Closed
Bug 1360697
Opened 7 years ago
Closed 7 years ago
VideoParent thread doesn't seem to wait for its channel to close before shutting down
Categories
(Core :: Audio/Video: Playback, enhancement)
Core
Audio/Video: Playback
Tracking
()
RESOLVED
FIXED
mozilla55
| Tracking | Status | |
|---|---|---|
| firefox55 | --- | fixed |
People
(Reporter: billm, Assigned: dvander)
References
Details
Attachments
(1 file)
|
(deleted),
patch
|
billm
:
review+
|
Details | Diff | Splinter Review |
It seems like the VideoParent thread shuts down without waiting for its corresponding protocol to close. It could either wait for ActorDestroy or it could do Close() itself (although it looks like the child is normally responsible for closing). Without doing this, we can end up with messages in the queue that we try to dispatch to a thread that no longer exists, which can trigger UAFs.
|
||
Updated•7 years ago
|
Component: Audio/Video → Audio/Video: Playback
|
Assignee | |
Updated•7 years ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 1•7 years ago
|
||
This uses the same trick as CompositorBridgeParent to ensure that we've not left any dangling MessageChannels. Bill, I'm having trouble reproducing this, are you able to test that it works? (Or, tell me what to run?)
Attachment #8865980 -
Flags: review?(wmccloskey)
|
Reporter | |
Updated•7 years ago
|
Attachment #8865980 -
Flags: review?(wmccloskey) → review+
|
|
Reporter | |
Comment 2•7 years ago
|
||
I think I filed this based on a crash report, but I can't remember now :-(.
Pushed by danderson@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/90cc6db6ad4a
Wait for VideoDecoderManagerParents to shut down before destroying the VideoParent thread. (bug 1360697, r=billm)
|
||
Comment 4•7 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox55:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
|
||
Comment 5•7 years ago
|
||
This doesn't appear thread safe to me. sVideoDecoderManagerThread Is cleared on the main thread while the test of its value is on another.
|
|
Reporter | |
Comment 6•7 years ago
|
||
Which test? The one in VideoDecoderManagerParent::ShutdownThreads happens on the main thread.
|
|
||
Comment 7•7 years ago
|
||
My bad.
Getting too used to having the taskqueue on which a member runs described via assertion I guess. So the current threading model here wasn't clear to me.
You need to log in
before you can comment on or make changes to this bug.
Description
•