Gitiles
Code Review Sign In
gerrit.openfyde.cn / webrtc.googlesource.com / src / b6b782da684232d3a226e62cf5dc7f8d5ca028d0^! / . / modules / video_coding / timestamp_map.cc
commitb6b782da684232d3a226e62cf5dc7f8d5ca028d0[log] [tgz]
authorJohannes Kron <kron@webrtc.org>Wed Mar 03 14:39:44 2021 +0100
committerCommit Bot <commit-bot@chromium.org>Wed Mar 03 14:21:17 2021 +0000
tree3b9ffec9563837e8b7f8e7788a7d3dbf91ab06f6
parent752cbaba907de077e5f1b24a232e71feb479dccb [diff] [blame]
Fix potential unsafe access to VCMTimestampMap::data

The access to |_timestampMap| was guarded by a lock but
not the access to the data pointer stored in |_timestampMap|.
There was a potential race condition if new data was added
in VCMGenericDecoder::Decode() while the data pointer
retrieved from _timestampMap.Pop() was being used in
VCMDecodedFrameCallback::Decoded().

This CL moves the storage of data to within |_timestampMap|,
instead of being a pointer so that it's guarded by the same
lock.

Bug: webrtc:11229
Change-Id: I3f2afb568ed724db5719d508a73de402c4531dec
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/209361
Commit-Queue: Johannes Kron <kron@webrtc.org>
Reviewed-by: Ilya Nikolaevskiy <ilnik@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#33374}

diff --git a/modules/video_coding/timestamp_map.cc b/modules/video_coding/timestamp_map.cc
index d79075f..7762e36 100644
--- a/modules/video_coding/timestamp_map.cc
+++ b/modules/video_coding/timestamp_map.cc

@@ -24,7 +24,7 @@
 
 VCMTimestampMap::~VCMTimestampMap() {}
 
-void VCMTimestampMap::Add(uint32_t timestamp, VCMFrameInformation* data) {
+void VCMTimestampMap::Add(uint32_t timestamp, const VCMFrameInformation& data) {
   ring_buffer_[next_add_idx_].timestamp = timestamp;
   ring_buffer_[next_add_idx_].data = data;
   next_add_idx_ = (next_add_idx_ + 1) % capacity_;
@@ -35,18 +35,18 @@
   }
 }
 
-VCMFrameInformation* VCMTimestampMap::Pop(uint32_t timestamp) {
+absl::optional<VCMFrameInformation> VCMTimestampMap::Pop(uint32_t timestamp) {
   while (!IsEmpty()) {
     if (ring_buffer_[next_pop_idx_].timestamp == timestamp) {
       // Found start time for this timestamp.
-      VCMFrameInformation* data = ring_buffer_[next_pop_idx_].data;
-      ring_buffer_[next_pop_idx_].data = nullptr;
+      const VCMFrameInformation& data = ring_buffer_[next_pop_idx_].data;
+      ring_buffer_[next_pop_idx_].timestamp = 0;
       next_pop_idx_ = (next_pop_idx_ + 1) % capacity_;
       return data;
     } else if (IsNewerTimestamp(ring_buffer_[next_pop_idx_].timestamp,
                                 timestamp)) {
       // The timestamp we are looking for is not in the list.
-      return nullptr;
+      return absl::nullopt;
     }
 
     // Not in this position, check next (and forget this position).
@@ -54,7 +54,7 @@
   }
 
   // Could not find matching timestamp in list.
-  return nullptr;
+  return absl::nullopt;
 }
 
 bool VCMTimestampMap::IsEmpty() const {