Bug 187256 - Allow to remove MediaStreamPrivate observers when iterating over observers
Summary: Allow to remove MediaStreamPrivate observers when iterating over observers
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebRTC (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: youenn fablet
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-07-02 10:28 PDT by youenn fablet
Modified: 2018-11-14 11:48 PST (History)
5 users (show)

See Also:


Attachments
Patch (5.82 KB, patch)
2018-11-14 07:15 PST, youenn fablet
no flags Details | Formatted Diff | Diff
Patch for landing (5.98 KB, patch)
2018-11-14 09:11 PST, youenn fablet
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description youenn fablet 2018-07-02 10:28:53 PDT
This will make code clearer to understand
Comment 1 youenn fablet 2018-11-14 07:15:57 PST
Created attachment 354806 [details]
Patch
Comment 2 Eric Carlson 2018-11-14 09:05:41 PST
Comment on attachment 354806 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=354806&action=review

> Source/WebCore/ChangeLog:8
> +        Copy the set of observers in a vector before iterating over it.

Nit: s/in a vector/to a vector/
Comment 3 youenn fablet 2018-11-14 09:11:55 PST
Created attachment 354815 [details]
Patch for landing
Comment 4 Darin Adler 2018-11-14 09:25:06 PST
Comment on attachment 354806 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=354806&action=review

> Source/WebCore/platform/mediastream/MediaStreamPrivate.cpp:99
> +        if (!m_observers.contains(observer))
> +            continue;

This technique is not guaranteed to work. Code could delete an Observer, then allocate a new Observer and the two might coincidentally use the same memory and have the same address. So checking "contains" on a set of weak pointers doesn’t give a guaranteed accurate answer.
Comment 5 WebKit Commit Bot 2018-11-14 09:50:45 PST
Comment on attachment 354815 [details]
Patch for landing

Clearing flags on attachment: 354815

Committed r238181: <https://trac.webkit.org/changeset/238181>
Comment 6 WebKit Commit Bot 2018-11-14 09:50:47 PST
All reviewed patches have been landed.  Closing bug.
Comment 7 Radar WebKit Bug Importer 2018-11-14 09:51:27 PST
<rdar://problem/46065771>
Comment 8 youenn fablet 2018-11-14 11:48:54 PST
(In reply to Darin Adler from comment #4)
> Comment on attachment 354806 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=354806&action=review
> 
> > Source/WebCore/platform/mediastream/MediaStreamPrivate.cpp:99
> > +        if (!m_observers.contains(observer))
> > +            continue;
> 
> This technique is not guaranteed to work. Code could delete an Observer,
> then allocate a new Observer and the two might coincidentally use the same
> memory and have the same address. So checking "contains" on a set of weak
> pointers doesn’t give a guaranteed accurate answer.

True, this adds some potential uncertainty when such collision happens.

I guess we could have a HashSet<WeakPtr<Observer>> to fix this issue.
That would add some additional count churning but maybe this is ok since we are creating a Vector already whenever iterating over observers.

I am unsure whether we should fix this uncertainty.