Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(406)

Side by Side Diff: content/renderer/media/webaudio_capturer_source.h

Issue 1071063005: Fix heap-use-after-free issue with WebAudioCapturerSource. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Improvements in the comments, as suggested by henrika@ Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_RENDERER_MEDIA_WEBAUDIO_CAPTURER_SOURCE_H_ 5 #ifndef CONTENT_RENDERER_MEDIA_WEBAUDIO_CAPTURER_SOURCE_H_
6 #define CONTENT_RENDERER_MEDIA_WEBAUDIO_CAPTURER_SOURCE_H_ 6 #define CONTENT_RENDERER_MEDIA_WEBAUDIO_CAPTURER_SOURCE_H_
7 7
8 #include "base/memory/ref_counted.h" 8 #include "base/memory/ref_counted.h"
9 #include "base/synchronization/lock.h" 9 #include "base/synchronization/lock.h"
10 #include "base/threading/thread_checker.h" 10 #include "base/threading/thread_checker.h"
11 #include "media/audio/audio_parameters.h" 11 #include "media/audio/audio_parameters.h"
12 #include "media/base/audio_capturer_source.h" 12 #include "media/base/audio_capturer_source.h"
13 #include "media/base/audio_fifo.h" 13 #include "media/base/audio_fifo.h"
14 #include "third_party/WebKit/public/platform/WebAudioDestinationConsumer.h" 14 #include "third_party/WebKit/public/platform/WebAudioDestinationConsumer.h"
15 #include "third_party/WebKit/public/platform/WebMediaStreamSource.h"
15 #include "third_party/WebKit/public/platform/WebVector.h" 16 #include "third_party/WebKit/public/platform/WebVector.h"
16 17
17 namespace content { 18 namespace content {
18 19
19 class WebRtcLocalAudioTrack; 20 class WebRtcLocalAudioTrack;
20 21
21 // WebAudioCapturerSource is the missing link between 22 // WebAudioCapturerSource is the missing link between
22 // WebAudio's MediaStreamAudioDestinationNode and WebRtcLocalAudioTrack. 23 // WebAudio's MediaStreamAudioDestinationNode and WebRtcLocalAudioTrack.
23 // 24 //
24 // 1. WebKit calls the setFormat() method setting up the basic stream format 25 // 1. WebKit calls the setFormat() method setting up the basic stream format
25 // (channels, and sample-rate). 26 // (channels, and sample-rate).
26 // 2. consumeAudio() is called periodically by WebKit which dispatches the 27 // 2. consumeAudio() is called periodically by WebKit which dispatches the
27 // audio stream to the WebRtcLocalAudioTrack::Capture() method. 28 // audio stream to the WebRtcLocalAudioTrack::Capture() method.
28 class WebAudioCapturerSource 29 class WebAudioCapturerSource
29 : public base::RefCountedThreadSafe<WebAudioCapturerSource>, 30 : public base::RefCountedThreadSafe<WebAudioCapturerSource>,
30 public blink::WebAudioDestinationConsumer { 31 public blink::WebAudioDestinationConsumer {
31 public: 32 public:
32 WebAudioCapturerSource(); 33 explicit WebAudioCapturerSource(
34 const blink::WebMediaStreamSource& blink_source);
33 35
34 // WebAudioDestinationConsumer implementation. 36 // WebAudioDestinationConsumer implementation.
35 // setFormat() is called early on, so that we can configure the audio track. 37 // setFormat() is called early on, so that we can configure the audio track.
36 virtual void setFormat(size_t number_of_channels, float sample_rate) override; 38 virtual void setFormat(size_t number_of_channels, float sample_rate) override;
37 // MediaStreamAudioDestinationNode periodically calls consumeAudio(). 39 // MediaStreamAudioDestinationNode periodically calls consumeAudio().
38 // Called on the WebAudio audio thread. 40 // Called on the WebAudio audio thread.
39 virtual void consumeAudio(const blink::WebVector<const float*>& audio_data, 41 virtual void consumeAudio(const blink::WebVector<const float*>& audio_data,
40 size_t number_of_frames) override; 42 size_t number_of_frames) override;
41 43
42 // Called when the WebAudioCapturerSource is hooking to a media audio track. 44 // Called when the WebAudioCapturerSource is hooking to a media audio track.
43 // |track| is the sink of the data flow. |source_provider| is the source of 45 // |track| is the sink of the data flow. |source_provider| is the source of
44 // the data flow where stream information like delay, volume, key_pressed, 46 // the data flow where stream information like delay, volume, key_pressed,
45 // is stored. 47 // is stored.
46 void Start(WebRtcLocalAudioTrack* track); 48 void Start(WebRtcLocalAudioTrack* track);
47 49
48 // Called when the media audio track is stopping. 50 // Called when the media audio track is stopping.
49 void Stop(); 51 void Stop();
50 52
51 protected: 53 protected:
52 friend class base::RefCountedThreadSafe<WebAudioCapturerSource>; 54 friend class base::RefCountedThreadSafe<WebAudioCapturerSource>;
53 virtual ~WebAudioCapturerSource(); 55 virtual ~WebAudioCapturerSource();
54 56
55 private: 57 private:
58 // Removes this object from a blink::WebMediaStreamSource with which it
59 // might be registered. The goal is to avoid dangling pointers.
60 void removeFromBlinkSource();
61
56 // Used to DCHECK that some methods are called on the correct thread. 62 // Used to DCHECK that some methods are called on the correct thread.
57 base::ThreadChecker thread_checker_; 63 base::ThreadChecker thread_checker_;
58 64
59 // The audio track this WebAudioCapturerSource is feeding data to. 65 // The audio track this WebAudioCapturerSource is feeding data to.
60 // WebRtcLocalAudioTrack is reference counted, and owning this object. 66 // WebRtcLocalAudioTrack is reference counted, and owning this object.
61 // To avoid circular reference, a raw pointer is kept here. 67 // To avoid circular reference, a raw pointer is kept here.
62 WebRtcLocalAudioTrack* track_; 68 WebRtcLocalAudioTrack* track_;
63 69
64 media::AudioParameters params_; 70 media::AudioParameters params_;
65 71
66 // Flag to help notify the |track_| when the audio format has changed. 72 // Flag to help notify the |track_| when the audio format has changed.
67 bool audio_format_changed_; 73 bool audio_format_changed_;
68 74
69 // Wraps data coming from HandleCapture(). 75 // Wraps data coming from HandleCapture().
70 scoped_ptr<media::AudioBus> wrapper_bus_; 76 scoped_ptr<media::AudioBus> wrapper_bus_;
71 77
72 // Bus for reading from FIFO and calling the CaptureCallback. 78 // Bus for reading from FIFO and calling the CaptureCallback.
73 scoped_ptr<media::AudioBus> capture_bus_; 79 scoped_ptr<media::AudioBus> capture_bus_;
74 80
75 // Handles mismatch between WebAudio buffer size and WebRTC. 81 // Handles mismatch between WebAudio buffer size and WebRTC.
76 scoped_ptr<media::AudioFifo> fifo_; 82 scoped_ptr<media::AudioFifo> fifo_;
77 83
78 // Synchronizes HandleCapture() with AudioCapturerSource calls. 84 // Synchronizes HandleCapture() with AudioCapturerSource calls.
79 base::Lock lock_; 85 base::Lock lock_;
80 bool started_; 86 bool started_;
81 87
88 // This object registers with a blink::WebMediaStreamSource. We keep track of
89 // that in order to be able to deregister before stopping the audio track.
90 blink::WebMediaStreamSource blink_source_;
91
82 DISALLOW_COPY_AND_ASSIGN(WebAudioCapturerSource); 92 DISALLOW_COPY_AND_ASSIGN(WebAudioCapturerSource);
83 }; 93 };
84 94
85 } // namespace content 95 } // namespace content
86 96
87 #endif // CONTENT_RENDERER_MEDIA_WEBAUDIO_CAPTURER_SOURCE_H_ 97 #endif // CONTENT_RENDERER_MEDIA_WEBAUDIO_CAPTURER_SOURCE_H_
OLDNEW
« no previous file with comments | « no previous file | content/renderer/media/webaudio_capturer_source.cc » ('j') | content/renderer/media/webaudio_capturer_source.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698