Title: [252841] trunk/Source/WebCore
- Revision
- 252841
- Author
- [email protected]
- Date
- 2019-11-24 03:23:02 -0800 (Sun, 24 Nov 2019)
Log Message
Ensure SpeechSynthesis::cancel() correctly clears m_currentSpeechUtterance
https://bugs.webkit.org/show_bug.cgi?id=204429
<rdar://57072704>
Patch by Sunny He <[email protected]> on 2019-11-24
Reviewed by Chris Fleizach.
Currently it is possible for the utterance that is in the process of
being spoken to be garbage collected. In this case, the pointer held
by SpeechSynthesis (m_currentSpeechUtterance) won't be properly
cleared on cancel(). This change ensures that cancel() nulls out the
current utterance and SpeechSynthesis takes a Ref for the utterance.
* Modules/speech/SpeechSynthesis.cpp:
(WebCore::SpeechSynthesis::cancel):
* Modules/speech/SpeechSynthesis.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (252840 => 252841)
--- trunk/Source/WebCore/ChangeLog 2019-11-24 03:05:49 UTC (rev 252840)
+++ trunk/Source/WebCore/ChangeLog 2019-11-24 11:23:02 UTC (rev 252841)
@@ -1,3 +1,21 @@
+2019-11-24 Sunny He <[email protected]>
+
+ Ensure SpeechSynthesis::cancel() correctly clears m_currentSpeechUtterance
+ https://bugs.webkit.org/show_bug.cgi?id=204429
+ <rdar://57072704>
+
+ Reviewed by Chris Fleizach.
+
+ Currently it is possible for the utterance that is in the process of
+ being spoken to be garbage collected. In this case, the pointer held
+ by SpeechSynthesis (m_currentSpeechUtterance) won't be properly
+ cleared on cancel(). This change ensures that cancel() nulls out the
+ current utterance and SpeechSynthesis takes a Ref for the utterance.
+
+ * Modules/speech/SpeechSynthesis.cpp:
+ (WebCore::SpeechSynthesis::cancel):
+ * Modules/speech/SpeechSynthesis.h:
+
2019-11-23 John Wilander <[email protected]>
Resource Load Statistics: Allow multiple third-party cookie blocking settings
Modified: trunk/Source/WebCore/Modules/speech/SpeechSynthesis.cpp (252840 => 252841)
--- trunk/Source/WebCore/Modules/speech/SpeechSynthesis.cpp 2019-11-24 03:05:49 UTC (rev 252840)
+++ trunk/Source/WebCore/Modules/speech/SpeechSynthesis.cpp 2019-11-24 11:23:02 UTC (rev 252841)
@@ -149,9 +149,10 @@
// Hold on to the current utterance so the platform synthesizer can have a chance to clean up.
RefPtr<SpeechSynthesisUtterance> current = m_currentSpeechUtterance;
m_utteranceQueue.clear();
- if (m_speechSynthesisClient)
+ if (m_speechSynthesisClient) {
m_speechSynthesisClient->cancel();
- else if (m_platformSpeechSynthesizer) {
+ m_currentSpeechUtterance = nullptr;
+ } else if (m_platformSpeechSynthesizer) {
m_platformSpeechSynthesizer->cancel();
// The platform should have called back immediately and cleared the current utterance.
ASSERT(!m_currentSpeechUtterance);
Modified: trunk/Source/WebCore/Modules/speech/SpeechSynthesis.h (252840 => 252841)
--- trunk/Source/WebCore/Modules/speech/SpeechSynthesis.h 2019-11-24 03:05:49 UTC (rev 252840)
+++ trunk/Source/WebCore/Modules/speech/SpeechSynthesis.h 2019-11-24 11:23:02 UTC (rev 252841)
@@ -98,7 +98,7 @@
std::unique_ptr<PlatformSpeechSynthesizer> m_platformSpeechSynthesizer;
Vector<Ref<SpeechSynthesisVoice>> m_voiceList;
- SpeechSynthesisUtterance* m_currentSpeechUtterance;
+ RefPtr<SpeechSynthesisUtterance> m_currentSpeechUtterance;
Deque<Ref<SpeechSynthesisUtterance>> m_utteranceQueue;
bool m_isPaused;
#if PLATFORM(IOS_FAMILY)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
