Branch: refs/heads/webkitglib/2.52
Home: https://github.com/WebKit/WebKit
Commit: abcb3491801d85ed05fc73906afa4ac9b9fb1f16
https://github.com/WebKit/WebKit/commit/abcb3491801d85ed05fc73906afa4ac9b9fb1f16
Author: Charlie Wolfe <[email protected]>
Date: 2026-05-22 (Fri, 22 May 2026)
Changed paths:
M LayoutTests/TestExpectations
A
LayoutTests/media/media-source/media-source-evict-invalid-time-crash-expected.txt
A LayoutTests/media/media-source/media-source-evict-invalid-time-crash.html
M LayoutTests/platform/glib/TestExpectations
M Source/WebCore/platform/graphics/SourceBufferPrivate.cpp
Log Message:
-----------
REGRESSION(305199@main): Crash in
`SourceBufferPrivate::removeCodedFramesInternal`
https://bugs.webkit.org/show_bug.cgi?id=308678 rdar://170833664
Reviewed by Jer Noble.
Crash data indicates removeCodedFramesInternal can be called with an invalid
end time. Since
305199@main, invalidTime comparisons return unordered, causing all comparison
guards to evaluate to
false, which allows an invalid MediaTime to be used as a std::map key. We
should return early if the
buffered time is invalid to avoid crashing.
Test: media/media-source/media-source-evict-invalid-time-crash.html
* LayoutTests/TestExpectations:
*
LayoutTests/media/media-source/media-source-evict-invalid-time-crash-expected.txt:
Added.
* LayoutTests/media/media-source/media-source-evict-invalid-time-crash.html:
Added.
* Source/WebCore/platform/graphics/SourceBufferPrivate.cpp:
(WebCore::SourceBufferPrivate::removeCodedFramesInternal):
Originally-landed-as: 305413.370@rapid/safari-7624.2.5.110-branch
(f23e9cfe0406). rdar://176067104
Canonical link: https://commits.webkit.org/305877.664@webkitglib/2.52
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
