From a1fa6db84e4f2a7212d5d55fa3d9bb1bf4d2ef81 Mon Sep 17 00:00:00 2001
From: JW Wang <jwwang@mozilla.com>
Date: Mon, 24 Oct 2016 11:43:57 +0800
Subject: [PATCH] Bug 1312321. Part 1 - make StateObject::SetState
 pass-by-value. r=JamesCheng

MozReview-Commit-ID: 34Y4bNAGmbk

--HG--
extra : rebase_source : 64d0765dadd4f2fac979dcd28f5382aace5d13d6
---
 dom/media/MediaDecoderStateMachine.cpp | 27 +++++++++-----------------
 1 file changed, 9 insertions(+), 18 deletions(-)

diff --git a/dom/media/MediaDecoderStateMachine.cpp b/dom/media/MediaDecoderStateMachine.cpp
index ec747683b9e3..57351c9de95f 100644
--- a/dom/media/MediaDecoderStateMachine.cpp
+++ b/dom/media/MediaDecoderStateMachine.cpp
@@ -237,8 +237,8 @@ public:
   // Note this function will delete the current state object.
   // Don't access members to avoid UAF after this call.
   template <class S, typename... Ts>
-  auto SetState(Ts&&... aArgs)
-    -> decltype(DeclVal<S>().Enter(Forward<Ts>(aArgs)...))
+  auto SetState(Ts... aArgs)
+    -> decltype(DeclVal<S>().Enter(Move(aArgs)...))
   {
     // keep mMaster in a local object because mMaster will become invalid after
     // the current state object is deleted.
@@ -253,13 +253,9 @@ public:
 
     Exit();
 
-    // Note |aArgs| might reference data members of |this|. We need to keep
-    // |this| alive until |s->Enter()| returns.
-    UniquePtr<StateObject> deathGrip(master->mStateObj.release());
-
     master->mState = s->GetState();
     master->mStateObj.reset(s);
-    return s->Enter(Forward<Ts>(aArgs)...);
+    return s->Enter(Move(aArgs)...);
   }
 
 protected:
@@ -1294,8 +1290,7 @@ DormantState::HandleDormant(bool aDormant)
 {
   if (!aDormant) {
     MOZ_ASSERT(!Info().IsEncrypted() || mMaster->mCDMProxy);
-    SeekJob seekJob = Move(mPendingSeek);
-    SetState<DecodingFirstFrameState>(Move(seekJob));
+    SetState<DecodingFirstFrameState>(Move(mPendingSeek));
   }
   return true;
 }
@@ -1304,11 +1299,10 @@ bool
 MediaDecoderStateMachine::
 WaitForCDMState::HandleCDMProxyReady()
 {
-  SeekJob seekJob = Move(mPendingSeek);
   if (mPendingDormant) {
-    SetState<DormantState>(Move(seekJob));
+    SetState<DormantState>(Move(mPendingSeek));
   } else {
-    SetState<DecodingFirstFrameState>(Move(seekJob));
+    SetState<DecodingFirstFrameState>(Move(mPendingSeek));
   }
   return true;
 }
@@ -1369,8 +1363,7 @@ MediaDecoderStateMachine::
 DecodingFirstFrameState::HandleDormant(bool aDormant)
 {
   if (aDormant) {
-    SeekJob seekJob = Move(mPendingSeek);
-    SetState<DormantState>(Move(seekJob));
+    SetState<DormantState>(Move(mPendingSeek));
   }
   return true;
 }
@@ -1389,8 +1382,7 @@ DecodingFirstFrameState::MaybeFinishDecodeFirstFrame()
   mMaster->FinishDecodeFirstFrame();
 
   if (mPendingSeek.Exists()) {
-    SeekJob seekJob = Move(mPendingSeek);
-    SetState<SeekingState>(Move(seekJob));
+    SetState<SeekingState>(Move(mPendingSeek));
   } else {
     SetState<DecodingState>();
   }
@@ -1500,8 +1492,7 @@ SeekingState::HandleDormant(bool aDormant)
     mSeekJob.mTarget.SetType(SeekTarget::Accurate);
     mSeekJob.mTarget.SetVideoOnly(false);
   }
-  SeekJob seekJob = Move(mSeekJob);
-  SetState<DormantState>(Move(seekJob));
+  SetState<DormantState>(Move(mSeekJob));
   return true;
 }