Title: [169218] branches/safari-537.77-branch/Source/WebCore
- Revision
- 169218
- Author
- [email protected]
- Date
- 2014-05-22 14:16:03 -0700 (Thu, 22 May 2014)
Log Message
Merged r167264. <rdar://problem/16975518>
Modified Paths
Diff
Modified: branches/safari-537.77-branch/Source/WebCore/ChangeLog (169217 => 169218)
--- branches/safari-537.77-branch/Source/WebCore/ChangeLog 2014-05-22 21:11:55 UTC (rev 169217)
+++ branches/safari-537.77-branch/Source/WebCore/ChangeLog 2014-05-22 21:16:03 UTC (rev 169218)
@@ -1,5 +1,26 @@
2014-05-22 Dana Burkart <[email protected]>
+ Merge r167264
+
+ 2014-04-14 Jer Noble <[email protected]>
+
+ Use after free in WebCore::CachedResourceHandleBase::~CachedResourceHandleBase / WebCore::removeDetachedChildrenInContainer
+ https://bugs.webkit.org/show_bug.cgi?id=131169
+
+ Reviewed by Eric Carlson.
+
+ Invalidate the WebCoreAVFResourceLoader owned by MediaPlayerPrivateAVFoundationObjC
+ in its destructor, to prevent a private function being called in response to the
+ WebCoreAVFResourceLoader being stopped.
+
+ * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
+ (WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC):
+ * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.h:
+ * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
+ (WebCore::WebCoreAVFResourceLoader::invalidate):
+
+2014-05-22 Dana Burkart <[email protected]>
+
Merge r166628
2014-04-13 Darin Adler <[email protected]>
Modified: branches/safari-537.77-branch/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm (169217 => 169218)
--- branches/safari-537.77-branch/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm 2014-05-22 21:11:55 UTC (rev 169217)
+++ branches/safari-537.77-branch/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm 2014-05-22 21:16:03 UTC (rev 169218)
@@ -253,6 +253,9 @@
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1090
[m_loaderDelegate.get() setCallback:0];
[[m_avAsset.get() resourceLoader] setDelegate:nil queue:0];
+
+ for (auto& pair : m_resourceLoaderMap)
+ pair.value->invalidate();
#endif
cancelLoad();
}
Modified: branches/safari-537.77-branch/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.h (169217 => 169218)
--- branches/safari-537.77-branch/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.h 2014-05-22 21:11:55 UTC (rev 169217)
+++ branches/safari-537.77-branch/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.h 2014-05-22 21:16:03 UTC (rev 169218)
@@ -51,6 +51,7 @@
void startLoading();
void stopLoading();
+ void invalidate();
CachedRawResource* resource();
Modified: branches/safari-537.77-branch/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm (169217 => 169218)
--- branches/safari-537.77-branch/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm 2014-05-22 21:11:55 UTC (rev 169217)
+++ branches/safari-537.77-branch/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm 2014-05-22 21:16:03 UTC (rev 169218)
@@ -63,7 +63,7 @@
void WebCoreAVFResourceLoader::startLoading()
{
- if (m_resource)
+ if (m_resource || !m_parent)
return;
KURL requestURL = [[m_avRequest.get() request] URL];
@@ -89,9 +89,16 @@
m_resource->removeClient(this);
m_resource = 0;
- m_parent->didStopLoadingRequest(m_avRequest.get());
+ if (m_parent)
+ m_parent->didStopLoadingRequest(m_avRequest.get());
}
+void WebCoreAVFResourceLoader::invalidate()
+{
+ m_parent = nullptr;
+ stopLoading();
+}
+
void WebCoreAVFResourceLoader::responseReceived(CachedResource* resource, const ResourceResponse& response)
{
ASSERT(resource == m_resource);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
