| Index: media/mojo/clients/mojo_renderer_impl.h
|
| diff --git a/media/mojo/clients/mojo_renderer_impl.h b/media/mojo/clients/mojo_renderer_impl.h
|
| index 9b60afe5b494cfaf46542be3f3de43818b836637..ec9d9f63aed7fc86ce4d0e386fae56e67d5ea092 100644
|
| --- a/media/mojo/clients/mojo_renderer_impl.h
|
| +++ b/media/mojo/clients/mojo_renderer_impl.h
|
| @@ -8,6 +8,7 @@
|
| #include <stdint.h>
|
|
|
| #include "base/macros.h"
|
| +#include "media/base/demuxer_stream.h"
|
| #include "media/base/renderer.h"
|
| #include "media/mojo/interfaces/renderer.mojom.h"
|
| #include "mojo/public/cpp/bindings/binding.h"
|
| @@ -19,6 +20,7 @@ class SingleThreadTaskRunner;
|
| namespace media {
|
|
|
| class DemuxerStreamProvider;
|
| +class MojoDemuxerStreamImpl;
|
| class VideoOverlayFactory;
|
| class VideoRendererSink;
|
|
|
| @@ -73,6 +75,9 @@ class MojoRendererImpl : public Renderer, public mojom::RendererClient {
|
| // Callback for connection error on |remote_renderer_|.
|
| void OnConnectionError();
|
|
|
| + // Callback for connection error on |audio_stream_| and |video_stream_|.
|
| + void OnDemuxerStreamConnectionError(DemuxerStream::Type type);
|
| +
|
| // Called when |remote_renderer_| has finished initializing.
|
| void OnInitialized(bool success);
|
|
|
| @@ -95,6 +100,14 @@ class MojoRendererImpl : public Renderer, public mojom::RendererClient {
|
| // Client of |this| renderer passed in Initialize.
|
| media::RendererClient* client_;
|
|
|
| + // Mojo demuxer streams.
|
| + // Owned by MojoRendererImpl instead of remote mojom::Renderer
|
| + // becuase these demuxer streams need to be destroyed as soon as |this| is
|
| + // destroyed. The local demuxer streams returned by DemuxerStreamProvider
|
| + // cannot be used after |this| is destroyed.
|
| + std::unique_ptr<MojoDemuxerStreamImpl> audio_stream_;
|
| + std::unique_ptr<MojoDemuxerStreamImpl> video_stream_;
|
| +
|
| // This class is constructed on one thread and used exclusively on another
|
| // thread. This member is used to safely pass the RendererPtr from one thread
|
| // to another. It is set in the constructor and is consumed in Initialize().
|
|
|
Chromium Code Reviews
Issue 2075193002:
Fixes use-after-free in MojoDemuxerStreamImpl. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master