Google Git
Sign in
chromium / chromium / src / e7e520ba3669bb812732cb0490b204d9df432968
commite7e520ba3669bb812732cb0490b204d9df432968[log] [tgz]
authorMatt Wolenetz <wolenetz@chromium.org>Thu Jun 16 01:01:28 2022
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Jun 16 01:01:28 2022
tree3a9c1c0c0b356083975a2df98f10d28964b6105c
parent334fb112459f785a9d6721f5b332df63fe7262c2 [diff]
MSE-in-Workers: Fix leak of HTMLME+MSE due to strong attachment ref

This change releases the MediaSourceHandle's reference to the CrossThreadMediaSourceAttachment when it is retrieved via TakeAttachment() (formerly named GetAttachment()).

TakeAttachment() is only called from 2 places:
1) HTMLMediaElement::LoadResource : if the retrieved attachment is
   nullptr, then invalid attempt to reuse the attachment is detected
   and usual load failure occurs.
2) Serialization of MediaSourceHandle : if the handle has already been
   serialized or assigned as srcObject, then TakeAttachment() won't be
   called.
The fix for the leak also adjusts the code to handle (1), allowing for
the possibility of a nullptr-valued attachment being retrieved that
leads to media element load failure.

Without this change, if a MediaSourceHandle has been used to attach
via srcObject ever, then the underlying CrossThreadMediaSourceAttachment
will have persistent Oilpan references to both the worker MediaSource and the main thread HTMLMediaElement. Those are only dropped if the refcounted attachment itself is destructed, which cannot happen if there remains any strong reference to it.

BUG=878133
TEST=local build with srcObject part 5 included with this no longer
     reproduces the leak failure that caused revert [1] of part 5.
[1] https://chromium-review.googlesource.com/c/chromium/src/+/3695890

Change-Id: I1403e09dffdfddd4eae240b8e2345bd4672e874a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3704191
Auto-Submit: Matthew Wolenetz <wolenetz@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1014736}
5 files changed
tree: 3a9c1c0c0b356083975a2df98f10d28964b6105c
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. fuchsia_web/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. weblayer/
  52. .clang-format
  53. .clang-tidy
  54. .eslintrc.js
  55. .git-blame-ignore-revs
  56. .gitattributes
  57. .gitignore
  58. .gn
  59. .mailmap
  60. .rustfmt.toml
  61. .vpython
  62. .vpython3
  63. .yapfignore
  64. AUTHORS
  65. BUILD.gn
  66. CODE_OF_CONDUCT.md
  67. codereview.settings
  68. DEPS
  69. DIR_METADATA
  70. ENG_REVIEW_OWNERS
  71. LICENSE
  72. LICENSE.chromium_os
  73. OWNERS
  74. PRESUBMIT.py
  75. PRESUBMIT_test.py
  76. PRESUBMIT_test_mocks.py
  77. README.md
  78. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.