[webkit-changes] [200050] trunk/Source/WebKit2

[cdumez]

Title: [200050] trunk/Source/WebKit2

Revision

200050

Author

cdu...@apple.com

Date

2016-04-25 14:13:23 -0700 (Mon, 25 Apr 2016)

Log Message

Crash under -[WKWebView _mayAutomaticallyShowVideoPictureInPicture] + 32 (WKWebView.mm:309)
https://bugs.webkit.org/show_bug.cgi?id=156990
<rdar://problem/25904376>

Reviewed by Jer Noble.

In case of WebProcess crash, WebPageProxy::processDidCrash() will call resetState() which
will nullify WebPageProxy::m_videoFullscreenManager. In WebPageProxy::reattachToWebProcess(),
we then call updateViewState() before re-initializing m_videoFullscreenManager, and
updateViewState() ends up calling [WKWebView _mayAutomaticallyShowVideoPictureInPicture]
which dereferences WebPageProxy::m_videoFullscreenManager without null check. This patch
adds a null check for m_videoFullscreenManager in _mayAutomaticallyShowVideoPictureInPicture.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _mayAutomaticallyShowVideoPictureInPicture]):

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm

Diff

Modified: trunk/Source/WebKit2/ChangeLog (200049 => 200050)

--- trunk/Source/WebKit2/ChangeLog	2016-04-25 21:07:32 UTC (rev 200049)
+++ trunk/Source/WebKit2/ChangeLog	2016-04-25 21:13:23 UTC (rev 200050)
@@ -1,3 +1,21 @@
+2016-04-25  Chris Dumez  <cdu...@apple.com>
+
+        Crash under -[WKWebView _mayAutomaticallyShowVideoPictureInPicture] + 32 (WKWebView.mm:309)
+        https://bugs.webkit.org/show_bug.cgi?id=156990
+        <rdar://problem/25904376>
+
+        Reviewed by Jer Noble.
+
+        In case of WebProcess crash, WebPageProxy::processDidCrash() will call resetState() which
+        will nullify WebPageProxy::m_videoFullscreenManager. In WebPageProxy::reattachToWebProcess(),
+        we then call updateViewState() before re-initializing m_videoFullscreenManager, and
+        updateViewState() ends up calling [WKWebView _mayAutomaticallyShowVideoPictureInPicture]
+        which dereferences WebPageProxy::m_videoFullscreenManager without null check. This patch
+        adds a null check for m_videoFullscreenManager in _mayAutomaticallyShowVideoPictureInPicture.
+
+        * UIProcess/API/Cocoa/WKWebView.mm:
+        (-[WKWebView _mayAutomaticallyShowVideoPictureInPicture]):
+
 2016-04-25  Dan Bernstein  <m...@apple.com>
 
         Fix a couple of mistakes from r199700.

Modified: trunk/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm (200049 => 200050)

--- trunk/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm	2016-04-25 21:07:32 UTC (rev 200049)
+++ trunk/Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm	2016-04-25 21:13:23 UTC (rev 200050)
@@ -307,7 +307,7 @@
 #if !HAVE(AVKIT)
     return false;
 #else
-    if (!_page)
+    if (!_page || !_page->videoFullscreenManager())
         return false;
 
     return _page->videoFullscreenManager()->mayAutomaticallyShowVideoPictureInPicture();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes