Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(241)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1438153002: Fix leak of RTCPeerConnectionHandler if PeerConnection.close() is called from js. (Closed)

Created:
5 years, 1 month ago by perkj_chrome
Modified:
5 years, 1 month ago
CC:
chromium-reviews, darin-cc_chromium.org, feature-media-reviews_chromium.org, jam, mcasas+watch_chromium.org, mkwst+moarreviews-renderer_chromium.org, mlamouri+watch-content_chromium.org, posciak+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix leak of RTCPeerConnectionHandler if PeerConnection.close() is called from js. This fixes a bug where RTCPeerConnectionHandler::client_ is set to null when RTCPeerConnectionHandler.stop() is called. RTCPeerConnectionHandler.stop() is a pretty bad name (override from blink::WebRTCPeerConnectionHandler) since it is triggered when JS or the browser process want to close a PeerConnection. Since client_ was set to null, RTCPeerConnectionHandler::DestructAllHandlers did not delete RTCPeerConnectionHandler. BUG=542132 Committed: https://crrev.com/9596af111d9e82b0e27c9fab01fa688515623b1f Cr-Commit-Position: refs/heads/master@{#359334}

Patch Set 1 #

Patch Set 2 : Simple unittest of DestructAllHandlers #

Total comments: 10

Patch Set 3 : Addressed comments. #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+30 lines, -18 lines) Patch
M content/renderer/media/rtc_peer_connection_handler.h View 1 2 1 chunk +8 lines, -2 lines 0 comments Download
M content/renderer/media/rtc_peer_connection_handler.cc View 1 2 12 chunks +17 lines, -16 lines 2 comments Download
M content/renderer/media/rtc_peer_connection_handler_unittest.cc View 1 1 chunk +5 lines, -0 lines 0 comments Download

Messages

Total messages: 14 (4 generated)
perkj_chrome
Can you please take a look?
5 years, 1 month ago (2015-11-12 09:57:07 UTC) #2
tommi (sloooow) - chröme
lgtm with a few nits https://codereview.chromium.org/1438153002/diff/20001/content/renderer/media/rtc_peer_connection_handler.cc File content/renderer/media/rtc_peer_connection_handler.cc (right): https://codereview.chromium.org/1438153002/diff/20001/content/renderer/media/rtc_peer_connection_handler.cc#newcode822 content/renderer/media/rtc_peer_connection_handler.cc:822: std::set<RTCPeerConnectionHandler*> handlers( do we ...
5 years, 1 month ago (2015-11-12 14:53:19 UTC) #3
perkj_chrome
https://codereview.chromium.org/1438153002/diff/20001/content/renderer/media/rtc_peer_connection_handler.cc File content/renderer/media/rtc_peer_connection_handler.cc (right): https://codereview.chromium.org/1438153002/diff/20001/content/renderer/media/rtc_peer_connection_handler.cc#newcode822 content/renderer/media/rtc_peer_connection_handler.cc:822: std::set<RTCPeerConnectionHandler*> handlers( On 2015/11/12 14:53:19, tommi wrote: > do ...
5 years, 1 month ago (2015-11-12 15:48:38 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1438153002/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1438153002/40001
5 years, 1 month ago (2015-11-12 15:49:11 UTC) #7
commit-bot: I haz the power
Committed patchset #3 (id:40001)
5 years, 1 month ago (2015-11-12 17:08:35 UTC) #8
commit-bot: I haz the power
Patchset 3 (id:??) landed as https://crrev.com/9596af111d9e82b0e27c9fab01fa688515623b1f Cr-Commit-Position: refs/heads/master@{#359334}
5 years, 1 month ago (2015-11-12 20:08:03 UTC) #9
perkj_chrome
A revert of this CL (patchset #3 id:40001) has been created in https://codereview.chromium.org/1442063002/ by perkj@chromium.org. ...
5 years, 1 month ago (2015-11-13 16:19:10 UTC) #10
Taylor_Brandstetter
https://codereview.chromium.org/1438153002/diff/40001/content/renderer/media/rtc_peer_connection_handler.cc File content/renderer/media/rtc_peer_connection_handler.cc (right): https://codereview.chromium.org/1438153002/diff/40001/content/renderer/media/rtc_peer_connection_handler.cc#newcode1385 content/renderer/media/rtc_peer_connection_handler.cc:1385: if (!is_closed_ || !native_peer_connection_.get()) Should be "is_closed", not "!is_closed". ...
5 years, 1 month ago (2015-11-13 18:45:29 UTC) #12
tommi (sloooow) - chröme
https://codereview.chromium.org/1438153002/diff/40001/content/renderer/media/rtc_peer_connection_handler.cc File content/renderer/media/rtc_peer_connection_handler.cc (right): https://codereview.chromium.org/1438153002/diff/40001/content/renderer/media/rtc_peer_connection_handler.cc#newcode1385 content/renderer/media/rtc_peer_connection_handler.cc:1385: if (!is_closed_ || !native_peer_connection_.get()) On 2015/11/13 18:45:29, Taylor_Brandstetter wrote: ...
5 years, 1 month ago (2015-11-13 18:57:23 UTC) #13
perkj_chrome
5 years, 1 month ago (2015-11-15 20:18:20 UTC) #14
Message was sent while issue was closed. 
On 2015/11/13 18:57:23, tommi wrote:
>
https://codereview.chromium.org/1438153002/diff/40001/content/renderer/media/...
> File content/renderer/media/rtc_peer_connection_handler.cc (right):
> 
>
https://codereview.chromium.org/1438153002/diff/40001/content/renderer/media/...
> content/renderer/media/rtc_peer_connection_handler.cc:1385: if (!is_closed_ ||
> !native_peer_connection_.get())
> On 2015/11/13 18:45:29, Taylor_Brandstetter wrote:
> > Should be "is_closed", not "!is_closed". I think this is the source of the
> > clusterfuzz crashes. The PC is never actually being closed because of this,
> and
> > so observer objects are being dereferenced after being destroyed.
> 
> well spotted! :)

and embarrassing for me. But yes, well spotted.

Powered by Google App Engine
This is Rietveld 408576698