Bug 1148286 - Ensure we don't nullpointer deref if the CDM crashes in MediaKeys and Reader::SetCDMProxy implementations. r=edwin, a=sledru
authorChris Pearce <cpearce@mozilla.com>
Wed, 01 Apr 2015 20:48:43 +1300
changeset 265534 998229d7022c7aeeda8c4684c0b16b78adcde052
parent 265533 22ea077942669bf5f60db2ced72418ec4e919f5f
child 265535 93b1c4b8ae510dbc79b1f6556ea20fc4ac580596
push id4718
push userraliiev@mozilla.com
push dateMon, 11 May 2015 18:39:53 +0000
treeherdermozilla-beta@c20c4ef55f08 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersedwin, sledru
bugs1148286
milestone39.0a2
Bug 1148286 - Ensure we don't nullpointer deref if the CDM crashes in MediaKeys and Reader::SetCDMProxy implementations. r=edwin, a=sledru
dom/media/eme/MediaKeys.cpp
dom/media/fmp4/MP4Decoder.cpp
dom/media/mediasource/MediaSourceDecoder.cpp
--- a/dom/media/eme/MediaKeys.cpp
+++ b/dom/media/eme/MediaKeys.cpp
@@ -148,16 +148,22 @@ MediaKeys::GetKeySystem(nsString& retval
 already_AddRefed<Promise>
 MediaKeys::SetServerCertificate(const ArrayBufferViewOrArrayBuffer& aCert, ErrorResult& aRv)
 {
   nsRefPtr<Promise> promise(MakePromise(aRv));
   if (aRv.Failed()) {
     return nullptr;
   }
 
+  if (!mProxy) {
+    NS_WARNING("Tried to use a MediaKeys without a CDM");
+    promise->MaybeReject(NS_ERROR_DOM_INVALID_STATE_ERR);
+    return promise.forget();
+  }
+
   nsTArray<uint8_t> data;
   if (!CopyArrayBufferViewOrArrayBufferData(aCert, data)) {
     promise->MaybeReject(NS_ERROR_DOM_INVALID_ACCESS_ERR);
     return promise.forget();
   }
 
   mProxy->SetServerCertificate(StorePromise(promise), data);
   return promise.forget();
@@ -482,16 +488,22 @@ MediaKeys::OnCDMCreated(PromiseId aId, c
   }
 }
 
 already_AddRefed<MediaKeySession>
 MediaKeys::CreateSession(JSContext* aCx,
                          SessionType aSessionType,
                          ErrorResult& aRv)
 {
+  if (!mProxy) {
+    NS_WARNING("Tried to use a MediaKeys which lost its CDM");
+    aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+    return nullptr;
+  }
+
   EME_LOG("MediaKeys[%p] Creating session", this);
 
   nsRefPtr<MediaKeySession> session = new MediaKeySession(aCx,
                                                           GetParentObject(),
                                                           this,
                                                           mKeySystem,
                                                           aSessionType,
                                                           aRv);
--- a/dom/media/fmp4/MP4Decoder.cpp
+++ b/dom/media/fmp4/MP4Decoder.cpp
@@ -37,17 +37,17 @@ MediaDecoderStateMachine* MP4Decoder::Cr
 }
 
 #ifdef MOZ_EME
 nsresult
 MP4Decoder::SetCDMProxy(CDMProxy* aProxy)
 {
   nsresult rv = MediaDecoder::SetCDMProxy(aProxy);
   NS_ENSURE_SUCCESS(rv, rv);
-  {
+  if (aProxy) {
     // The MP4Reader can't decrypt EME content until it has a CDMProxy,
     // and the CDMProxy knows the capabilities of the CDM. The MP4Reader
     // remains in "waiting for resources" state until then.
     CDMCaps::AutoLock caps(aProxy->Capabilites());
     nsCOMPtr<nsIRunnable> task(
       NS_NewRunnableMethod(this, &MediaDecoder::NotifyWaitingForResourcesStatusChanged));
     caps.CallOnMainThreadWhenCapsAvailable(task);
   }
--- a/dom/media/mediasource/MediaSourceDecoder.cpp
+++ b/dom/media/mediasource/MediaSourceDecoder.cpp
@@ -300,17 +300,17 @@ MediaSourceDecoder::GetMozDebugReaderDat
 nsresult
 MediaSourceDecoder::SetCDMProxy(CDMProxy* aProxy)
 {
   nsresult rv = MediaDecoder::SetCDMProxy(aProxy);
   NS_ENSURE_SUCCESS(rv, rv);
   rv = mReader->SetCDMProxy(aProxy);
   NS_ENSURE_SUCCESS(rv, rv);
 
-  {
+  if (aProxy) {
     // The sub readers can't decrypt EME content until they have a CDMProxy,
     // and the CDMProxy knows the capabilities of the CDM. The MediaSourceReader
     // remains in "waiting for resources" state until then. We need to kick the
     // reader out of waiting if the CDM gets added with known capabilities.
     CDMCaps::AutoLock caps(aProxy->Capabilites());
     if (!caps.AreCapsKnown()) {
       nsCOMPtr<nsIRunnable> task(
         NS_NewRunnableMethod(this, &MediaDecoder::NotifyWaitingForResourcesStatusChanged));