- Revision
- 210104
- Author
- [email protected]
- Date
- 2016-12-22 12:07:18 -0800 (Thu, 22 Dec 2016)
Log Message
NULL-deref CRASH in WebCore::PlatformMediaSession::mediaType
https://bugs.webkit.org/show_bug.cgi?id=166407
Reviewed by Darin Adler.
In r207688, we added a facility in PlatformMediaSessionManager for safely walking through a
list of PlatformMediaSessions by replacing entries of deleted sessions with nullptr. We now
need to use those new iteration falicities in MediaSessionManageriOS.
In addition to the existing iterators, add one which takes a predicate, and returns the first
session which matches the predicate, or nullptr, if none do.
* platform/audio/PlatformMediaSessionManager.cpp:
(WebCore::PlatformMediaSessionManager::findSession):
(WebCore::PlatformMediaSessionManager::anyOfSessions):
* platform/audio/PlatformMediaSessionManager.h:
(WebCore::PlatformMediaSessionManager::sessions): Deleted.
* platform/audio/ios/MediaSessionManagerIOS.mm:
(WebCore::MediaSessionManageriOS::configureWireLessTargetMonitoring):
(WebCore::MediaSessionManageriOS::nowPlayingEligibleSession):
(WebCore::MediaSessionManageriOS::externalOutputDeviceAvailableDidChange):
(WebCore::MediaSessionManageriOS::applicationDidEnterBackground):
(WebCore::MediaSessionManageriOS::applicationWillEnterForeground):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (210103 => 210104)
--- trunk/Source/WebCore/ChangeLog 2016-12-22 19:49:37 UTC (rev 210103)
+++ trunk/Source/WebCore/ChangeLog 2016-12-22 20:07:18 UTC (rev 210104)
@@ -1,5 +1,31 @@
2016-12-22 Jer Noble <[email protected]>
+ NULL-deref CRASH in WebCore::PlatformMediaSession::mediaType
+ https://bugs.webkit.org/show_bug.cgi?id=166407
+
+ Reviewed by Darin Adler.
+
+ In r207688, we added a facility in PlatformMediaSessionManager for safely walking through a
+ list of PlatformMediaSessions by replacing entries of deleted sessions with nullptr. We now
+ need to use those new iteration falicities in MediaSessionManageriOS.
+
+ In addition to the existing iterators, add one which takes a predicate, and returns the first
+ session which matches the predicate, or nullptr, if none do.
+
+ * platform/audio/PlatformMediaSessionManager.cpp:
+ (WebCore::PlatformMediaSessionManager::findSession):
+ (WebCore::PlatformMediaSessionManager::anyOfSessions):
+ * platform/audio/PlatformMediaSessionManager.h:
+ (WebCore::PlatformMediaSessionManager::sessions): Deleted.
+ * platform/audio/ios/MediaSessionManagerIOS.mm:
+ (WebCore::MediaSessionManageriOS::configureWireLessTargetMonitoring):
+ (WebCore::MediaSessionManageriOS::nowPlayingEligibleSession):
+ (WebCore::MediaSessionManageriOS::externalOutputDeviceAvailableDidChange):
+ (WebCore::MediaSessionManageriOS::applicationDidEnterBackground):
+ (WebCore::MediaSessionManageriOS::applicationWillEnterForeground):
+
+2016-12-22 Jer Noble <[email protected]>
+
Muted media element playback should not interrupt other audio playback
https://bugs.webkit.org/show_bug.cgi?id=166347
Modified: trunk/Source/WebCore/platform/audio/PlatformMediaSessionManager.cpp (210103 => 210104)
--- trunk/Source/WebCore/platform/audio/PlatformMediaSessionManager.cpp 2016-12-22 19:49:37 UTC (rev 210103)
+++ trunk/Source/WebCore/platform/audio/PlatformMediaSessionManager.cpp 2016-12-22 20:07:18 UTC (rev 210104)
@@ -401,7 +401,7 @@
});
}
-void PlatformMediaSessionManager::forEachSession(std::function<void(PlatformMediaSession&, size_t)> func) const
+void PlatformMediaSessionManager::forEachSession(const Function<void(PlatformMediaSession&, size_t)>& predicate) const
{
++m_iteratingOverSessions;
@@ -409,7 +409,7 @@
auto session = m_sessions[i];
if (!session)
continue;
- func(*session, i);
+ predicate(*session, i);
}
--m_iteratingOverSessions;
@@ -417,20 +417,20 @@
m_sessions.removeAll(nullptr);
}
-bool PlatformMediaSessionManager::anyOfSessions(std::function<bool(PlatformMediaSession&, size_t)> func) const
+PlatformMediaSession* PlatformMediaSessionManager::findSession(const Function<bool(PlatformMediaSession&, size_t)>& predicate) const
{
++m_iteratingOverSessions;
- bool found = false;
+ PlatformMediaSession* foundSession = nullptr;
for (size_t i = 0, size = m_sessions.size(); i < size; ++i) {
auto session = m_sessions[i];
if (!session)
continue;
- if (!func(*session, i))
+ if (!predicate(*session, i))
continue;
- found = true;
+ foundSession = session;
break;
}
@@ -438,7 +438,7 @@
if (!m_iteratingOverSessions)
m_sessions.removeAll(nullptr);
- return found;
+ return foundSession;
}
#endif // ENABLE(VIDEO) || ENABLE(WEB_AUDIO)
Modified: trunk/Source/WebCore/platform/audio/PlatformMediaSessionManager.h (210103 => 210104)
--- trunk/Source/WebCore/platform/audio/PlatformMediaSessionManager.h 2016-12-22 19:49:37 UTC (rev 210103)
+++ trunk/Source/WebCore/platform/audio/PlatformMediaSessionManager.h 2016-12-22 20:07:18 UTC (rev 210104)
@@ -114,14 +114,14 @@
void addSession(PlatformMediaSession&);
virtual void removeSession(PlatformMediaSession&);
- Vector<PlatformMediaSession*> sessions() { return m_sessions; }
+ void forEachSession(const Function<void(PlatformMediaSession&, size_t)>&) const;
+ PlatformMediaSession* findSession(const Function<bool(PlatformMediaSession&, size_t)>&) const;
+ bool anyOfSessions(const Function<bool(PlatformMediaSession&, size_t)>& predicate) const { return findSession(predicate); }
private:
friend class Internals;
void updateSessionState();
- void forEachSession(std::function<void(PlatformMediaSession&, size_t)>) const;
- bool anyOfSessions(std::function<bool(PlatformMediaSession&, size_t)>) const;
// RemoteCommandListenerClient
WEBCORE_EXPORT void didReceiveRemoteControlCommand(PlatformMediaSession::RemoteControlCommandType, const PlatformMediaSession::RemoteCommandArgument*) override;
Modified: trunk/Source/WebCore/platform/audio/ios/MediaSessionManagerIOS.mm (210103 => 210104)
--- trunk/Source/WebCore/platform/audio/ios/MediaSessionManagerIOS.mm 2016-12-22 19:49:37 UTC (rev 210103)
+++ trunk/Source/WebCore/platform/audio/ios/MediaSessionManagerIOS.mm 2016-12-22 20:07:18 UTC (rev 210104)
@@ -173,16 +173,10 @@
void MediaSessionManageriOS::configureWireLessTargetMonitoring()
{
- Vector<PlatformMediaSession*> sessions = this->sessions();
- bool requiresMonitoring = false;
+ bool requiresMonitoring = anyOfSessions([] (PlatformMediaSession& session, size_t) {
+ return session.requiresPlaybackTargetRouteMonitoring();
+ });
- for (auto* session : sessions) {
- if (session->requiresPlaybackTargetRouteMonitoring()) {
- requiresMonitoring = true;
- break;
- }
- }
-
LOG(Media, "MediaSessionManageriOS::configureWireLessTargetMonitoring - requiresMonitoring = %s", requiresMonitoring ? "true" : "false");
if (requiresMonitoring)
@@ -223,16 +217,16 @@
PlatformMediaSession* MediaSessionManageriOS::nowPlayingEligibleSession()
{
- for (auto session : sessions()) {
- PlatformMediaSession::MediaType type = session->mediaType();
+ return findSession([] (PlatformMediaSession& session, size_t) {
+ PlatformMediaSession::MediaType type = session.mediaType();
if (type != PlatformMediaSession::Video && type != PlatformMediaSession::Audio)
- continue;
+ return false;
- if (session->characteristics() & PlatformMediaSession::HasAudio)
- return session;
- }
+ if (session.characteristics() & PlatformMediaSession::HasAudio)
+ return true;
- return nullptr;
+ return false;
+ });
}
void MediaSessionManageriOS::updateNowPlayingInfo()
@@ -292,10 +286,9 @@
void MediaSessionManageriOS::externalOutputDeviceAvailableDidChange()
{
- Vector<PlatformMediaSession*> sessionList = sessions();
- bool haveTargets = [m_objcObserver hasWirelessTargetsAvailable];
- for (auto* session : sessionList)
- session->externalOutputDeviceAvailableDidChange(haveTargets);
+ forEachSession([haveTargets = [m_objcObserver hasWirelessTargetsAvailable]] (PlatformMediaSession& session, size_t) {
+ session.externalOutputDeviceAvailableDidChange(haveTargets);
+ });
}
void MediaSessionManageriOS::applicationDidEnterBackground(bool isSuspendedUnderLock)
@@ -309,11 +302,10 @@
if (!isSuspendedUnderLock)
return;
- Vector<PlatformMediaSession*> sessions = this->sessions();
- for (auto* session : sessions) {
- if (restrictions(session->mediaType()) & BackgroundProcessPlaybackRestricted)
- session->beginInterruption(PlatformMediaSession::SuspendedUnderLock);
- }
+ forEachSession([this] (PlatformMediaSession& session, size_t) {
+ if (restrictions(session.mediaType()) & BackgroundProcessPlaybackRestricted)
+ session.beginInterruption(PlatformMediaSession::SuspendedUnderLock);
+ });
}
void MediaSessionManageriOS::applicationWillEnterForeground(bool isSuspendedUnderLock)
@@ -327,11 +319,10 @@
if (!isSuspendedUnderLock)
return;
- Vector<PlatformMediaSession*> sessions = this->sessions();
- for (auto* session : sessions) {
- if (restrictions(session->mediaType()) & BackgroundProcessPlaybackRestricted)
- session->endInterruption(PlatformMediaSession::MayResumePlaying);
- }
+ forEachSession([this] (PlatformMediaSession& session, size_t) {
+ if (restrictions(session.mediaType()) & BackgroundProcessPlaybackRestricted)
+ session.endInterruption(PlatformMediaSession::MayResumePlaying);
+ });
}
} // namespace WebCore
