AudioRendererHost::DoCreateStream() races with LookupById() when DCHEK_IS_ON |
||||
Issue descriptionRecently introduced IO->UI->IO thread hop in AudioRendererHost::OnCreateStream() to validate renderer frame id (https://cs.chromium.org/chromium/src/content/browser/renderer_host/media/audio_renderer_host.cc?cl=GROK&gsn=SetVolume&sq=package:chromium&rcl=1470194398&l=578) creates a race between DoCreateStream(stream_id, ...) https://cs.chromium.org/chromium/src/content/browser/renderer_host/media/audio_renderer_host.cc?cl=GROK&gsn=SetVolume&sq=package:chromium&rcl=1470194398&l=645 and LookupById(stream_id) https://cs.chromium.org/chromium/src/content/browser/renderer_host/media/audio_renderer_host.cc?cl=GROK&gsn=SetVolume&sq=package:chromium&rcl=1470194398&l=756. Thread hopping may result in situations when operations on a stream (on IO thread) are executed before running DoCreateStream (on IO thread); this will result in LookupById() failure and corresponding operation failure. For example, OnSetVolume(stream_id, 0) is sometimes executed before DoCreateStream() and fails, which results in audio leakage for muted audio.
,
Sep 2 2016
,
Sep 2 2016
miu@ ping: could you comment on this?
,
Sep 3 2016
The render process is supposed to wait until it receives the AudioMsg_NotifyStreamCreated message before assuming any other operations will succeed. However, it does seem silly to require additional IPC round-trips, which would only add to start-up latency. Thus, instead of fix the issue in the renderer code, I'll whip-up a CL to do the render frame validation in the browser process without delaying stream creation.
,
Sep 3 2016
,
Sep 9 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2dcff8d1a58297367bc577f4f3554bfffd2c9bd1 commit 2dcff8d1a58297367bc577f4f3554bfffd2c9bd1 Author: miu <miu@chromium.org> Date: Fri Sep 09 18:33:03 2016 Fix race in AudioRendererHost around render frame ID validation. A bug was identified where IPC messages controlling audio stream state were being ignored/dropped: This was due to the fact that, in builds where DCHECKs were turned on, the additional render frame ID validation was delaying stream creation to a point after the control IPC messages were being processed. This change allows stream creation to proceed, with the render frame ID validation happening in the background. If the validation fails, it will error-out and force-close the stream later. The benefit of this change is that it can also harmlessly be turned on for all builds (i.e., not just when DCHECKs are turned on), for a more-robust security check on the AudioHostMsg_CreateStream IPC message. BUG= 633936 Review-Url: https://codereview.chromium.org/2301353007 Cr-Commit-Position: refs/heads/master@{#417642} [modify] https://crrev.com/2dcff8d1a58297367bc577f4f3554bfffd2c9bd1/content/browser/renderer_host/media/audio_renderer_host.cc [modify] https://crrev.com/2dcff8d1a58297367bc577f4f3554bfffd2c9bd1/content/browser/renderer_host/media/audio_renderer_host.h [modify] https://crrev.com/2dcff8d1a58297367bc577f4f3554bfffd2c9bd1/content/browser/renderer_host/media/audio_renderer_host_unittest.cc
,
Jan 25 2018
|
||||
►
Sign in to add a comment |
||||
Comment 1 by olka@chromium.org
, Aug 3 2016