Fix race in AudioRendererHost around render frame ID validation.

content/browser/renderer_host/media/audio_renderer_host.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // AudioRendererHost serves audio related requests from AudioRenderer which
 // lives inside the render process and provide access to audio hardware.
 //
 // This class is owned by RenderProcessHostImpl, and instantiated on UI
 // thread, but all other operations and method calls happen on IO thread, so we
 // need to be extra careful about the lifetime of this object. AudioManager is a
@@ skipping 170 matching lines @@
                           const url::Origin& security_origin,
                           base::TimeTicks auth_start_time,
                           bool have_access);
 
   // Proceed with device authorization after translating device ID.
   void OnDeviceIDTranslated(int stream_id,
                             base::TimeTicks auth_start_time,
                             bool device_found,
                             const AudioOutputDeviceInfo& device_info);
 
-  // Start the actual creation of an audio stream, after the device
-  // authorization process is complete.
-  void DoCreateStream(int stream_id,
-                      int render_frame_id,
-                      const media::AudioParameters& params,
-                      const std::string& device_unique_id,
-                      bool render_frame_id_is_valid);
-
   // Complete the process of creating an audio stream. This will set up the
   // shared memory or shared socket in low latency mode and send the
   // NotifyStreamCreated message to the peer.
   void DoCompleteCreation(int stream_id);
 
+  // Called after the |render_frame_id| provided to OnCreateStream() was
+  // validated. When |is_valid| is false, this calls ReportErrorAndClose().
+  void DidValidateRenderFrame(int stream_id, bool is_valid);
+
   // Send playing/paused status to the renderer.
   void DoNotifyStreamStateChanged(int stream_id, bool is_playing);
 
   RenderProcessHost::AudioOutputControllerList DoGetOutputControllers() const;
 
   // Send an error message to the renderer.
   void SendErrorMessage(int stream_id);
 
   // Delete an audio entry, notifying observers first.  This is called by
   // AudioOutputController after it has closed.
@@ skipping 24 matching lines @@
   // Translate the hashed |device_id| to a unique device ID.
   void TranslateDeviceID(const std::string& device_id,
                          const url::Origin& security_origin,
                          const OutputDeviceInfoCB& callback,
                          const AudioOutputDeviceEnumeration& enumeration);
 
   // Helper method to check if the authorization procedure for stream
   // |stream_id| has started.
   bool IsAuthorizationStarted(int stream_id);
 
-#if DCHECK_IS_ON()
   // Called from AudioRendererHostTest to override the function that checks for
   // the existence of the RenderFrameHost at stream creation time.
   void set_render_frame_id_validate_function_for_testing(
       ValidateRenderFrameIdFunction function) {
     validate_render_frame_id_function_ = function;
   }
-#endif  // DCHECK_IS_ON()
 
   // ID of the RenderProcessHost that owns this instance.
   const int render_process_id_;
 
   media::AudioManager* const audio_manager_;
   AudioMirroringManager* const mirroring_manager_;
   std::unique_ptr<media::AudioLog> audio_log_;
 
   // Used to access to AudioInputDeviceManager.
   MediaStreamManager* media_stream_manager_;
 
   // A map of stream IDs to audio sources.
   AudioEntryMap audio_entries_;
 
   // The number of streams in the playing state. Atomic read safe from any
   // thread, but should only be updated from the IO thread.
   base::AtomicRefCount num_playing_streams_;
 
   // Salt required to translate renderer device IDs to raw device unique IDs
   std::string salt_;
 
   // Map of device authorizations for streams that are not yet created
   // The key is the stream ID, and the value is a pair. The pair's first element
   // is a bool that is true if the authorization process completes successfully.
   // The second element contains the unique ID of the authorized device.
   std::map<int, std::pair<bool, std::string>> authorizations_;
 
-#if DCHECK_IS_ON()
-  // When DCHECKs are turned on, AudioRendererHost will call this function on
-  // the UI thread to validate render frame IDs. A default is set by the
+  // At stream creation time, AudioRendererHost will call this function on the
+  // UI thread to validate render frame IDs. A default is set by the
   // constructor, but this can be overridden by unit tests.
   ValidateRenderFrameIdFunction validate_render_frame_id_function_;
-#endif  // DCHECK_IS_ON()
 
   // The maximum number of simultaneous streams during the lifetime of this
   // host. Reported as UMA stat at shutdown.
   size_t max_simultaneous_streams_;
 
   DISALLOW_COPY_AND_ASSIGN(AudioRendererHost);
 };
 
 }  // namespace content
 
 #endif  // CONTENT_BROWSER_RENDERER_HOST_MEDIA_AUDIO_RENDERER_HOST_H_