From c0a15b7ddc5da9619a414212a5d7d2abf70c788f Mon Sep 17 00:00:00 2001 From: "fischman@webrtc.org" Date: Thu, 17 Apr 2014 01:22:48 +0000 Subject: [PATCH] Fix crashes due to dangling external decoder pointer. When checking whether we need to release external decoder, we have to do pointer comparison. We can't rely on payload types, because payload types can be stale (e.g. before we decode the first video frame after RegisterReceiveCodec). This leaves a dangling pointer to external decoder, which leads to crashes later, after we actually delete the external decoder object. This change has been verified in Chromecast code tree. BUG=chromium:335539 R=stefan@webrtc.org Review URL: https://webrtc-codereview.appspot.com/12049004 Patch from Sergey Volk . git-svn-id: http://webrtc.googlecode.com/svn/trunk@5922 4adac7df-926f-26a2-2b94-8c16560cd09d --- webrtc/modules/video_coding/main/source/codec_database.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/webrtc/modules/video_coding/main/source/codec_database.cc b/webrtc/modules/video_coding/main/source/codec_database.cc index 904fa5dbf..e7a9d91b1 100644 --- a/webrtc/modules/video_coding/main/source/codec_database.cc +++ b/webrtc/modules/video_coding/main/source/codec_database.cc @@ -382,7 +382,11 @@ bool VCMCodecDataBase::DeregisterExternalDecoder(uint8_t payload_type) { // Not found return false; } - if (receive_codec_.plType == payload_type) { + // We can't use payload_type to check if the decoder is currently in use, + // because payload type may be out of date (e.g. before we decode the first + // frame after RegisterReceiveCodec) + if (ptr_decoder_ != NULL && + &ptr_decoder_->_decoder == (*it).second->external_decoder_instance) { // Release it if it was registered and in use. ReleaseDecoder(ptr_decoder_); ptr_decoder_ = NULL;