Fix race condition in Thread::PostTaskImpl, potential for UAF When a task is posted to a Thread using PostTaskImpl, the target thread might process the task and destroy itself immediately (e.g., if the task calls Quit() and the thread owner destroys the thread). Previously, PostTaskImpl would release the mutex before calling WakeUpSocketServer(). This allowed the target thread to run, process the task, and potentially be destroyed before PostTaskImpl could access ss_ (socket server) in WakeUpSocketServer(), leading to a Use-After-Free/Destruction. This moves the WakeUpSocketServer() call inside the mutex lock. This ensures that the task is not visible to the target thread (via Get()) until PostTaskImpl has finished its work, effectively extending the critical section to cover the wake-up call. This issue was caught on the msan bot: https://chromium-swarm.appspot.com/task?id=76216a8fa02bd411&o=true&w=true Bug: None Change-Id: I15af36aab965c1c9180d0c982d23b200de1d3472 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/445120 Commit-Queue: Evan Shrubsole <eshr@webrtc.org> Auto-Submit: Tomas Gunnarsson <tommi@webrtc.org> Reviewed-by: Danil Chapovalov <danilchap@webrtc.org> Reviewed-by: Evan Shrubsole <eshr@webrtc.org> Cr-Commit-Position: refs/heads/main@{#46791}
WebRTC is a free, open software project that provides browsers and mobile applications with Real-Time Communications (RTC) capabilities via simple APIs. The WebRTC components have been optimized to best serve this purpose.
Our mission: To enable rich, high-quality RTC applications to be developed for the browser, mobile platforms, and IoT devices, and allow them all to communicate via a common set of protocols.
The WebRTC initiative is a project supported by Google, Mozilla and Opera, amongst others.
See here for instructions on how to get started developing with the native code.
Authoritative list of directories that contain the native API header files.