Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(39)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2643463002: Fix for Crash in VideoCaptureController::DoNewBufferOnIOThread (Closed)

Created:
3 years, 11 months ago by chfremer
Modified:
3 years, 11 months ago
Reviewers:
emircan, mcasas, miu
CC:
chromium-reviews, posciak+watch_chromium.org, chfremer+watch_chromium.org, jam, feature-media-reviews_chromium.org, darin-cc_chromium.org, mcasas+watch+vc_chromium.org, xjz+watch_chromium.org, miu+watch_chromium.org
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix for Crash in VideoCaptureController::DoNewBufferOnIOThread. Crash reports[1] indicate that it can happen that VideoCaptureController receives frames while its |frame_buffer_pool_| is null. The cause appears to be due to a race condition that I missed in both the original CL[2] and the reland[3], where VideoCaptureController receives a frame before a FrameBufferPool has been set (during device startup) or after FrameBufferPool has been reset to nullptr (during deivce stop). The race condition during startup can only happen if the device delivers frames on a private internal thread different from the "device thread" that calls AllocateAndStart()). Below are example sequences (as indicated by the numbers) where VideoCaptureController would receive frames while FrameBufferPool is null: Device Startup Case IO Thread: 1. Issue CreateAndStartDevice to Device Thread 8. Receive DeviceStarted callback 9. SetFrameBufferPool 6. Receive OnFrame message Device Thread: 2. CreateDevice 3. StartDevice 7. Issue DeviceStarted callback to IO Thread Capture and Delivery Thread: 4. Capture frame 5. Issue OnFrame message to IO Thread Device Stop Case IO Thread: 1. DoStopDevice() 2. SetFrameBufferPool(nullptr) 3. Issue StopDevice request to Device Thread 6. Receive OnFrame message Device Thread: 4. Capture frame 5. Issue OnFrame message to IO Thread 7. StopDevice The fix is to ignore incoming frames when FrameBufferPool is null. BUG=681836 TEST= content_unittests --gtest_filter="*Video*" Apprtc loopback on Debug [2] https://codereview.chromium.org/2551193002/ [3] https://codereview.chromium.org/2613793007/ [1] https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%27browser%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27content%3A%3AVideoCaptureController%3A%3ADoNewBufferOnIOThread%27%20AND%20product.name%3D%27Chrome%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#samplereports:5,productversion:1000 Review-Url: https://codereview.chromium.org/2643463002 Cr-Commit-Position: refs/heads/master@{#444168} Committed: https://chromium.googlesource.com/chromium/src/+/b00a589e9a0e0fee86866d21e8fcf4991e82b468

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+9 lines, -8 lines) Patch
M content/browser/renderer_host/media/video_capture_controller.h View 1 chunk +4 lines, -6 lines 0 comments Download
M content/browser/renderer_host/media/video_capture_controller.cc View 3 chunks +5 lines, -2 lines 0 comments Download

Dependent Patchsets:

Issue 2620763003 Patch 40001

Messages

Total messages: 14 (10 generated)
chfremer
miu@: PTAL mcasas@, emircan@: FYI
3 years, 11 months ago (2017-01-17 20:42:27 UTC) #6
miu
lgtm
3 years, 11 months ago (2017-01-17 22:00:20 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2643463002/1
3 years, 11 months ago (2017-01-17 22:30:30 UTC) #11
commit-bot: I haz the power
3 years, 11 months ago (2017-01-17 22:37:51 UTC) #14
Message was sent while issue was closed. 
Committed patchset #1 (id:1) as
https://chromium.googlesource.com/chromium/src/+/b00a589e9a0e0fee86866d21e8fc...

Powered by Google App Engine
This is Rietveld 408576698