Bug 123343
| Summary: | UserMediaRequest use-after-free | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Philippe Normand <pnormand> |
| Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | CC: | eric.carlson, thiago.lacerda |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Philippe Normand
The request created in NavigatorMediaStream::webkitGetUserMedia() is freed too early. I wonder if we should make it a unique_ptr.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Philippe Normand
Eric and Thiago, have you seen this issue as well?
The life cycle of the request is not very clear to me.
Philippe Normand
Turns out this can be fixed by storing the requests correctly as RefPtrs (not raw pointers) in the UserMediaRequestManager (implemented in bug 123158).
Thanks Eric for the help and advice :)