DescriptionFix heap-use-after-free issue with WebAudioCapturerSource.
WebAudioCapturerSource registers with a blink WebMediaStreamSource.
When the audio track was stopped, the WebAudioCapturerSource was
destroyed and the WebMediaStreamSource was left with a dangling
pointer, which it tried to use, resulting in access to freed
memory and usually a crashed tab.
This CL makes WebAudioCapturerSource aware of the WebMediaStreamSource
with which it is registered, so that it can be deregistered when the
audio track is stopped.
BUG=473253
TEST=See testcase.html in crbug.com/473253
Review URL: https://codereview.chromium.org/1071063005
Cr-Commit-Position: refs/heads/master@{#324622}
(cherry picked from commit 228cd9447121ede4d32ab48c8dfe066736cfdae2)
R=guidou@chromium.org
TBR=henrika, perkj
Patch Set 1 #
Messages
Total messages: 4 (1 generated)
|