[Webkit-unassigned] [Bug 239485] [WinCairo] Crash while MediaPlayerPrivateMediaFoundation::removeListener in the async callback thread
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 19 00:02:29 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=239485
--- Comment #1 from Fujii Hironori <Hironori.Fujii at sony.com> ---
I don't know how to reproduce this crash and what is the reason.
But, looking at the code, it seems that there is a problem.
On the main thread, m_mediaPlayer is cleared with locking m_mutex.
> void MediaPlayerPrivateMediaFoundation::AsyncCallback::onMediaPlayerDeleted()
> {
> Locker locker { m_mutex };
>
> m_mediaPlayer = nullptr;
> }
However, m_mediaPlayer is accessed without locking the mutex in the async callback thread.
> MediaPlayerPrivateMediaFoundation::AsyncCallback::~AsyncCallback()
> {
> if (m_mediaPlayer)
> m_mediaPlayer->removeListener(this);
> }
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220419/dad8021e/attachment.htm>
More information about the webkit-unassigned
mailing list