webkit.org/show_bug.cgi?id=226653
Reviewed by Eric Carlson.
The SourceProxy destructor was taking care of calling invalidate() on the SharedRingBufferStorage
before destroying the CARingBuffer on the main thread, to avoid having SourceProxy::storageChanged()
called in the middle of destruction. However, the background thread may still be running at this
point and may reconstruct the RingBuffer right after the invalidate call, causing us to crash
because storageChanged() still gets called in the middle on destruction.
To address the issue, we now make sure to stop the rendering thread before we proceed with the
destruction and invalidate the SharedRingBufferStorage's storage change handler.
* UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:
(WebKit::UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (278499 => 278500)
--- trunk/Source/WebKit/ChangeLog 2021-06-04 22:16:31 UTC (rev 278499)
+++ trunk/Source/WebKit/ChangeLog 2021-06-04 22:17:40 UTC (rev 278500)
@@ -1,3 +1,22 @@
+2021-06-04 Chris Dumez <[email protected]>
+
+ Flaky crash under UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() on the bots
+ https://bugs.webkit.org/show_bug.cgi?id=226653
+
+ Reviewed by Eric Carlson.
+
+ The SourceProxy destructor was taking care of calling invalidate() on the SharedRingBufferStorage
+ before destroying the CARingBuffer on the main thread, to avoid having SourceProxy::storageChanged()
+ called in the middle of destruction. However, the background thread may still be running at this
+ point and may reconstruct the RingBuffer right after the invalidate call, causing us to crash
+ because storageChanged() still gets called in the middle on destruction.
+
+ To address the issue, we now make sure to stop the rendering thread before we proceed with the
+ destruction and invalidate the SharedRingBufferStorage's storage change handler.
+
+ * UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:
+ (WebKit::UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy):
+
2021-06-04 Ryosuke Niwa <[email protected]>
Store MediaPlayer using WeakPtr in MediaPlayerPrivateRemote
Modified: trunk/Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp (278499 => 278500)
--- trunk/Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp 2021-06-04 22:16:31 UTC (rev 278499)
+++ trunk/Source/WebKit/UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp 2021-06-04 22:17:40 UTC (rev 278500)
@@ -77,6 +77,9 @@
~SourceProxy()
{
+ // Make sure the rendering thread is stopped before we proceed with the destruction.
+ stop();
+
if (m_ringBuffer)
static_cast<SharedRingBufferStorage&>(m_ringBuffer->storage()).invalidate();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
