Skip to site navigation (Press enter)

[webkit-changes] [272839] trunk

darin Sun, 14 Feb 2021 09:19:27 -0800

Title: [272839] trunk

Revision: 272839
Author: da...@apple.com
Date: 2021-02-14 09:18:42 -0800 (Sun, 14 Feb 2021)

Log Message

Crash calling replaceTrack on a sender that outlives its RTCPeerConnection
https://bugs.webkit.org/show_bug.cgi?id=221870


Reviewed by Youenn Fablet.

Source/WebCore:

Test: fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection.html

* Modules/mediastream/RTCRtpSender.cpp:
(WebCore::RTCRtpSender::replaceTrack): Added a null check for m_connection.
It's already using WeakPtr, so null check is all we need.

LayoutTests:

* fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection-expected.txt: Added.
* fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/Modules/mediastream/RTCRtpSender.cpp

Added Paths

trunk/LayoutTests/fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection-expected.txt
trunk/LayoutTests/fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection.html

Diff

Modified: trunk/LayoutTests/ChangeLog (272838 => 272839)


--- trunk/LayoutTests/ChangeLog	2021-02-14 03:04:15 UTC (rev 272838)
+++ trunk/LayoutTests/ChangeLog	2021-02-14 17:18:42 UTC (rev 272839)
@@ -1,3 +1,13 @@
+2021-02-13  Darin Adler  <da...@apple.com>
+
+        Crash calling replaceTrack on a sender that outlives its RTCPeerConnection
+        https://bugs.webkit.org/show_bug.cgi?id=221870
+
+        Reviewed by Youenn Fablet.
+
+        * fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection-expected.txt: Added.
+        * fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection.html: Added.
+
 2021-02-12  Jer Noble  <jer.no...@apple.com>
 
         [Mac] Sound does not play on YouTube after switching back to foreground

Added: trunk/LayoutTests/fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection-expected.txt (0 => 272839)


--- trunk/LayoutTests/fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection-expected.txt	2021-02-14 17:18:42 UTC (rev 272839)
@@ -0,0 +1,10 @@
+Tests that we do not crash when calling replaceTrack on a sender that outlives its RTCPeerConnection.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS Because there was no crash
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection.html (0 => 272839)


--- trunk/LayoutTests/fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection.html	                        (rev 0)
+++ trunk/LayoutTests/fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection.html	2021-02-14 17:18:42 UTC (rev 272839)
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<script>
+description("Tests that we do not crash when calling replaceTrack on a sender that outlives its RTCPeerConnection.");
+let audioContext = new AudioContext();
+let stream = audioContext.createMediaStreamDestination().stream;
+let track = stream.getTracks()[0];
+let connection = new RTCPeerConnection();
+let sender = connection.addTrack(track);
+connection = undefined;
+gc();
+sender.replaceTrack(undefined);
+testPassed("Because there was no crash");
+</script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (272838 => 272839)


--- trunk/Source/WebCore/ChangeLog	2021-02-14 03:04:15 UTC (rev 272838)
+++ trunk/Source/WebCore/ChangeLog	2021-02-14 17:18:42 UTC (rev 272839)
@@ -1,3 +1,16 @@
+2021-02-13  Darin Adler  <da...@apple.com>
+
+        Crash calling replaceTrack on a sender that outlives its RTCPeerConnection
+        https://bugs.webkit.org/show_bug.cgi?id=221870
+
+        Reviewed by Youenn Fablet.
+
+        Test: fast/mediastream/RTCRtpSender-outlives-RTCPeerConnection.html
+
+        * Modules/mediastream/RTCRtpSender.cpp:
+        (WebCore::RTCRtpSender::replaceTrack): Added a null check for m_connection.
+        It's already using WeakPtr, so null check is all we need.
+
 2021-02-13  Sam Weinig  <wei...@apple.com>
 
         Reduce requirements for color types to only conversion to their reference color

Modified: trunk/Source/WebCore/Modules/mediastream/RTCRtpSender.cpp (272838 => 272839)


--- trunk/Source/WebCore/Modules/mediastream/RTCRtpSender.cpp	2021-02-14 03:04:15 UTC (rev 272838)
+++ trunk/Source/WebCore/Modules/mediastream/RTCRtpSender.cpp	2021-02-14 17:18:42 UTC (rev 272839)
@@ -103,6 +103,11 @@
         return;
     }
 
+    if (!m_connection) {
+        promise->reject(InvalidStateError);
+        return;
+    }
+
     m_connection->chainOperation(WTFMove(promise), [this, weakThis = makeWeakPtr(this), withTrack = WTFMove(withTrack)](auto&& promise) mutable {
         if (!weakThis)
             return;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes