Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 23871b35678729fe1fa18102db9ac0de0160e5d5
https://github.com/WebKit/WebKit/commit/23871b35678729fe1fa18102db9ac0de0160e5d5
Author: Andy Estes <[email protected]>
Date: 2024-06-25 (Tue, 25 Jun 2024)
Changed paths:
M Source/WebCore/platform/audio/ios/AudioSessionIOS.mm
M Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm
M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm
Log Message:
-----------
[visionOS] Safari can crash when entering LinearMediaPlayer fullscreen
https://bugs.webkit.org/show_bug.cgi?id=275881
rdar://130103538
Reviewed by Alex Christensen.
There were two issues that could result in a UI process crash when
entering LinearMediaPlayer fullscreen:
1. PlaybackSessionModelMediaElement::m_soundStageSize was not initialized by
its constructor. When
entering LinearMediaKit fullscreen we change the sound stage size, which
reads from this
uninitialized value and attempts to send it from WebContent to GPU via IPC.
CoreIPC detects the
invalid value and terminates the WebContent process
2. When the UI process handles a WebContent process termination it calls
PlaybackSessionManagerProxy::invalidate(), but the WebPageProxy has been
destroyed in this case.
PlaybackSessionManagerProxy stores a WeakPtr to the WebPageProxy but does
not property null-check
it in many places. This leads to the UI process crashing due to the
WebContent process
termination in (1).
Addressed (1) by initializing
PlaybackSessionModelMediaElement::m_soundStageSize to
SoundStageSize::Automatic. Addressed (2) by storing
PlaybackSessionManagerProxy::m_page in a RefPtr
and checking it for null before accessing it.
* Source/WebCore/platform/audio/ios/AudioSessionIOS.mm:
(WebCore::AudioSessionIOS::updateSpatialExperience):
* Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm:
(WebCore::PlaybackSessionModelMediaElement::PlaybackSessionModelMediaElement):
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
(WebKit::PlaybackSessionManagerProxy::invalidate):
(WebKit::PlaybackSessionManagerProxy::createModelAndInterface):
(WebKit::PlaybackSessionManagerProxy::setUpPlaybackControlsManagerWithID):
(WebKit::PlaybackSessionManagerProxy::clearPlaybackControlsManager):
(WebKit::PlaybackSessionManagerProxy::currentTimeChanged):
(WebKit::PlaybackSessionManagerProxy::rateChanged):
(WebKit::PlaybackSessionManagerProxy::handleControlledElementIDResponse const):
(WebKit::PlaybackSessionManagerProxy::play):
(WebKit::PlaybackSessionManagerProxy::pause):
(WebKit::PlaybackSessionManagerProxy::togglePlayState):
(WebKit::PlaybackSessionManagerProxy::beginScrubbing):
(WebKit::PlaybackSessionManagerProxy::endScrubbing):
(WebKit::PlaybackSessionManagerProxy::seekToTime):
(WebKit::PlaybackSessionManagerProxy::fastSeek):
(WebKit::PlaybackSessionManagerProxy::beginScanningForward):
(WebKit::PlaybackSessionManagerProxy::beginScanningBackward):
(WebKit::PlaybackSessionManagerProxy::endScanning):
(WebKit::PlaybackSessionManagerProxy::setDefaultPlaybackRate):
(WebKit::PlaybackSessionManagerProxy::setPlaybackRate):
(WebKit::PlaybackSessionManagerProxy::selectAudioMediaOption):
(WebKit::PlaybackSessionManagerProxy::selectLegibleMediaOption):
(WebKit::PlaybackSessionManagerProxy::togglePictureInPicture):
(WebKit::PlaybackSessionManagerProxy::enterFullscreen):
(WebKit::PlaybackSessionManagerProxy::exitFullscreen):
(WebKit::PlaybackSessionManagerProxy::toggleInWindow):
(WebKit::PlaybackSessionManagerProxy::toggleMuted):
(WebKit::PlaybackSessionManagerProxy::setMuted):
(WebKit::PlaybackSessionManagerProxy::setVolume):
(WebKit::PlaybackSessionManagerProxy::setPlayingOnSecondScreen):
(WebKit::PlaybackSessionManagerProxy::sendRemoteCommand):
(WebKit::PlaybackSessionManagerProxy::setVideoReceiverEndpoint):
(WebKit::PlaybackSessionManagerProxy::uncacheVideoReceiverEndpoint):
(WebKit::PlaybackSessionManagerProxy::setSpatialTrackingLabel):
(WebKit::PlaybackSessionManagerProxy::setSoundStageSize):
(WebKit::PlaybackSessionManagerProxy::requestControlledElementID):
Canonical link: https://commits.webkit.org/280363@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
