[webkit-changes] [WebKit/WebKit] 56b164: REGRESSION(272969 at main): Null-deref crash in Sourc...
Jer Noble
noreply at github.com
Thu Feb 8 16:25:04 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 56b164c3ab85e41d500f1ebe5868247c0aeb81f1
https://github.com/WebKit/WebKit/commit/56b164c3ab85e41d500f1ebe5868247c0aeb81f1
Author: Jer Noble <jer.noble at apple.com>
Date: 2024-02-08 (Thu, 08 Feb 2024)
Changed paths:
M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h
M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm
Log Message:
-----------
REGRESSION(272969 at main): Null-deref crash in SourceBufferPrivateAVFObjC::trackDidChangeEnabled
https://bugs.webkit.org/show_bug.cgi?id=268921
rdar://122444388
Reviewed by Eric Carlson.
The WebAVSampleBufferListener m_listener is invalidated and destroyed in SourceBufferPrivateAVFObjC::destroyRenderers(),
and is never recreated. It is subsequently used without nil-checking the next time a renderer is recreated. Rather than
destroying and re-creating whenever renderers are destroyed and created, make it a Ref<> object whose lifetime is the same
(or longer) as the object which owns it.
* Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
* Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
(WebCore::SourceBufferPrivateAVFObjC::~SourceBufferPrivateAVFObjC):
(WebCore::SourceBufferPrivateAVFObjC::destroyRenderers):
Canonical link: https://commits.webkit.org/274323@main
More information about the webkit-changes
mailing list