[flutter_webrtc_tizen]Upgrade flutter webrtc to 1.4.1#993
[flutter_webrtc_tizen]Upgrade flutter webrtc to 1.4.1#993xiaowei-guan wants to merge 14 commits intoflutter-tizen:masterfrom
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the flutter_webrtc dependency to version 1.3.1 and introduces a TaskRunner interface to facilitate thread-safe event dispatching. New features include setVolume for audio tracks, dataChannelGetBufferedAmount, and configurable RTC logging severity. The refactor propagates the TaskRunner through various observers and managers and updates several WebRTC internal headers. Feedback identifies critical issues including a use-after-free vulnerability in setVolume, the lack of initialization for the task_runner_ member, and a dangling pointer risk with a static global logging proxy. Further improvements are requested regarding the robustness of the maybeFindDouble helper, adherence to C++ casting standards, and the restoration of a check for defined statistics members.
- Update minimum Flutter and Dart version to 3.13 and 3.1 - Fix analyze issue - Update code format - Adds compatibility with `http` 1.0 in example
xiaowei-guan
changed the title
There was a problem hiding this comment.
Code Review
This pull request updates the flutter_webrtc_tizen plugin to version 0.2.0, increasing the minimum SDK requirements and updating the flutter_webrtc dependency. Key additions include a TaskRunner for thread-safe event dispatching, UTF-8 sanitization for device identifiers, and support for data packet encryption and frame capturing. The implementation also introduces audio volume control, buffered amount retrieval for data channels, and enhanced logging capabilities. Review feedback identifies critical issues in the frame capture logic, specifically a busy-wait loop that blocks the main thread and a memory leak in pixel buffer allocation. Additionally, concerns were raised regarding thread safety for shared flags, the use of volatile for synchronization, and potential crashes due to dangling pointers in the global logging callback.
| while (!catch_frame_) { | ||
| } |
There was a problem hiding this comment.
This busy wait loop blocks the platform thread (main thread) until a frame is captured. This will cause the application UI to freeze and may trigger an ANR (Application Not Responding) if the frame capture takes too long or fails. Please use std::condition_variable with a timeout to wait for the frame asynchronously or at least non-blockingly.
| int width = frame_.get()->width(); | ||
| int height = frame_.get()->height(); | ||
| int bytes_per_pixel = 4; | ||
| uint8_t* pixels = new uint8_t[width * height * bytes_per_pixel]; |
There was a problem hiding this comment.
The pixels buffer is allocated on the heap but never deleted, leading to a memory leak every time a frame is saved. Use std::vector<uint8_t> or std::unique_ptr<uint8_t[]> to manage the memory automatically.
| uint8_t* pixels = new uint8_t[width * height * bytes_per_pixel]; | |
| std::vector<uint8_t> pixels(width * height * bytes_per_pixel); | |
| frame_.get()->ConvertToARGB(RTCVideoFrame::Type::kABGR, pixels.data(), | |
| /* unused */ -1, width, height); | |
| FILE* file = fopen(path_.c_str(), "wb"); | |
| if (!file) { | |
| return false; | |
| } | |
| svpng(file, width, height, pixels.data(), 1); |
|
|
||
| namespace flutter_webrtc_plugin { | ||
|
|
||
| static EventChannelProxy* eventChannelProxy = nullptr; |
There was a problem hiding this comment.
The static global eventChannelProxy is a raw pointer to an object owned by a FlutterWebRTC instance. If the instance is destroyed, the pointer becomes dangling, and the logger callback (which is global to the process) will crash when it attempts to use it. Please ensure the log sink is removed and the pointer is cleared in the FlutterWebRTC destructor.
| FlutterFrameCryptor::FlutterFrameCryptor(this), | ||
| FlutterDataPacketCryptor::FlutterDataPacketCryptor(this) {} | ||
|
|
||
| FlutterWebRTC::~FlutterWebRTC() {} |
There was a problem hiding this comment.
The destructor should clean up the global logger sink to prevent crashes if log messages are received after the plugin instance is destroyed.
FlutterWebRTC::~FlutterWebRTC() {
libwebrtc::LibWebRTCLogging::removeLogSink();
eventChannelProxy = nullptr;
}| * Fix analyze issue. | ||
| * Update code format. | ||
| * Adds compatibility with `http` 1.0 in example. | ||
| * Update flutter_webrtc to 1.3.1. |
There was a problem hiding this comment.
There is a discrepancy between the version mentioned here (1.3.1) and the version mentioned in the PR title and example pubspecs (1.4.1). Please ensure the version is consistent across all files.
| * Update flutter_webrtc to 1.3.1. | |
| * Update flutter_webrtc to 1.4.1. |
|
|
||
| #include <list> | ||
| #include <memory> | ||
| #include <mutex> |
There was a problem hiding this comment.
Please include <atomic> to support thread-safe flag management in EventChannelProxyImpl and other classes.
| #include <mutex> | |
| #include <atomic> | |
| #include <mutex> |
| std::unique_ptr<EventSink> sink_; | ||
| std::shared_ptr<flutter::EventSink<flutter::EncodableValue>> sink_; | ||
| std::list<EncodableValue> event_queue_; | ||
| bool on_listen_called_ = false; |
There was a problem hiding this comment.
The on_listen_called_ flag is accessed from multiple threads (platform thread for callbacks and potentially other threads for Success). It should be atomic to avoid race conditions.
| bool on_listen_called_ = false; | |
| std::atomic<bool> on_listen_called_ = false; |
| std::string path_; | ||
| std::mutex mutex_; | ||
| scoped_refptr<RTCVideoFrame> frame_; | ||
| volatile bool catch_frame_; |
There was a problem hiding this comment.
In C++, volatile does not provide atomicity or memory ordering guarantees for thread synchronization. Use std::atomic<bool> instead, or use a condition variable for more efficient synchronization.
| volatile bool catch_frame_; | |
| std::atomic<bool> catch_frame_; |
| return; | ||
| } | ||
|
|
||
| auto keyProvider = base_->key_providers_[keyProviderId]; |
There was a problem hiding this comment.
Using operator[] on a std::map will insert a default-constructed entry if the key is not found. This pollutes the map with null entries for invalid IDs. It is better to use find() to check for existence.
auto it = base_->key_providers_.find(keyProviderId);
if (it == base_->key_providers_.end()) {
result->Error("createDataPacketCryptor",
"createDataPacketCryptor() keyProvider is null");
return;
}
auto keyProvider = it->second;| if (!member->IsDefined()) { | ||
| continue; | ||
| } | ||
| switch (member->GetType()) { |
There was a problem hiding this comment.
The check if (!member->IsDefined()) was removed. Accessing values of undefined stats members can lead to unexpected behavior or garbage data. It is recommended to restore this check to ensure only defined stats are included in the report.
| switch (member->GetType()) { | |
| if (!member->IsDefined()) { | |
| continue; | |
| } | |
| switch (member->GetType()) { |
xiaowei-guan
changed the title
xiaowei-guan
changed the title
1.Fixed the use-after-free vulnerability caused by assigning `scoped_refptr<RTCMediaTrack>` returned by `MediaTrackForId()` to raw pointers. The temporary `scoped_refptr` was being destroyed at the end of the assignment statement, potentially deleting the track object before it could be used.
change so file Flags to soft
1 participant
Fix #971