Mercurial > mozreview > gecko / changeset / d81ece733839b4bd17f32e5054119f7b8f963036
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1329075 - Fix potential null deref issues in media element track sources. r?jesup draft
authorAndreas Pehrson <pehrsons@gmail.com>
Mon, 09 Jan 2017 17:00:43 +0100
changeset 457697 d81ece733839b4bd17f32e5054119f7b8f963036
parent 457696 686e02514fe8db51ab8d819579636f2c3a2384d8
child 457698 581a12ab6d7d6a988e64802ea3389034b09db8c6
push id40870
push userbmo:pehrson@telenordigital.com
push dateMon, 09 Jan 2017 18:13:44 +0000
reviewersjesup
bugs1329075
milestone53.0a1
Bug 1329075 - Fix potential null deref issues in media element track sources. r?jesup MozReview-Commit-ID: ExUh2magc2z
dom/html/HTMLMediaElement.cpp file | annotate | diff | comparison | revisions 
--- a/dom/html/HTMLMediaElement.cpp
+++ b/dom/html/HTMLMediaElement.cpp
@@ -2928,16 +2928,21 @@ public:
 
   MediaSourceEnum GetMediaSource() const override
   {
     return MediaSourceEnum::Other;
   }
 
   CORSMode GetCORSMode() const override
   {
+    if (!mCapturedTrackSource) {
+      // This could happen during shutdown.
+      return CORS_NONE;
+    }
+
     return mCapturedTrackSource->GetCORSMode();
   }
 
   void Stop() override
   {
     if (mElement && mElement->mSrcStream) {
       // Only notify if we're still playing the source stream. GC might have
       // cleared it before the track sources.
@@ -2946,16 +2951,21 @@ public:
     mElement = nullptr;
     mOwningStream = nullptr;
 
     Destroy();
   }
 
   void PrincipalChanged() override
   {
+    if (!mCapturedTrackSource) {
+      // This could happen during shutdown.
+      return;
+    }
+
     mPrincipal = mCapturedTrackSource->GetPrincipal();
     MediaStreamTrackSource::PrincipalChanged();
   }
 
 private:
   virtual ~StreamCaptureTrackSource() {}
 
   RefPtr<HTMLMediaElement> mElement;
@@ -2991,29 +3001,36 @@ public:
     , mElement(aElement)
   {
     MOZ_ASSERT(mElement);
     mElement->AddDecoderPrincipalChangeObserver(this);
   }
 
   void Destroy() override
   {
-    MOZ_ASSERT(mElement);
-    DebugOnly<bool> res = mElement->RemoveDecoderPrincipalChangeObserver(this);
-    NS_ASSERTION(res, "Removing decoder principal changed observer failed. "
-                      "Had it already been removed?");
+    if (mElement) {
+      DebugOnly<bool> res = mElement->RemoveDecoderPrincipalChangeObserver(this);
+      NS_ASSERTION(res, "Removing decoder principal changed observer failed. "
+                        "Had it already been removed?");
+      mElement = nullptr;
+    }
   }
 
   MediaSourceEnum GetMediaSource() const override
   {
     return MediaSourceEnum::Other;
   }
 
   CORSMode GetCORSMode() const override
   {
+    if (!mElement) {
+      MOZ_ASSERT(false, "Should always have an element if in use");
+      return CORS_NONE;
+    }
+
     return mElement->GetCORSMode();
   }
 
   void Stop() override
   {
     // We don't notify the source that a track was stopped since it will keep
     // producing tracks until the element ends. The decoder also needs the
     // tracks it created to be live at the source since the decoder's clock is
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.