Title: [233091] trunk/Source/WebKit
- Revision
- 233091
- Author
- [email protected]
- Date
- 2018-06-22 13:06:40 -0700 (Fri, 22 Jun 2018)
Log Message
CRASH in WebCore::VideoFullscreenInterfaceMac::~VideoFullscreenInterfaceMac()
https://bugs.webkit.org/show_bug.cgi?id=186892
Reviewed by Eric Carlson.
Protect against m_contentMap being mutated while its contents are being invalidated
by moving the map into a local variable and iterating over it instead.
* UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
(WebKit::PlaybackSessionManagerProxy::invalidate):
* UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:
(WebKit::VideoFullscreenManagerProxy::invalidate):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (233090 => 233091)
--- trunk/Source/WebKit/ChangeLog 2018-06-22 20:01:43 UTC (rev 233090)
+++ trunk/Source/WebKit/ChangeLog 2018-06-22 20:06:40 UTC (rev 233091)
@@ -1,3 +1,18 @@
+2018-06-21 Jer Noble <[email protected]>
+
+ CRASH in WebCore::VideoFullscreenInterfaceMac::~VideoFullscreenInterfaceMac()
+ https://bugs.webkit.org/show_bug.cgi?id=186892
+
+ Reviewed by Eric Carlson.
+
+ Protect against m_contentMap being mutated while its contents are being invalidated
+ by moving the map into a local variable and iterating over it instead.
+
+ * UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
+ (WebKit::PlaybackSessionManagerProxy::invalidate):
+ * UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:
+ (WebKit::VideoFullscreenManagerProxy::invalidate):
+
2018-06-22 Luming Yin <[email protected]>
Expose colorFilterEnabled SPI in WKPreferencesPrivate.h
Modified: trunk/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm (233090 => 233091)
--- trunk/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm 2018-06-22 20:01:43 UTC (rev 233090)
+++ trunk/Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm 2018-06-22 20:06:40 UTC (rev 233091)
@@ -303,7 +303,10 @@
m_page->process().removeMessageReceiver(Messages::PlaybackSessionManagerProxy::messageReceiverName(), m_page->pageID());
m_page = nullptr;
- for (auto& tuple : m_contextMap.values()) {
+ auto contextMap = WTFMove(m_contextMap);
+ m_clientCounts.clear();
+
+ for (auto& tuple : contextMap.values()) {
RefPtr<PlaybackSessionModelContext> model;
RefPtr<PlatformPlaybackSessionInterface> interface;
std::tie(model, interface) = tuple;
@@ -310,9 +313,6 @@
interface->invalidate();
}
-
- m_contextMap.clear();
- m_clientCounts.clear();
}
PlaybackSessionManagerProxy::ModelInterfaceTuple PlaybackSessionManagerProxy::createModelAndInterface(uint64_t contextId)
Modified: trunk/Source/WebKit/UIProcess/Cocoa/VideoFullscreenManagerProxy.mm (233090 => 233091)
--- trunk/Source/WebKit/UIProcess/Cocoa/VideoFullscreenManagerProxy.mm 2018-06-22 20:01:43 UTC (rev 233090)
+++ trunk/Source/WebKit/UIProcess/Cocoa/VideoFullscreenManagerProxy.mm 2018-06-22 20:06:40 UTC (rev 233091)
@@ -308,7 +308,10 @@
m_page->process().removeMessageReceiver(Messages::VideoFullscreenManagerProxy::messageReceiverName(), m_page->pageID());
m_page = nullptr;
- for (auto& tuple : m_contextMap.values()) {
+ auto contextMap = WTFMove(m_contextMap);
+ m_clientCounts.clear();
+
+ for (auto& tuple : contextMap.values()) {
RefPtr<VideoFullscreenModelContext> model;
RefPtr<PlatformVideoFullscreenInterface> interface;
std::tie(model, interface) = tuple;
@@ -317,9 +320,6 @@
[model->layerHostView() removeFromSuperview];
model->setLayerHostView(nullptr);
}
-
- m_contextMap.clear();
- m_clientCounts.clear();
}
void VideoFullscreenManagerProxy::requestHideAndExitFullscreen()
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
