Title: [211659] trunk
- Revision
- 211659
- Author
- jer.no...@apple.com
- Date
- 2017-02-03 17:20:53 -0800 (Fri, 03 Feb 2017)
Log Message
ASSERT in HTMLMediaElement::~HTMLMediaElement
https://bugs.webkit.org/show_bug.cgi?id=167818
Reviewed by Brent Fulgham.
Source/WebCore:
Test: media/audio-dealloc-crash.html
HTMLMediaElement's MediaElementSession can nominate the HTMLMediaElement itself
to become the playback controls session from inside the HTMLMediaElement destructor. Protect
against this by clearing out the session before calling updatePlaybackControlsManager().
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::~HTMLMediaElement):
LayoutTests:
* media/audio-dealloc-crash-expected.txt: Added.
* media/audio-dealloc-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (211658 => 211659)
--- trunk/LayoutTests/ChangeLog 2017-02-04 01:17:38 UTC (rev 211658)
+++ trunk/LayoutTests/ChangeLog 2017-02-04 01:20:53 UTC (rev 211659)
@@ -1,3 +1,13 @@
+2017-02-03 Jer Noble <jer.no...@apple.com>
+
+ ASSERT in HTMLMediaElement::~HTMLMediaElement
+ https://bugs.webkit.org/show_bug.cgi?id=167818
+
+ Reviewed by Brent Fulgham.
+
+ * media/audio-dealloc-crash-expected.txt: Added.
+ * media/audio-dealloc-crash.html: Added.
+
2017-02-03 Chris Dumez <cdu...@apple.com>
Dismiss HTML form validation popover when pressing Escape key
Added: trunk/LayoutTests/media/audio-dealloc-crash-expected.txt (0 => 211659)
--- trunk/LayoutTests/media/audio-dealloc-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/media/audio-dealloc-crash-expected.txt 2017-02-04 01:20:53 UTC (rev 211659)
@@ -0,0 +1,2 @@
+END OF TEST
+
Added: trunk/LayoutTests/media/audio-dealloc-crash.html (0 => 211659)
--- trunk/LayoutTests/media/audio-dealloc-crash.html (rev 0)
+++ trunk/LayoutTests/media/audio-dealloc-crash.html 2017-02-04 01:20:53 UTC (rev 211659)
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <script src=""
+ <script src=""
+</head>
+<body>
+ <div>Creating and immediately destroying an Audio element should not crash.</div>
+ <script>
+ runWithKeyDown(() => {
+ document.body.innerHTML = '<audio></audio>';
+ document.body.childNodes[0].play();
+ document.body.innerHTML = '';
+ gc();
+ setTimeout(endTest, 100);
+ });
+ </script>
+</div>
+</body>
+</html>
\ No newline at end of file
Modified: trunk/Source/WebCore/ChangeLog (211658 => 211659)
--- trunk/Source/WebCore/ChangeLog 2017-02-04 01:17:38 UTC (rev 211658)
+++ trunk/Source/WebCore/ChangeLog 2017-02-04 01:20:53 UTC (rev 211659)
@@ -1,3 +1,19 @@
+2017-02-03 Jer Noble <jer.no...@apple.com>
+
+ ASSERT in HTMLMediaElement::~HTMLMediaElement
+ https://bugs.webkit.org/show_bug.cgi?id=167818
+
+ Reviewed by Brent Fulgham.
+
+ Test: media/audio-dealloc-crash.html
+
+ HTMLMediaElement's MediaElementSession can nominate the HTMLMediaElement itself
+ to become the playback controls session from inside the HTMLMediaElement destructor. Protect
+ against this by clearing out the session before calling updatePlaybackControlsManager().
+
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::~HTMLMediaElement):
+
2017-02-03 Daniel Bates <daba...@apple.com>
[Mac][WK2] Add SPI to override the Content Security Policy of a page
Modified: trunk/Source/WebCore/html/HTMLMediaElement.cpp (211658 => 211659)
--- trunk/Source/WebCore/html/HTMLMediaElement.cpp 2017-02-04 01:17:38 UTC (rev 211658)
+++ trunk/Source/WebCore/html/HTMLMediaElement.cpp 2017-02-04 01:20:53 UTC (rev 211659)
@@ -575,6 +575,8 @@
m_player->invalidate();
m_player = nullptr;
}
+
+ m_mediaSession = nullptr;
updatePlaybackControlsManager();
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes