[webkit-changes] [165160] trunk/Source/WebCore

Wed, 05 Mar 2014 18:51:07 -0800

Title: [165160] trunk/Source/WebCore
Revision
165160
Author
[email protected]
Date
2014-03-05 18:56:34 -0800 (Wed, 05 Mar 2014)

Log Message

[MSE] Crash in SourceBuffer::sourceBufferPrivateDidReceiveSample() - received samples after SourceBuffer was removed.
https://bugs.webkit.org/show_bug.cgi?id=129761

Reviewed by Eric Carlson.

Guard against the possibility that SourceBufferPrivates will continue to generate samples even after
a parse error. Bail out early from sourceBufferPrivateDidReceiveInitializationSegment and
sourceBufferPrivateDidReceiveSample if the SourceBuffer has been removed.

* Modules/mediasource/SourceBuffer.cpp:
(WebCore::SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment):
(WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (165159 => 165160)


--- trunk/Source/WebCore/ChangeLog	2014-03-06 02:51:55 UTC (rev 165159)
+++ trunk/Source/WebCore/ChangeLog	2014-03-06 02:56:34 UTC (rev 165160)
@@ -1,3 +1,18 @@
+2014-03-05  Jer Noble  <[email protected]>
+
+        [MSE] Crash in SourceBuffer::sourceBufferPrivateDidReceiveSample() - received samples after SourceBuffer was removed.
+        https://bugs.webkit.org/show_bug.cgi?id=129761
+
+        Reviewed by Eric Carlson.
+
+        Guard against the possibility that SourceBufferPrivates will continue to generate samples even after
+        a parse error. Bail out early from sourceBufferPrivateDidReceiveInitializationSegment and
+        sourceBufferPrivateDidReceiveSample if the SourceBuffer has been removed.
+
+        * Modules/mediasource/SourceBuffer.cpp:
+        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment):
+        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
+
 2014-03-05  Enrica Casucci  <[email protected]>
 
         Build fix, take 2.

Modified: trunk/Source/WebCore/Modules/mediasource/SourceBuffer.cpp (165159 => 165160)


--- trunk/Source/WebCore/Modules/mediasource/SourceBuffer.cpp	2014-03-06 02:51:55 UTC (rev 165159)
+++ trunk/Source/WebCore/Modules/mediasource/SourceBuffer.cpp	2014-03-06 02:56:34 UTC (rev 165160)
@@ -529,6 +529,9 @@
 
 void SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment(SourceBufferPrivate*, const InitializationSegment& segment)
 {
+    if (isRemoved())
+        return;
+
     // 3.5.7 Initialization Segment Received
     // https://dvcs.w3.org/hg/html-media/raw-file/default/media-source/media-source.html#sourcebuffer-init-segment-received
     // 1. Update the duration attribute if it currently equals NaN:
@@ -780,6 +783,9 @@
 
 void SourceBuffer::sourceBufferPrivateDidReceiveSample(SourceBufferPrivate*, PassRefPtr<MediaSample> prpSample)
 {
+    if (isRemoved())
+        return;
+
     RefPtr<MediaSample> sample = prpSample;
 
     // 3.5.8 Coded Frame Processing

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to