[chromecast] Fix Potential UAF in Cast media pipeline via missing StartPlayingFrom state guards [chromium/src : main]

0 views

Skip to first unread message

Shawn Quereshi (Gerrit)

unread,

May 14, 2026, 10:33:59 AMMay 14

to Simeon Anfinrud, Mirko Bonadei, Jerome Jiang, Code Review Nudger, Chromium LUCI CQ, chromium...@chromium.org, android-bu...@system.gserviceaccount.com, devtools...@chromium.org, net-r...@chromium.org, grt+...@chromium.org, fgal...@chromium.org, chrome-intelligence-te...@google.com, chrome-intell...@chromium.org, cblume...@chromium.org, penghuan...@chromium.org, jz...@chromium.org, mar...@chromium.org, halliwe...@chromium.org, feature-me...@chromium.org

Attention needed from Simeon Anfinrud

Shawn Quereshi voted

Code-Review	+1
Commit-Queue	+2

Open in Gerrit

Related details

Attention is currently required from:

Simeon Anfinrud

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Chromium LUCI CQ (Gerrit)

unread,

May 14, 2026, 12:21:49 PMMay 14

to Simeon Anfinrud, Shawn Quereshi, Mirko Bonadei, Jerome Jiang, Code Review Nudger, chromium...@chromium.org, android-bu...@system.gserviceaccount.com, devtools...@chromium.org, net-r...@chromium.org, grt+...@chromium.org, fgal...@chromium.org, chrome-intelligence-te...@google.com, chrome-intell...@chromium.org, cblume...@chromium.org, penghuan...@chromium.org, jz...@chromium.org, mar...@chromium.org, halliwe...@chromium.org, feature-me...@chromium.org

Chromium LUCI CQ submitted the change

Change information

Commit message:

[chromecast] Fix Potential UAF in Cast media pipeline via missing StartPlayingFrom state guards

Introduce strict state validation in CastRenderer::StartPlayingFrom to enforce
that the pipeline must be in a Flushed state before starting playback.

Bug: 501873032

Test: Compiled and passed unit tests.

Change-Id: I93052cd6f4630a618b2d0fe0091cb960b64453bb

Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7767169

Auto-Submit: Simeon Anfinrud <san...@chromium.org>

Reviewed-by: Shawn Quereshi <sha...@google.com>

Commit-Queue: Shawn Quereshi <sha...@google.com>

Cr-Commit-Position: refs/heads/main@{#1630663}

Files:

M chromecast/media/cma/pipeline/av_pipeline_impl.cc

Change size: XS

Delta: 1 file changed, 4 insertions(+), 1 deletion(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Shawn Quereshi

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

0 new messages