Title: [218554] releases/WebKitGTK/webkit-2.16/Source/WebCore
- Revision
- 218554
- Author
- carlo...@webkit.org
- Date
- 2017-06-20 00:24:16 -0700 (Tue, 20 Jun 2017)
Log Message
Merge r217581 - m_resourceSelectionTaskQueue tasks should be cleared when player is destroyed to prevent invalid state.
https://bugs.webkit.org/show_bug.cgi?id=172726
rdar://problem/30867764
Patch by Jeremy Jones <jere...@apple.com> on 2017-05-30
Reviewed by Eric Carlson.
I haven't found a reproducible way to make a test case for this race condition.
If m_player is cleared while there is an outstanding task in m_resourceSelectionTaskQueue,
that task may assume m_player is not null and crash. It is better to cancel that task than
to perform it part way with null checks.
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::~HTMLMediaElement):
(WebCore::HTMLMediaElement::clearMediaPlayer):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (218553 => 218554)
--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog 2017-06-20 07:20:16 UTC (rev 218553)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog 2017-06-20 07:24:16 UTC (rev 218554)
@@ -1,3 +1,21 @@
+2017-05-30 Jeremy Jones <jere...@apple.com>
+
+ m_resourceSelectionTaskQueue tasks should be cleared when player is destroyed to prevent invalid state.
+ https://bugs.webkit.org/show_bug.cgi?id=172726
+ rdar://problem/30867764
+
+ Reviewed by Eric Carlson.
+
+ I haven't found a reproducible way to make a test case for this race condition.
+
+ If m_player is cleared while there is an outstanding task in m_resourceSelectionTaskQueue,
+ that task may assume m_player is not null and crash. It is better to cancel that task than
+ to perform it part way with null checks.
+
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::~HTMLMediaElement):
+ (WebCore::HTMLMediaElement::clearMediaPlayer):
+
2017-05-27 Zalan Bujtas <za...@apple.com>
enclosingIntRect returns a rect with -1 width/height when the input FloatRect overflows integer.
Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/html/HTMLMediaElement.cpp (218553 => 218554)
--- releases/WebKitGTK/webkit-2.16/Source/WebCore/html/HTMLMediaElement.cpp 2017-06-20 07:20:16 UTC (rev 218553)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/html/HTMLMediaElement.cpp 2017-06-20 07:24:16 UTC (rev 218554)
@@ -568,6 +568,7 @@
m_pauseAfterDetachedTaskQueue.close();
m_updatePlaybackControlsManagerQueue.close();
m_playbackControlsManagerBehaviorRestrictionsQueue.close();
+ m_resourceSelectionTaskQueue.close();
m_completelyLoaded = true;
@@ -5115,6 +5116,8 @@
m_mediaSession->clientCharacteristicsChanged();
m_mediaSession->canProduceAudioChanged();
+ m_resourceSelectionTaskQueue.cancelAllTasks();
+
updateSleepDisabling();
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
