123343 – UserMediaRequest use-after-free

RESOLVED INVALID 123343

UserMediaRequest use-after-free

https://bugs.webkit.org/show_bug.cgi?id=123343

Summary UserMediaRequest use-after-free

Philippe Normand

Reported 2013-10-25 08:08:14 PDT

The request created in NavigatorMediaStream::webkitGetUserMedia() is freed too early. I wonder if we should make it a unique_ptr.

Attachments
Add attachment proposed patch, testcase, etc.

Philippe Normand

Comment 1 2013-10-28 08:25:04 PDT

Eric and Thiago, have you seen this issue as well? The life cycle of the request is not very clear to me.

Philippe Normand

Comment 2 2013-10-28 10:13:17 PDT

Turns out this can be fixed by storing the requests correctly as RefPtrs (not raw pointers) in the UserMediaRequestManager (implemented in bug 123158). Thanks Eric for the help and advice :)

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2013-10-25 08:08 PDT

Modified

2013-10-28 10:13 PDT History

CC List

2 users Show

URL

Keywords

Depends on

Blocks