Closed Bug 1116358 Opened 5 years ago Closed 5 years ago

Directly call Release() on |this| when closing a GMP encoder/decoder proxies

Categories

(Core :: Audio/Video, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla37

People

(Reporter: ehsan, Assigned: ehsan)

References

Details

Attachments

(1 file, 1 obsolete file)

No description provided.
Attachment #8542367 - Flags: review?(cpearce)
Assignee: nobody → ehsan
Blocks: 1114999
Comment on attachment 8542367 [details] [diff] [review]
Prevent double releasing |this| in the GMP code

Review of attachment 8542367 [details] [diff] [review]:
-----------------------------------------------------------------

::: dom/media/gmp/GMPAudioDecoderParent.cpp
@@ +147,5 @@
>    mCallback = nullptr;
>    // Let Shutdown mark us as dead so it knows if we had been alive
>  
>    // In case this is the last reference
> +  Release();

Since this could be the last reference, Release() could lead to destructor and Shutdown() will be use-after-free?
Comment on attachment 8542367 [details] [diff] [review]
Prevent double releasing |this| in the GMP code

Review of attachment 8542367 [details] [diff] [review]:
-----------------------------------------------------------------

What JW said; the caller actually holds a raw pointer to this object (via a GMP*ParentProxy raw interface pointer), so the release done in Close() could drop the last reference on the object.
Attachment #8542367 - Flags: review?(cpearce) → review-
This is needed in order to avoid calling Release() on a smart pointer.
Attachment #8542582 - Flags: review?(cpearce)
Summary: Prevent double releasing |this| in the GMP code → Directly call Release() on |this| when closing a GMP encoder/decoder proxies
Attachment #8542367 - Attachment is obsolete: true
Attachment #8542582 - Flags: review?(cpearce) → review+
https://hg.mozilla.org/mozilla-central/rev/28af302f47f4
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla37
You need to log in before you can comment on or make changes to this bug.