зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1109457 - Prevent potential for Join()ing a pointer held in free'd memory in gmp-clearkey. r=edwin
This commit is contained in:
Родитель
67369e80dd
Коммит
ee2a73fe1c
|
@ -516,6 +516,7 @@ ClearKeyDecryptor::ClearKeyDecryptor(GMPDecryptorCallback* aCallback,
|
|||
const Key& aKey)
|
||||
: mRefCnt(0)
|
||||
, mCallback(aCallback)
|
||||
, mThread(nullptr)
|
||||
, mKey(aKey)
|
||||
{
|
||||
if (GetPlatform()->createthread(&mThread) != GMPNoErr) {
|
||||
|
@ -542,8 +543,11 @@ ClearKeyDecryptor::Release()
|
|||
uint32_t newCount = --mRefCnt;
|
||||
if (!newCount) {
|
||||
if (mThread) {
|
||||
mThread->Post(new DestroyTask(this));
|
||||
mThread->Join();
|
||||
// Shutdown mThread. We cache a pointer to mThread, as the DestroyTask
|
||||
// may run and delete |this| before Post() returns.
|
||||
GMPThread* thread = mThread;
|
||||
thread->Post(new DestroyTask(this));
|
||||
thread->Join();
|
||||
} else {
|
||||
delete this;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче