Closed
Bug 1246051
Opened 8 years ago
Closed 8 years ago
MediaQueue<T>::Peek/PeekFront are not thread-safe
Categories
(Core :: Audio/Video: Playback, defect, P2)
Core
Audio/Video: Playback
Tracking
()
RESOLVED
FIXED
mozilla49
| Tracking | Status | |
|---|---|---|
| firefox49 | --- | fixed |
People
(Reporter: jwwang, Assigned: jwwang)
References
Details
Attachments
(1 file)
Considering the following code: RefPtr<T> foo = queue.PeekFront(); It is possible for the foo constructor to receive a dangling pointer if queue.Reset() is called on another thread in the mean time.
|
||
Comment 1•8 years ago
|
||
the only place doing so is MediaDecoderStateMachine::SeekCompleted() But isn't queue.Reset() only ever called on the MDSM thread?
|
Assignee | |
Comment 2•8 years ago
|
||
We either need to document this pitfall or make it thread-safe to be usable outside the context of MDSM.
|
|
Assignee | |
Comment 3•8 years ago
|
||
(In reply to Jean-Yves Avenard [:jya] from comment #1) > the only place doing so is MediaDecoderStateMachine::SeekCompleted() > > But isn't queue.Reset() only ever called on the MDSM thread? https://hg.mozilla.org/mozilla-central/file/584870f1cbc5d060a57e147ce249f736956e2b62/dom/media/mediasink/DecodedAudioDataSink.cpp#l221 We have such usages in DecodedAudioDataSink::PopFrames() which is called from libcubeb callback threads.
|
||
Updated•8 years ago
|
Priority: -- → P2
|
|
||
Comment 4•8 years ago
|
||
I believe this issue is one of the reason for crashes seen in the Android emulator as seen in bug 1264199
See Also: → 1265932
|
|
Assignee | |
Comment 5•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/48675/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/48675/
Attachment #8744793 -
Flags: review?(gsquelart)
|
|
Assignee | |
Comment 6•8 years ago
|
||
try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=52bfd78ab8e6
Attachment #8744793 -
Flags: review?(gsquelart) → review+
Comment on attachment 8744793 [details] MozReview Request: Bug 1246051 - have MediaQueue<T>::Peek/PeekFront return a RefPtr<> to avoid dangling pointers per comment 0. r=gerald. https://reviewboard.mozilla.org/r/48675/#review45437
|
|
Assignee | |
Comment 8•8 years ago
|
||
Thanks for the review!
|
|
Assignee | |
Updated•8 years ago
|
Assignee: nobody → jwwang
|
||
Comment 10•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/2dbdefa829d1
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
You need to log in
before you can comment on or make changes to this bug.
Description
•