Closed Bug 820596 Opened 13 years ago Closed 13 years ago

DASH: Need to defend against nullptr calls to state machine and reentrant monitor

Categories

(Core :: Networking, enhancement)

Product:
Core
Component:
Networking
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla20

People

(Reporter: sworkman, Assigned: sworkman)

References

Details

Attachments

(1 file)

v1.0 Defend against nullptr calls to mDecoderStateMachine and mReentrantMonitor
5.54 KB, patch
cpearce
: review+
Details | Diff | Splinter Review
Some calls to the state machine and reentrant monitor may happen after those objects are deleted in DASH-WebM. We should avoid this by having nullptr checks in the calling functions.
To clarify, DASHRepDecoder removes the reference to mDecoderStateMachine in its Shutdown function, before calling MediaDecoder::Shutdown. This is so that only DASHDecoder performs cleanup and shutdown on the state machine, since it is shared among DASHDecoder and its sub DASHRepDecoder objects. Similarly, DASHDecoder::mReentrantMonitor is shared among these objects. It has been observed during testing that DASHRepReader objects which have been waiting on data become unblocked during shutdown, but AFTER DASHDecoder has been deleted. GetReentrantMonitor returns a stale reference in this case and Firefox crashes.
-- Add nullptr checks for mDecoderStateMachine / GetStateMachine(), and return silently or 0 etc. as appropriate. -- Add a nullptr check for mMainDecoder in DASHRepDecoder::GetReentrantMonitor(), and return DASHRepDecoder's own monitor. This assumes that such a case will only happen after shutdown, when the decoder thread has been waiting on data.
Attachment #691101 - Flags: review?(cpearce)
Comment on attachment 691101 [details] [diff] [review] v1.0 Defend against nullptr calls to mDecoderStateMachine and mReentrantMonitor Review of attachment 691101 [details] [diff] [review]: ----------------------------------------------------------------- ::: content/media/MediaDecoder.cpp @@ +1433,5 @@ > return mDecoderStateMachine; > } > > bool MediaDecoder::IsShutdown() const { > + NS_ENSURE_TRUE(GetStateMachine(), false); Should this return true instead of false?
Attachment #691101 - Flags: review?(cpearce) → review+
(In reply to Chris Pearce (:cpearce) from comment #3) > Comment on attachment 691101 [details] [diff] [review] > v1.0 Defend against nullptr calls to mDecoderStateMachine and > mReentrantMonitor > > Review of attachment 691101 [details] [diff] [review]: > ----------------------------------------------------------------- > > ::: content/media/MediaDecoder.cpp > @@ +1433,5 @@ > > return mDecoderStateMachine; > > } > > > > bool MediaDecoder::IsShutdown() const { > > + NS_ENSURE_TRUE(GetStateMachine(), false); > > Should this return true instead of false? Yes. Thanks for the review!
Comment on attachment 691101 [details] [diff] [review] v1.0 Defend against nullptr calls to mDecoderStateMachine and mReentrantMonitor https://hg.mozilla.org/integration/mozilla-inbound/rev/02a0cad51a22
https://hg.mozilla.org/mozilla-central/rev/02a0cad51a22
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: