[PROBLEM]
TTvdVideoDecoder binds a mailbox release callback to a function called
on a WeakPtr, which in turn calls TTvdVideoDecoderProxy::ReleasePicture
mojo function. However, mailbox release callback is NOT called on the
thread to which weak ptr and mojo interfaces are bound. This results in
a race which sometimes results in a segmentation fault in:
```
#0 0xb2a416b0 in mojo::internal::SendMojoMessage(mojo::MessageReceiver&, mojo::Message&) () from /usr/share/chromium-efl/lib/libchromium-impl.so
#1 0xb133c98c in media::mojom::TTvdVideoDecoderProxy::ReleasePicture(base::UnguessableToken const&, gpu::SyncToken const&) () from /usr/share/chromium-efl/lib/libchromium-impl.so
...
#6 0xb0dfd576 in base::RepeatingCallback<void (bool, base::WaitableEvent*)>::Run(bool, base::WaitableEvent*) && () from /usr/share/chromium-efl/lib/libchromium-impl.so
#7 0xb13763d2 in media::VideoFrame::~VideoFrame() () from /usr/share/chromium-efl/lib/libchromium-impl.so
```
[SOLUTION]
Mailbox release callback is changed so that it posts tasks to a proper
thread before both mojo interface and weak ptr are accessed.
Bug: https://jira-eu.sec.samsung.net/browse/VDGAME-678
Signed-off-by: Piotr Bałut <p.balut@samsung.com>
Change-Id: I5f3bba40b246ff8d565ec672de0fe36ca4390761
#include <utility>
+#include "base/task/bind_post_task.h"
#include "media/base/tizen/logger/media_logger.h"
#include "media/mojo/common/mojo_decoder_buffer_converter.h"
const scoped_refptr<VideoFrame>& frame,
const base::UnguessableToken& release_token) {
TIZEN_MEDIA_LOG(VERBOSE) << "Frame decoded: " << frame->timestamp();
- frame->SetReleaseMailboxCB(base::BindOnce(
- &TTvdVideoDecoder::ReleaseVideoFrame, weak_this_, release_token));
+ frame->SetReleaseMailboxCB(base::BindPostTaskToCurrentDefault(base::BindOnce(
+ &TTvdVideoDecoder::ReleaseVideoFrame, weak_this_, release_token)));
output_cb_.Run(frame);
}
projects / platform / framework / web / chromium-efl.git / commitdiff