chore: cherry-pick 5c41beab6 from chromium (#32798)

* chore: cherry-pick 5c41beab6 from chromium Backports https://chromium-review.googlesource.com/c/chromium/src/+/3337896 * chore: update patches Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com> Co-authored-by: Charles Kerr <charles@charleskerr.com> Co-authored-by: Cheng Zhao <zcbenz@gmail.com>
electron · Feb 10, 2022 · 6c1f9f8 · 6c1f9f8
1 parent 7432ea4
commit 6c1f9f8
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 0 deletions.
diff --git a/patches/chromium/.patches b/patches/chromium/.patches
@@ -134,6 +134,7 @@ cherry-pick-c5571653d932.patch
 fix_crash_when_saving_edited_pdf_files.patch
 cherry-pick-9db9911e1242.patch
 cherry-pick-1284367.patch
+96_take_local_copy_of_ump_local_sources_to_iterate.patch
 pin_scrolltop_to_0_during_autofill_preview.patch
 fix_preview_state_detection.patch
 do_not_select_vulkan_device_based_on_the_passed_in_gpu_info_on_linux.patch

diff --git a/patches/chromium/96_take_local_copy_of_ump_local_sources_to_iterate.patch b/patches/chromium/96_take_local_copy_of_ump_local_sources_to_iterate.patch
@@ -0,0 +1,53 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tony Herre <toprice@chromium.org>
+Date: Tue, 14 Dec 2021 16:35:05 +0000
+Subject: Take local copy of UMP::local_sources to iterate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Take a local copy of UserMediaProcessor::local_sources_ when iterating
+over it in UserMediaProcessor::DetermineExistingAudioSessionId, as the
+list can be effectively concurrently modified during destruction of
+MediaStreamTracks triggered by GC during this loop. Without the copy
+this leads to a container overflow.
+
+(cherry picked from commit fb6232ffb1fec14d64ec8815f7dfc2cea0887588)
+
+Bug: 1238209
+Change-Id: I048387a51a58eacff87d220e6b67d2d09f610c1d
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3320283
+Reviewed-by: Henrik Boström <hbos@chromium.org>
+Commit-Queue: Tony Herre <toprice@chromium.org>
+Cr-Original-Commit-Position: refs/heads/main@{#950499}
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3337896
+Reviewed-by: Guido Urdaneta <guidou@chromium.org>
+Cr-Commit-Position: refs/branch-heads/4664@{#1303}
+Cr-Branched-From: 24dc4ee75e01a29d390d43c9c264372a169273a7-refs/heads/main@{#929512}
+
+diff --git a/third_party/blink/renderer/modules/mediastream/user_media_processor.cc b/third_party/blink/renderer/modules/mediastream/user_media_processor.cc
+index d42b3d7309ce40e74ebf386f4d38eb8cce008ec0..b0b8b15657210174b000a02f711a76fa16e5948d 100644
+--- a/third_party/blink/renderer/modules/mediastream/user_media_processor.cc
++++ b/third_party/blink/renderer/modules/mediastream/user_media_processor.cc
+@@ -725,6 +725,7 @@ void UserMediaProcessor::SelectAudioSettings(
+
+ absl::optional<base::UnguessableToken>
+ UserMediaProcessor::DetermineExistingAudioSessionId() {
++  DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
+   DCHECK(current_request_info_->request()->Audio());
+
+   auto settings = current_request_info_->audio_capture_settings();
+@@ -733,7 +734,12 @@ UserMediaProcessor::DetermineExistingAudioSessionId() {
+   // Create a copy of the MediaStreamSource objects that are
+   // associated to the same audio device capture based on its device ID.
+   HeapVector<Member<MediaStreamSource>> matching_sources;
+-  for (const auto& source : local_sources_) {
++
++  // Take a defensive copy, as local_sources_ can be modified during
++  // destructions in GC runs triggered by the push_back allocation in this loop.
++  // crbug.com/1238209
++  HeapVector<Member<MediaStreamSource>> local_sources_copy = local_sources_;
++  for (const auto& source : local_sources_copy) {
+     MediaStreamSource* source_copy = source;
+     if (source_copy->GetType() == MediaStreamSource::kTypeAudio &&
+         source_copy->Id().Utf8() == device_id) {