[Webkit-unassigned] [Bug 258129] New: REGRESSION(264515 at main): [GStreamer] Use of WeakPtr for m_player in MediaPlayerPrivateGStreamer looks unsafe

Thu Jun 15 07:02:02 PDT 2023

https://bugs.webkit.org/show_bug.cgi?id=258129

            Bug ID: 258129
           Summary: REGRESSION(264515 at main): [GStreamer] Use of WeakPtr
                    for m_player in MediaPlayerPrivateGStreamer looks
                    unsafe
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at redhat.com

Moving this from bug #254954.  I'm not sure that changing m_player to be a WeakPtr is actually safe to do without auditing its usage further. For example, in MediaPlayerPrivateGStreamer::handleNeedContextMessage, we have:

gst_structure_set(contextStructure, "player", G_TYPE_POINTER, m_player.get(), nullptr);
gst_element_set_context(GST_ELEMENT(GST_MESSAGE_SRC(message)), context.get());

So now it's stored dereferenced for what I assume is the lifetime of this GstMessage, and the WeakPtr provides no protection against invalidation. So probably it's not safe to use WeakPtr.

This should be looked at more closely.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230615/474c83d1/attachment-0001.htm>