[MSE] Crash at WebCore::SourceBuffer::~SourceBuffer + 110
authorjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 16 May 2014 19:45:15 +0000 (19:45 +0000)
committerjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 16 May 2014 19:45:15 +0000 (19:45 +0000)
commit4d13e2f48ec11ab5e4edd439c631280b0e9c9424
tree7914c30b10241221798ec615aa99c59a808b2678
parentd9c0114172f66dadde9862d2919b22a00c5fd27f
[MSE] Crash at  WebCore::SourceBuffer::~SourceBuffer + 110
https://bugs.webkit.org/show_bug.cgi?id=132973

Reviewed by Eric Carlson.

Change SourceBuffer::m_private into a Ref<>, and add an assertion to
SourceBufferPrivateAVFObjC's destructor if its client has not been cleared.

Eliminate unnecessary churn in MediaSourcePrivateAVFObjC by having the predicate
functor take bare pointers, rather than a PassRefPtr.

The underlying problem seems to be in WebAVStreamDataParserListener. RefPtrs were
being created off the main thread to a non-thread safe ref counted class. In some
situations, this would result in double decrementing the ref, which would cause an
early destruction of the underlying object. Instead replace these RefPtr strong
pointers with explicit weak ones. Ensure the parser and its delegate are not freed
before the append operation completes by passing strong pointers into the async
append operation lambda.

There were a few places where we weren't null checking m_mediaSource before using it,
and at least one place where we weren't clearing m_mediaSource.

* Modules/mediasource/SourceBuffer.cpp:
(WebCore::SourceBuffer::SourceBuffer): Use Ref instead of RefPtr.
(WebCore::SourceBuffer::appendBufferTimerFired): Ditto.
* Modules/mediasource/SourceBuffer.h:
* platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
(WebCore::MediaSourcePrivateAVFObjCHasAudio): Take a bare pointer, instead of a PassRefPtr.
(WebCore::MediaSourcePrivateAVFObjCHasVideo): Ditto.
* platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
(WebCore::MediaSourcePrivateAVFObjC::removeSourceBuffer): Clear the back pointer when removing a buffer.
* platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
* platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
(-[WebAVStreamDataParserListener initWithParser:parent:WebCore::]): Use WeakPtr instead of RefPtr.
(-[WebAVStreamDataParserListener invalidate]): Ditto.
(-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:]): Ditto.
(-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:withDiscontinuity:]): Ditto.
(-[WebAVStreamDataParserListener streamDataParser:didFailToParseStreamDataWithError:]): Ditto.
(-[WebAVStreamDataParserListener streamDataParser:didProvideMediaData:forTrackID:mediaType:flags:]): Ditto.
(-[WebAVStreamDataParserListener streamDataParser:didReachEndOfTrackWithTrackID:mediaType:]): Ditto.
(-[WebAVStreamDataParserListener streamDataParser:didProvideContentKeyRequestInitializationData:forTrackID:]): Ditto.
(WebCore::SourceBufferPrivateAVFObjC::~SourceBufferPrivateAVFObjC):
(WebCore::SourceBufferPrivateAVFObjC::append): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@168974 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/Modules/mediasource/SourceBuffer.cpp
Source/WebCore/Modules/mediasource/SourceBuffer.h
Source/WebCore/platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm
Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h
Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm