From fc9079700c83ba8d7c5d54b37a2aec16b5372c8b Mon Sep 17 00:00:00 2001
From: Markus Handell <handellm@webrtc.org>
Date: Thu, 5 Dec 2019 12:41:40 +0100
Subject: [PATCH] Fix for defect found by clusterfuzz.

Cause: VideoRtpReceiver::media_channel_ was used when it was null.
Fix: only use when provably not null.

Bug: chromium:1031013
Change-Id: I765e183186d895f39c122e26d50ac787216c44f7
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/161328
Commit-Queue: Markus Handell <handellm@webrtc.org>
Reviewed-by: Per Kjellander <perkj@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#30017}
---
 pc/video_rtp_receiver.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pc/video_rtp_receiver.cc b/pc/video_rtp_receiver.cc
index 24cc4eafb8..c6fb5430cd 100644
--- a/pc/video_rtp_receiver.cc
+++ b/pc/video_rtp_receiver.cc
@@ -155,6 +155,7 @@ void VideoRtpReceiver::RestartMediaChannel(absl::optional<uint32_t> ssrc) {
 }
 
 void VideoRtpReceiver::SetSink(rtc::VideoSinkInterface<VideoFrame>* sink) {
+  RTC_DCHECK(media_channel_);
   if (ssrc_) {
     media_channel_->SetSink(*ssrc_, sink);
     return;
@@ -271,6 +272,11 @@ std::vector<RtpSource> VideoRtpReceiver::GetSources() const {
 
 void VideoRtpReceiver::OnGenerateKeyFrame() {
   RTC_DCHECK_RUN_ON(worker_thread_);
+  if (!media_channel_) {
+    RTC_LOG(LS_ERROR)
+        << "VideoRtpReceiver::OnGenerateKeyFrame: No video channel exists.";
+    return;
+  }
   // TODO(bugs.webrtc.org/8694): Stop using 0 to mean unsignalled SSRC
   media_channel_->GenerateKeyFrame(ssrc_.value_or(0));
   // We need to remember to request generation of a new key frame if the media