Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(282)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1829563002: Handle early destruction of CanvasCaptureHandler (Closed)

Created:
4 years, 9 months ago by emircan
Modified:
4 years, 9 months ago
Reviewers:
mcasas
CC:
chromium-reviews, mlamouri+watch-content_chromium.org, posciak+watch_chromium.org, jam, mcasas+watch_chromium.org, feature-media-reviews_chromium.org, darin-cc_chromium.org, mkwst+moarreviews-renderer_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Handle early destruction of CanvasCaptureHandler Fuzz testing showed that CanvasCaptureHandler can be destructed earlier than CanvasCaptureHandler::VideoCapturerSource. Both instances are owned by Blink side objects, and destruction sequence might be different(oilpan). CanvasCaptureHandler invalidates weakptrs in dtor() on main_render_thread. We can check if weakptr is valid in StopCapture() that also runs on main_render_thread. BUG=597077 TEST=Added unittest "DestructHandler" to reproduce the fuzz case. Committed: https://crrev.com/7dc969b13dd7747c575ee60d8e2e498da60d3ea8 Cr-Commit-Position: refs/heads/master@{#382966}

Patch Set 1 #

Total comments: 8

Patch Set 2 : #

Unified diffs Side-by-side diffs Delta from patch set Stats (+25 lines, -12 lines) Patch
M content/renderer/media/canvas_capture_handler.h View 1 1 chunk +0 lines, -4 lines 0 comments Download
M content/renderer/media/canvas_capture_handler.cc View 1 3 chunks +11 lines, -8 lines 0 comments Download
M content/renderer/media/canvas_capture_handler_unittest.cc View 1 chunk +14 lines, -0 lines 0 comments Download

Messages

Total messages: 13 (6 generated)
emircan
PTAL.
4 years, 9 months ago (2016-03-23 01:52:25 UTC) #3
mcasas
https://codereview.chromium.org/1829563002/diff/1/content/renderer/media/canvas_capture_handler.cc File content/renderer/media/canvas_capture_handler.cc (right): https://codereview.chromium.org/1829563002/diff/1/content/renderer/media/canvas_capture_handler.cc#newcode26 content/renderer/media/canvas_capture_handler.cc:26: class CanvasCaptureHandler::VideoCapturerSource nit: could you add a comment saying ...
4 years, 9 months ago (2016-03-23 17:54:30 UTC) #4
emircan
https://codereview.chromium.org/1829563002/diff/1/content/renderer/media/canvas_capture_handler.cc File content/renderer/media/canvas_capture_handler.cc (right): https://codereview.chromium.org/1829563002/diff/1/content/renderer/media/canvas_capture_handler.cc#newcode26 content/renderer/media/canvas_capture_handler.cc:26: class CanvasCaptureHandler::VideoCapturerSource On 2016/03/23 17:54:30, mcasas wrote: > nit: ...
4 years, 9 months ago (2016-03-23 22:12:03 UTC) #5
mcasas
LGTM - let's monitor the cluster fuzz before marking the bug as fixed.
4 years, 9 months ago (2016-03-23 22:28:20 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1829563002/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1829563002/20001
4 years, 9 months ago (2016-03-23 23:06:51 UTC) #9
commit-bot: I haz the power
Committed patchset #2 (id:20001)
4 years, 9 months ago (2016-03-23 23:12:56 UTC) #11
commit-bot: I haz the power
4 years, 9 months ago (2016-03-23 23:14:07 UTC) #13
Message was sent while issue was closed. 
Patchset 2 (id:??) landed as
https://crrev.com/7dc969b13dd7747c575ee60d8e2e498da60d3ea8
Cr-Commit-Position: refs/heads/master@{#382966}

Powered by Google App Engine
This is Rietveld 408576698