[webkit-changes] [233557] trunk/Source/WebCore

[rniwa]

Title: [233557] trunk/Source/WebCore

Revision

233557

Author

rn...@webkit.org

Date

2018-07-05 19:32:52 -0700 (Thu, 05 Jul 2018)

Log Message

REGRESSION(r233496): Crash in WebCore::VideoTrack::clearClient()
https://bugs.webkit.org/show_bug.cgi?id=187377

Reviewed by Simon Fraser.

Clear m_client of an audio track or a video track before removing it from the list
since TrackListBase::m_inbandTracks may hold the last ref to the track.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::removeAudioTrack):
(WebCore::HTMLMediaElement::removeVideoTrack):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/html/HTMLMediaElement.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (233556 => 233557)

--- trunk/Source/WebCore/ChangeLog	2018-07-06 01:56:48 UTC (rev 233556)
+++ trunk/Source/WebCore/ChangeLog	2018-07-06 02:32:52 UTC (rev 233557)
@@ -1,3 +1,17 @@
+2018-07-05  Ryosuke Niwa  <rn...@webkit.org>
+
+        REGRESSION(r233496): Crash in WebCore::VideoTrack::clearClient()
+        https://bugs.webkit.org/show_bug.cgi?id=187377
+
+        Reviewed by Simon Fraser.
+
+        Clear m_client of an audio track or a video track before removing it from the list
+        since TrackListBase::m_inbandTracks may hold the last ref to the track.
+
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::removeAudioTrack):
+        (WebCore::HTMLMediaElement::removeVideoTrack):
+
 2018-07-05  Fujii Hironori  <hironori.fu...@sony.com>
 
         REGRESSION(r233495) [cairo] drawGlyphsShadow should use the fast path for zero blur-radius

Modified: trunk/Source/WebCore/html/HTMLMediaElement.cpp (233556 => 233557)

--- trunk/Source/WebCore/html/HTMLMediaElement.cpp	2018-07-06 01:56:48 UTC (rev 233556)
+++ trunk/Source/WebCore/html/HTMLMediaElement.cpp	2018-07-06 02:32:52 UTC (rev 233557)
@@ -4049,8 +4049,8 @@
 
 void HTMLMediaElement::removeAudioTrack(AudioTrack& track)
 {
+    track.clearClient();
     m_audioTracks->remove(track);
-    track.clearClient();
 }
 
 void HTMLMediaElement::removeTextTrack(TextTrack& track, bool scheduleEvent)
@@ -4067,8 +4067,8 @@
 
 void HTMLMediaElement::removeVideoTrack(VideoTrack& track)
 {
+    track.clearClient();
     m_videoTracks->remove(track);
-    track.clearClient();
 }
 
 void HTMLMediaElement::forgetResourceSpecificTracks()

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes