Diff
Modified: branches/safari-607-branch/Source/WebCore/ChangeLog (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/ChangeLog 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/ChangeLog 2019-02-07 23:37:10 UTC (rev 241162)
@@ -1,5 +1,98 @@
2019-02-07 Alan Coon <[email protected]>
+ Cherry-pick r241130. rdar://problem/47893594
+
+ HTMLMediaElement registers wrong ScriptExecutionContext with its ActiveDOMObject parent class
+ https://bugs.webkit.org/show_bug.cgi?id=194360
+
+ HTMLMediaElement registers the Document used to create it with ActiveDOMObject, when it should
+ really use that Document's contextDocument(). Rather than just fix this in HTMLMediaElement,
+ make sure that the correct document is used everywhere by adding a new ActiveDOMObject constructor
+ taking a Document&, and making an explicitly deleted Document* constructor to catch any new cases.
+
+ Reviewed by Geoffrey Garen.
+
+ * Modules/applepay/ApplePaySession.cpp:
+ (WebCore::ApplePaySession::ApplePaySession):
+ * Modules/mediarecorder/MediaRecorder.cpp:
+ (WebCore::MediaRecorder::MediaRecorder):
+ * Modules/mediastream/MediaDevices.cpp:
+ (WebCore::MediaDevices::MediaDevices):
+ * Modules/mediastream/UserMediaRequest.cpp:
+ (WebCore::UserMediaRequest::UserMediaRequest):
+ * Modules/notifications/Notification.cpp:
+ (WebCore::Notification::Notification):
+ * Modules/paymentrequest/PaymentRequest.cpp:
+ (WebCore::PaymentRequest::PaymentRequest):
+ * Modules/webaudio/AudioContext.cpp:
+ (WebCore::AudioContext::AudioContext):
+ * animation/WebAnimation.cpp:
+ (WebCore::WebAnimation::WebAnimation):
+ * css/FontFaceSet.cpp:
+ (WebCore::FontFaceSet::FontFaceSet):
+ * dom/ActiveDOMObject.cpp:
+ (WebCore::ActiveDOMObject::ActiveDOMObject):
+ * dom/ActiveDOMObject.h:
+ * dom/Document.h:
+ (WebCore::ActiveDOMObject::ActiveDOMObject):
+ * html/HTMLMarqueeElement.cpp:
+ (WebCore::HTMLMarqueeElement::HTMLMarqueeElement):
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::HTMLMediaElement):
+ * html/HTMLSourceElement.cpp:
+ (WebCore::HTMLSourceElement::HTMLSourceElement):
+ * page/IntersectionObserver.cpp:
+ (WebCore::IntersectionObserver::IntersectionObserver):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241130 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-02-07 Jer Noble <[email protected]>
+
+ HTMLMediaElement registers wrong ScriptExecutionContext with its ActiveDOMObject parent class
+ https://bugs.webkit.org/show_bug.cgi?id=194360
+
+ HTMLMediaElement registers the Document used to create it with ActiveDOMObject, when it should
+ really use that Document's contextDocument(). Rather than just fix this in HTMLMediaElement,
+ make sure that the correct document is used everywhere by adding a new ActiveDOMObject constructor
+ taking a Document&, and making an explicitly deleted Document* constructor to catch any new cases.
+
+ Reviewed by Geoffrey Garen.
+
+ * Modules/applepay/ApplePaySession.cpp:
+ (WebCore::ApplePaySession::ApplePaySession):
+ * Modules/mediarecorder/MediaRecorder.cpp:
+ (WebCore::MediaRecorder::MediaRecorder):
+ * Modules/mediastream/MediaDevices.cpp:
+ (WebCore::MediaDevices::MediaDevices):
+ * Modules/mediastream/UserMediaRequest.cpp:
+ (WebCore::UserMediaRequest::UserMediaRequest):
+ * Modules/notifications/Notification.cpp:
+ (WebCore::Notification::Notification):
+ * Modules/paymentrequest/PaymentRequest.cpp:
+ (WebCore::PaymentRequest::PaymentRequest):
+ * Modules/webaudio/AudioContext.cpp:
+ (WebCore::AudioContext::AudioContext):
+ * animation/WebAnimation.cpp:
+ (WebCore::WebAnimation::WebAnimation):
+ * css/FontFaceSet.cpp:
+ (WebCore::FontFaceSet::FontFaceSet):
+ * dom/ActiveDOMObject.cpp:
+ (WebCore::ActiveDOMObject::ActiveDOMObject):
+ * dom/ActiveDOMObject.h:
+ * dom/Document.h:
+ (WebCore::ActiveDOMObject::ActiveDOMObject):
+ * html/HTMLMarqueeElement.cpp:
+ (WebCore::HTMLMarqueeElement::HTMLMarqueeElement):
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::HTMLMediaElement):
+ * html/HTMLSourceElement.cpp:
+ (WebCore::HTMLSourceElement::HTMLSourceElement):
+ * page/IntersectionObserver.cpp:
+ (WebCore::IntersectionObserver::IntersectionObserver):
+
+2019-02-07 Alan Coon <[email protected]>
+
Cherry-pick r241121. rdar://problem/47893559
Infinite recursion via CachedResource::~CachedResource
Modified: branches/safari-607-branch/Source/WebCore/Modules/applepay/ApplePaySession.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/Modules/applepay/ApplePaySession.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/Modules/applepay/ApplePaySession.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -407,7 +407,7 @@
}
ApplePaySession::ApplePaySession(Document& document, unsigned version, ApplePaySessionPaymentRequest&& paymentRequest)
- : ActiveDOMObject { &document }
+ : ActiveDOMObject { document }
, m_paymentRequest { WTFMove(paymentRequest) }
, m_version { version }
{
Modified: branches/safari-607-branch/Source/WebCore/Modules/mediarecorder/MediaRecorder.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/Modules/mediarecorder/MediaRecorder.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/Modules/mediarecorder/MediaRecorder.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -73,7 +73,7 @@
}
MediaRecorder::MediaRecorder(Document& document, Ref<MediaStream>&& stream, std::unique_ptr<MediaRecorderPrivate>&& privateImpl, Options&& option)
- : ActiveDOMObject(&document)
+ : ActiveDOMObject(document)
, m_options(WTFMove(option))
, m_stream(WTFMove(stream))
, m_private(WTFMove(privateImpl))
Modified: branches/safari-607-branch/Source/WebCore/Modules/mediastream/MediaDevices.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/Modules/mediastream/MediaDevices.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/Modules/mediastream/MediaDevices.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -48,7 +48,7 @@
namespace WebCore {
inline MediaDevices::MediaDevices(Document& document)
- : ActiveDOMObject(&document)
+ : ActiveDOMObject(document)
, m_scheduledEventTimer(*this, &MediaDevices::scheduledEventTimerFired)
, m_eventNames(eventNames())
{
Modified: branches/safari-607-branch/Source/WebCore/Modules/mediastream/UserMediaRequest.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/Modules/mediastream/UserMediaRequest.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/Modules/mediastream/UserMediaRequest.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -57,7 +57,7 @@
}
UserMediaRequest::UserMediaRequest(Document& document, MediaStreamRequest&& request, DOMPromiseDeferred<IDLInterface<MediaStream>>&& promise)
- : ActiveDOMObject(&document)
+ : ActiveDOMObject(document)
, m_promise(WTFMove(promise))
, m_request(WTFMove(request))
{
Modified: branches/safari-607-branch/Source/WebCore/Modules/notifications/Notification.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/Modules/notifications/Notification.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/Modules/notifications/Notification.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -53,7 +53,7 @@
}
Notification::Notification(Document& document, const String& title, const Options& options)
- : ActiveDOMObject(&document)
+ : ActiveDOMObject(document)
, m_title(title)
, m_direction(options.dir)
, m_lang(options.lang)
Modified: branches/safari-607-branch/Source/WebCore/Modules/paymentrequest/PaymentRequest.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/Modules/paymentrequest/PaymentRequest.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/Modules/paymentrequest/PaymentRequest.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -349,7 +349,7 @@
}
PaymentRequest::PaymentRequest(Document& document, PaymentOptions&& options, PaymentDetailsInit&& details, Vector<String>&& serializedModifierData, Vector<Method>&& serializedMethodData, String&& selectedShippingOption)
- : ActiveDOMObject { &document }
+ : ActiveDOMObject { document }
, m_options { WTFMove(options) }
, m_details { WTFMove(details) }
, m_serializedModifierData { WTFMove(serializedModifierData) }
Modified: branches/safari-607-branch/Source/WebCore/Modules/webaudio/AudioContext.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/Modules/webaudio/AudioContext.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/Modules/webaudio/AudioContext.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -130,7 +130,7 @@
// Constructor for rendering to the audio hardware.
AudioContext::AudioContext(Document& document)
- : ActiveDOMObject(&document)
+ : ActiveDOMObject(document)
, m_mediaSession(PlatformMediaSession::create(*this))
, m_eventQueue(std::make_unique<GenericEventQueue>(*this))
{
@@ -144,7 +144,7 @@
// Constructor for offline (non-realtime) rendering.
AudioContext::AudioContext(Document& document, unsigned numberOfChannels, size_t numberOfFrames, float sampleRate)
- : ActiveDOMObject(&document)
+ : ActiveDOMObject(document)
, m_isOfflineContext(true)
, m_mediaSession(PlatformMediaSession::create(*this))
, m_eventQueue(std::make_unique<GenericEventQueue>(*this))
Modified: branches/safari-607-branch/Source/WebCore/animation/WebAnimation.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/animation/WebAnimation.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/animation/WebAnimation.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -58,7 +58,7 @@
}
WebAnimation::WebAnimation(Document& document)
- : ActiveDOMObject(&document)
+ : ActiveDOMObject(document)
, m_readyPromise(makeUniqueRef<ReadyPromise>(*this, &WebAnimation::readyPromiseResolve))
, m_finishedPromise(makeUniqueRef<FinishedPromise>(*this, &WebAnimation::finishedPromiseResolve))
{
Modified: branches/safari-607-branch/Source/WebCore/css/FontFaceSet.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/css/FontFaceSet.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/css/FontFaceSet.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -49,7 +49,7 @@
}
FontFaceSet::FontFaceSet(Document& document, const Vector<RefPtr<FontFace>>& initialFaces)
- : ActiveDOMObject(&document)
+ : ActiveDOMObject(document)
, m_backing(CSSFontFaceSet::create())
, m_readyPromise(*this, &FontFaceSet::readyPromiseResolve)
{
@@ -59,7 +59,7 @@
}
FontFaceSet::FontFaceSet(Document& document, CSSFontFaceSet& backing)
- : ActiveDOMObject(&document)
+ : ActiveDOMObject(document)
, m_backing(backing)
, m_readyPromise(*this, &FontFaceSet::readyPromiseResolve)
{
Modified: branches/safari-607-branch/Source/WebCore/dom/ActiveDOMObject.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/dom/ActiveDOMObject.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/dom/ActiveDOMObject.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -27,6 +27,7 @@
#include "config.h"
#include "ActiveDOMObject.h"
+#include "Document.h"
#include "ScriptExecutionContext.h"
namespace WebCore {
@@ -38,6 +39,7 @@
, m_suspendIfNeededWasCalled(false)
#endif
{
+ ASSERT(!is<Document>(m_scriptExecutionContext) || &downcast<Document>(m_scriptExecutionContext)->contextDocument() == downcast<Document>(m_scriptExecutionContext));
if (!m_scriptExecutionContext)
return;
Modified: branches/safari-607-branch/Source/WebCore/dom/ActiveDOMObject.h (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/dom/ActiveDOMObject.h 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/dom/ActiveDOMObject.h 2019-02-07 23:37:10 UTC (rev 241162)
@@ -34,6 +34,8 @@
namespace WebCore {
+class Document;
+
enum class ReasonForSuspension {
_javascript_DebuggerPaused,
WillDeferLoading,
@@ -114,6 +116,8 @@
protected:
explicit ActiveDOMObject(ScriptExecutionContext*);
+ explicit ActiveDOMObject(Document*) = delete;
+ explicit ActiveDOMObject(Document&); // Implemented in Document.h
virtual ~ActiveDOMObject();
private:
Modified: branches/safari-607-branch/Source/WebCore/dom/Document.h (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/dom/Document.h 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/dom/Document.h 2019-02-07 23:37:10 UTC (rev 241162)
@@ -2116,6 +2116,11 @@
return &document().contextDocument();
}
+inline ActiveDOMObject::ActiveDOMObject(Document& document)
+ : ActiveDOMObject(static_cast<ScriptExecutionContext*>(&document.contextDocument()))
+{
+}
+
} // namespace WebCore
SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::Document)
Modified: branches/safari-607-branch/Source/WebCore/html/HTMLMarqueeElement.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/html/HTMLMarqueeElement.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/html/HTMLMarqueeElement.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -40,7 +40,7 @@
inline HTMLMarqueeElement::HTMLMarqueeElement(const QualifiedName& tagName, Document& document)
: HTMLElement(tagName, document)
- , ActiveDOMObject(&document)
+ , ActiveDOMObject(document)
{
ASSERT(hasTagName(marqueeTag));
}
Modified: branches/safari-607-branch/Source/WebCore/html/HTMLMediaElement.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/html/HTMLMediaElement.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/html/HTMLMediaElement.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -426,7 +426,7 @@
HTMLMediaElement::HTMLMediaElement(const QualifiedName& tagName, Document& document, bool createdByParser)
: HTMLElement(tagName, document)
- , ActiveDOMObject(&document)
+ , ActiveDOMObject(document)
, m_progressEventTimer(*this, &HTMLMediaElement::progressEventTimerFired)
, m_playbackProgressTimer(*this, &HTMLMediaElement::playbackProgressTimerFired)
, m_scanTimer(*this, &HTMLMediaElement::scanTimerFired)
Modified: branches/safari-607-branch/Source/WebCore/html/HTMLSourceElement.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/html/HTMLSourceElement.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/html/HTMLSourceElement.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -48,7 +48,7 @@
inline HTMLSourceElement::HTMLSourceElement(const QualifiedName& tagName, Document& document)
: HTMLElement(tagName, document)
- , ActiveDOMObject(&document)
+ , ActiveDOMObject(document)
, m_errorEventTimer(*this, &HTMLSourceElement::errorEventTimerFired)
{
LOG(Media, "HTMLSourceElement::HTMLSourceElement - %p", this);
Modified: branches/safari-607-branch/Source/WebCore/page/IntersectionObserver.cpp (241161 => 241162)
--- branches/safari-607-branch/Source/WebCore/page/IntersectionObserver.cpp 2019-02-07 23:37:04 UTC (rev 241161)
+++ branches/safari-607-branch/Source/WebCore/page/IntersectionObserver.cpp 2019-02-07 23:37:10 UTC (rev 241162)
@@ -106,7 +106,7 @@
}
IntersectionObserver::IntersectionObserver(Document& document, Ref<IntersectionObserverCallback>&& callback, Element* root, LengthBox&& parsedRootMargin, Vector<double>&& thresholds)
- : ActiveDOMObject(downcast<Document>(callback->scriptExecutionContext()))
+ : ActiveDOMObject(callback->scriptExecutionContext())
, m_root(root)
, m_rootMargin(WTFMove(parsedRootMargin))
, m_thresholds(WTFMove(thresholds))
