Bug 172352 - NavigatorEME: null RefPtr<> dereference due to different calling conventions
Summary: NavigatorEME: null RefPtr<> dereference due to different calling conventions
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Zan Dobersek
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-19 03:09 PDT by Zan Dobersek
Modified: 2017-05-22 09:58 PDT (History)
2 users (show)

See Also:


Attachments
Patch (2.50 KB, patch)
2017-05-19 03:14 PDT, Zan Dobersek
no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews115 for mac-elcapitan (1.57 MB, application/zip)
2017-05-19 06:06 PDT, Build Bot
no flags Details
Patch (2.58 KB, patch)
2017-05-21 13:27 PDT, Zan Dobersek
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Zan Dobersek 2017-05-19 03:09:17 PDT
NavigatorEME: null RefPtr<> dereference due to different calling conventions
Comment 1 Zan Dobersek 2017-05-19 03:14:06 PDT
Created attachment 310643 [details]
Patch
Comment 2 Carlos Garcia Campos 2017-05-19 05:34:51 PDT
Comment on attachment 310643 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=310643&action=review

> Source/WebCore/Modules/encryptedmedia/NavigatorEME.cpp:92
> +                const Sting& keySystem = implementation->keySystem();

How can this build? Sting -> String Are we really copying it when using const String&
Comment 3 Build Bot 2017-05-19 06:06:38 PDT
Comment on attachment 310643 [details]
Patch

Attachment 310643 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/3776143

New failing tests:
imported/w3c/web-platform-tests/media-source/mediasource-buffered.html
Comment 4 Build Bot 2017-05-19 06:06:41 PDT
Created attachment 310650 [details]
Archive of layout-test-results from ews115 for mac-elcapitan

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews115  Port: mac-elcapitan  Platform: Mac OS X 10.11.6
Comment 5 Zan Dobersek 2017-05-19 06:18:04 PDT
Comment on attachment 310643 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=310643&action=review

>> Source/WebCore/Modules/encryptedmedia/NavigatorEME.cpp:92
>> +                const Sting& keySystem = implementation->keySystem();
> 
> How can this build? Sting -> String Are we really copying it when using const String&

Initially it was copying it. Changed it to a reference before uploading, forgot to update the comment, and didn't recompile after the change.
Comment 6 Zan Dobersek 2017-05-21 13:27:38 PDT
Created attachment 310816 [details]
Patch
Comment 7 Carlos Garcia Campos 2017-05-21 23:27:52 PDT
Comment on attachment 310816 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=310816&action=review

> Source/WebCore/Modules/encryptedmedia/NavigatorEME.cpp:92
> +                // Obtain reference to the key system string before the `implementation` RefPtr<> is cleared out.
> +                const String& keySystem = implementation->keySystem();

I understand now, we are releasing the RefPtr<>, but not implementation that is transferred to the MediaKeySystemAccess, that's why we don't need to copy. Right?
Comment 8 Zan Dobersek 2017-05-22 09:57:45 PDT
Comment on attachment 310816 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=310816&action=review

>> Source/WebCore/Modules/encryptedmedia/NavigatorEME.cpp:92
>> +                const String& keySystem = implementation->keySystem();
> 
> I understand now, we are releasing the RefPtr<>, but not implementation that is transferred to the MediaKeySystemAccess, that's why we don't need to copy. Right?

Right, the CDM object is still on the heap, it's only RefPtr<> that is invalidated.
Comment 9 Zan Dobersek 2017-05-22 09:58:29 PDT
Comment on attachment 310816 [details]
Patch

Clearing flags on attachment: 310816

Committed r217220: <http://trac.webkit.org/changeset/217220>
Comment 10 Zan Dobersek 2017-05-22 09:58:34 PDT
All reviewed patches have been landed.  Closing bug.