[webkit-changes] [183167] trunk/Source/WebCore

Wed, 22 Apr 2015 21:32:30 -0700

Title: [183167] trunk/Source/WebCore
Revision
183167
Author
[email protected]
Date
2015-04-22 21:31:45 -0700 (Wed, 22 Apr 2015)

Log Message

[Mac][MediaSource] Crash when SourceBuffer::provideMediaData() is called re-entrantly.
https://bugs.webkit.org/show_bug.cgi?id=144023

Reviewed by Darin Adler.

Partially revert r183097 (as it was not sufficient to protect against re-entrancy). Instead,
protect against re-entrancy in provideMediaData() directly by removing the first sample
from the TrackBuffer's decodeQueue at a time. If provideMediaData() is called re-entrantly,
or if any other method which modifies the decodeQueue is called from inside
provideMediaData, no iterators will be invalidated.

* Modules/mediasource/SourceBuffer.cpp:
(WebCore::SourceBuffer::provideMediaData):
* platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
(WebCore::SourceBufferPrivateAVFObjC::didBecomeReadyForMoreSamples):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (183166 => 183167)


--- trunk/Source/WebCore/ChangeLog	2015-04-23 02:55:33 UTC (rev 183166)
+++ trunk/Source/WebCore/ChangeLog	2015-04-23 04:31:45 UTC (rev 183167)
@@ -1,3 +1,21 @@
+2015-04-22  Jer Noble  <[email protected]>
+
+        [Mac][MediaSource] Crash when SourceBuffer::provideMediaData() is called re-entrantly.
+        https://bugs.webkit.org/show_bug.cgi?id=144023
+
+        Reviewed by Darin Adler.
+
+        Partially revert r183097 (as it was not sufficient to protect against re-entrancy). Instead,
+        protect against re-entrancy in provideMediaData() directly by removing the first sample
+        from the TrackBuffer's decodeQueue at a time. If provideMediaData() is called re-entrantly,
+        or if any other method which modifies the decodeQueue is called from inside
+        provideMediaData, no iterators will be invalidated.
+
+        * Modules/mediasource/SourceBuffer.cpp:
+        (WebCore::SourceBuffer::provideMediaData):
+        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
+        (WebCore::SourceBufferPrivateAVFObjC::didBecomeReadyForMoreSamples):
+
 2015-04-22  Zalan Bujtas  <[email protected]>
 
         Create RenderRubyText for <rt> only when the parent renderer is a RenderRuby.

Modified: trunk/Source/WebCore/Modules/mediasource/SourceBuffer.cpp (183166 => 183167)


--- trunk/Source/WebCore/Modules/mediasource/SourceBuffer.cpp	2015-04-23 02:55:33 UTC (rev 183166)
+++ trunk/Source/WebCore/Modules/mediasource/SourceBuffer.cpp	2015-04-23 04:31:45 UTC (rev 183167)
@@ -1793,14 +1793,18 @@
     unsigned enqueuedSamples = 0;
 #endif
 
-    auto sampleIt = trackBuffer.decodeQueue.begin();
-    for (auto sampleEnd = trackBuffer.decodeQueue.end(); sampleIt != sampleEnd; ++sampleIt) {
+    while (!trackBuffer.decodeQueue.empty()) {
         if (!m_private->isReadyForMoreSamples(trackID)) {
             m_private->notifyClientWhenReadyForMoreSamples(trackID);
             break;
         }
 
-        RefPtr<MediaSample> sample = sampleIt->second;
+        // FIXME(rdar://problem/20635969): Remove this re-entrancy protection when the aforementioned radar is resolved; protecting
+        // against re-entrancy introduces a small inefficency when removing appended samples from the decode queue one at a time
+        // rather than when all samples have been enqueued.
+        RefPtr<MediaSample> sample = trackBuffer.decodeQueue.begin()->second;
+        trackBuffer.decodeQueue.erase(trackBuffer.decodeQueue.begin());
+
         // Do not enqueue samples spanning a significant unbuffered gap.
         // NOTE: one second is somewhat arbitrary. MediaSource::monitorSourceBuffers() is run
         // on the playbackTimer, which is effectively every 350ms. Allowing > 350ms gap between
@@ -1818,9 +1822,7 @@
 #if !LOG_DISABLED
         ++enqueuedSamples;
 #endif
-
     }
-    trackBuffer.decodeQueue.erase(trackBuffer.decodeQueue.begin(), sampleIt);
 
     LOG(MediaSource, "SourceBuffer::provideMediaData(%p) - Enqueued %u samples", this, enqueuedSamples);
 }

Modified: trunk/Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm (183166 => 183167)


--- trunk/Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm	2015-04-23 02:55:33 UTC (rev 183166)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm	2015-04-23 04:31:45 UTC (rev 183167)
@@ -1087,13 +1087,8 @@
         return;
     }
 
-    // FIXME(rdar://problem/20635969): Remove this dispatch_async() when the aforementioned radar is resolved
-    auto weakThis = createWeakPtr();
-    dispatch_async(dispatch_get_main_queue(), [weakThis, trackID] {
-        if (!weakThis || !weakThis->m_client)
-            return;
-        weakThis->m_client->sourceBufferPrivateDidBecomeReadyForMoreSamples(weakThis.get(), AtomicString::number(trackID));
-    });
+    if (m_client)
+        m_client->sourceBufferPrivateDidBecomeReadyForMoreSamples(this, AtomicString::number(trackID));
 }
 
 void SourceBufferPrivateAVFObjC::notifyClientWhenReadyForMoreSamples(AtomicString trackIDString)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to