cubeb_api::Stream was dropping StreamCallbacks explicitly, then relying on Rust's implicit Drop ordering to drop the interior cubeb_core::Stream. The cubeb_core::Stream could potentially use the StreamCallbacks before/during destruction, so we need to free these after the cubeb_core::Stream.
If a cubeb_core::Stream has been started and is then dropped, it's possible for a UAF to occur where the stream is destroyed but the callback is still in flight. A stream must be stopped before destruction, so this takes the simple approach of blindly stopping any stream before calling cubeb_stream_destroy. The major libcubeb backends all allow this, but it's not explicitly permitted by the API. Rather than forcing the caller to track an additional "running" state for the stream, it seemed cleaner to change the libcubeb API to permit this. I'll file a libcubeb bug to update the documentation.
djg
commented
6 years ago
This is intended to fix BMO 1447097.
This change is