Fix a crash in the webaudio source provider when the audio track is going away.
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Dec 2013 13:58:39 +0000 (13:58 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Dec 2013 13:58:39 +0000 (13:58 +0000)
https://bugs.webkit.org/show_bug.cgi?id=124975

Patch by Nick Diego Yamane <nick.yamane@openbossa.org> on 2013-12-02
Reviewed by Philippe Normand.

Merged https://chromium.googlesource.com/chromium/blink/+/b21838b32bf11b1a972dfc449ddde71115490c23

Before this patch, it was hitting a use-after-free crash  when the audio
track in the media stream is going away and the webaudio mediastreamsourcenode
is still running.

* Modules/webaudio/AudioContext.cpp:
(WebCore::AudioContext::createMediaStreamSource): Passing audio track
pointer to MediaStreamAudioSourceNode constructor.
* Modules/webaudio/MediaStreamAudioSourceNode.cpp:
(WebCore::MediaStreamAudioSourceNode::create):
(WebCore::MediaStreamAudioSourceNode::MediaStreamAudioSourceNode):
* Modules/webaudio/MediaStreamAudioSourceNode.h: Added
MediaStreamTrack class variable and change the constructor to receive
it as parameter.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@159931 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/Modules/webaudio/AudioContext.cpp
Source/WebCore/Modules/webaudio/MediaStreamAudioSourceNode.cpp
Source/WebCore/Modules/webaudio/MediaStreamAudioSourceNode.h

index ea088f1..3eefc0b 100644 (file)
@@ -1,3 +1,26 @@
+2013-12-02  Nick Diego Yamane  <nick.yamane@openbossa.org>
+
+        Fix a crash in the webaudio source provider when the audio track is going away.
+        https://bugs.webkit.org/show_bug.cgi?id=124975
+
+        Reviewed by Philippe Normand.
+
+        Merged https://chromium.googlesource.com/chromium/blink/+/b21838b32bf11b1a972dfc449ddde71115490c23
+
+        Before this patch, it was hitting a use-after-free crash  when the audio
+        track in the media stream is going away and the webaudio mediastreamsourcenode
+        is still running.
+
+        * Modules/webaudio/AudioContext.cpp:
+        (WebCore::AudioContext::createMediaStreamSource): Passing audio track
+        pointer to MediaStreamAudioSourceNode constructor.
+        * Modules/webaudio/MediaStreamAudioSourceNode.cpp:
+        (WebCore::MediaStreamAudioSourceNode::create):
+        (WebCore::MediaStreamAudioSourceNode::MediaStreamAudioSourceNode):
+        * Modules/webaudio/MediaStreamAudioSourceNode.h: Added
+        MediaStreamTrack class variable and change the constructor to receive
+        it as parameter.
+
 2013-12-02  Andrzej Badowski  <a.badowski@samsung.com>
 
         [ATK] Support active state for listbox elements.
index e8acf6b..2073cd7 100644 (file)
@@ -417,20 +417,21 @@ PassRefPtr<MediaStreamAudioSourceNode> AudioContext::createMediaStreamSource(Med
     AudioSourceProvider* provider = 0;
 
     Vector<RefPtr<MediaStreamTrack>> audioTracks = mediaStream->getAudioTracks();
+    RefPtr<MediaStreamTrack> audioTrack;
+
     // FIXME: get a provider for non-local MediaStreams (like from a remote peer).
     for (size_t i = 0; i < audioTracks.size(); ++i) {
-        RefPtr<MediaStreamTrack> localAudio = audioTracks[i];
-        if (!localAudio->source()->isAudioStreamSource())
-            continue;
-
-        MediaStreamAudioSource* source = static_cast<MediaStreamAudioSource*>(localAudio->source());
-        ASSERT(!source->deviceId().isEmpty());
-        destination()->enableInput(source->deviceId());
-        provider = destination()->localAudioInputProvider();
-        break;
+        audioTrack = audioTracks[i];
+        if (audioTrack->source()->isAudioStreamSource()) {
+            auto source = static_cast<MediaStreamAudioSource*>(audioTrack->source());
+            ASSERT(!source->deviceId().isEmpty());
+            destination()->enableInput(source->deviceId());
+            provider = destination()->localAudioInputProvider();
+            break;
+        }
     }
 
-    RefPtr<MediaStreamAudioSourceNode> node = MediaStreamAudioSourceNode::create(this, mediaStream, provider);
+    RefPtr<MediaStreamAudioSourceNode> node = MediaStreamAudioSourceNode::create(this, mediaStream, audioTrack.get(), provider);
 
     // FIXME: Only stereo streams are supported right now. We should be able to accept multi-channel streams.
     node->setFormat(2, sampleRate());
index a66050a..aa0411b 100644 (file)
 
 namespace WebCore {
 
-PassRefPtr<MediaStreamAudioSourceNode> MediaStreamAudioSourceNode::create(AudioContext* context, MediaStream* mediaStream, AudioSourceProvider* audioSourceProvider)
+PassRefPtr<MediaStreamAudioSourceNode> MediaStreamAudioSourceNode::create(AudioContext* context, MediaStream* mediaStream, MediaStreamTrack* audioTrack, AudioSourceProvider* audioSourceProvider)
 {
-    return adoptRef(new MediaStreamAudioSourceNode(context, mediaStream, audioSourceProvider));
+    return adoptRef(new MediaStreamAudioSourceNode(context, mediaStream, audioTrack, audioSourceProvider));
 }
 
-MediaStreamAudioSourceNode::MediaStreamAudioSourceNode(AudioContext* context, MediaStream* mediaStream, AudioSourceProvider* audioSourceProvider)
+MediaStreamAudioSourceNode::MediaStreamAudioSourceNode(AudioContext* context, MediaStream* mediaStream, MediaStreamTrack* audioTrack, AudioSourceProvider* audioSourceProvider)
     : AudioNode(context, context->sampleRate())
     , m_mediaStream(mediaStream)
+    , m_audioTrack(audioTrack)
     , m_audioSourceProvider(audioSourceProvider)
     , m_sourceNumberOfChannels(0)
 {
index 56256e9..1b24f67 100644 (file)
@@ -41,7 +41,7 @@ class AudioContext;
 
 class MediaStreamAudioSourceNode : public AudioNode, public AudioSourceProviderClient {
 public:
-    static PassRefPtr<MediaStreamAudioSourceNode> create(AudioContext*, MediaStream*, AudioSourceProvider*);
+    static PassRefPtr<MediaStreamAudioSourceNode> create(AudioContext*, MediaStream*, MediaStreamTrack*, AudioSourceProvider*);
 
     virtual ~MediaStreamAudioSourceNode();
 
@@ -57,7 +57,7 @@ public:
     AudioSourceProvider* audioSourceProvider() const { return m_audioSourceProvider; }
 
 private:
-    MediaStreamAudioSourceNode(AudioContext*, MediaStream*, AudioSourceProvider*);
+    MediaStreamAudioSourceNode(AudioContext*, MediaStream*, MediaStreamTrack*, AudioSourceProvider*);
 
     virtual double tailTime() const OVERRIDE { return 0; }
     virtual double latencyTime() const OVERRIDE { return 0; }
@@ -66,6 +66,7 @@ private:
     virtual bool propagatesSilence() const OVERRIDE { return false; }
 
     RefPtr<MediaStream> m_mediaStream;
+    RefPtr<MediaStreamTrack> m_audioTrack;
     AudioSourceProvider* m_audioSourceProvider;
 
     Mutex m_processLock;