Title: [211809] branches/safari-604.1.5-branch
- Revision
- 211809
- Author
- matthew_han...@apple.com
- Date
- 2017-02-07 06:50:01 -0800 (Tue, 07 Feb 2017)
Log Message
Merge r211659. rdar://problem/30386165
Modified Paths
Added Paths
Diff
Modified: branches/safari-604.1.5-branch/LayoutTests/ChangeLog (211808 => 211809)
--- branches/safari-604.1.5-branch/LayoutTests/ChangeLog 2017-02-07 14:49:57 UTC (rev 211808)
+++ branches/safari-604.1.5-branch/LayoutTests/ChangeLog 2017-02-07 14:50:01 UTC (rev 211809)
@@ -1,3 +1,17 @@
+2017-02-07 Matthew Hanson <matt_han...@apple.com>
+
+ Merge r211659. rdar://problem/30386165
+
+ 2017-02-03 Jer Noble <jer.no...@apple.com>
+
+ ASSERT in HTMLMediaElement::~HTMLMediaElement
+ https://bugs.webkit.org/show_bug.cgi?id=167818
+
+ Reviewed by Brent Fulgham.
+
+ * media/audio-dealloc-crash-expected.txt: Added.
+ * media/audio-dealloc-crash.html: Added.
+
2017-02-02 Matthew Hanson <matt_han...@apple.com>
Merge r211495. rdar://problem/30106362
Added: branches/safari-604.1.5-branch/LayoutTests/media/audio-dealloc-crash-expected.txt (0 => 211809)
--- branches/safari-604.1.5-branch/LayoutTests/media/audio-dealloc-crash-expected.txt (rev 0)
+++ branches/safari-604.1.5-branch/LayoutTests/media/audio-dealloc-crash-expected.txt 2017-02-07 14:50:01 UTC (rev 211809)
@@ -0,0 +1,2 @@
+END OF TEST
+
Added: branches/safari-604.1.5-branch/LayoutTests/media/audio-dealloc-crash.html (0 => 211809)
--- branches/safari-604.1.5-branch/LayoutTests/media/audio-dealloc-crash.html (rev 0)
+++ branches/safari-604.1.5-branch/LayoutTests/media/audio-dealloc-crash.html 2017-02-07 14:50:01 UTC (rev 211809)
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <script src=""
+ <script src=""
+</head>
+<body>
+ <div>Creating and immediately destroying an Audio element should not crash.</div>
+ <script>
+ runWithKeyDown(() => {
+ document.body.innerHTML = '<audio></audio>';
+ document.body.childNodes[0].play();
+ document.body.innerHTML = '';
+ gc();
+ setTimeout(endTest, 100);
+ });
+ </script>
+</div>
+</body>
+</html>
\ No newline at end of file
Modified: branches/safari-604.1.5-branch/Source/WebCore/ChangeLog (211808 => 211809)
--- branches/safari-604.1.5-branch/Source/WebCore/ChangeLog 2017-02-07 14:49:57 UTC (rev 211808)
+++ branches/safari-604.1.5-branch/Source/WebCore/ChangeLog 2017-02-07 14:50:01 UTC (rev 211809)
@@ -1,3 +1,23 @@
+2017-02-07 Matthew Hanson <matt_han...@apple.com>
+
+ Merge r211659. rdar://problem/30386165
+
+ 2017-02-03 Jer Noble <jer.no...@apple.com>
+
+ ASSERT in HTMLMediaElement::~HTMLMediaElement
+ https://bugs.webkit.org/show_bug.cgi?id=167818
+
+ Reviewed by Brent Fulgham.
+
+ Test: media/audio-dealloc-crash.html
+
+ HTMLMediaElement's MediaElementSession can nominate the HTMLMediaElement itself
+ to become the playback controls session from inside the HTMLMediaElement destructor. Protect
+ against this by clearing out the session before calling updatePlaybackControlsManager().
+
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::~HTMLMediaElement):
+
2017-02-02 Matthew Hanson <matt_han...@apple.com>
Merge r211502. rdar://problem/30319184
Modified: branches/safari-604.1.5-branch/Source/WebCore/html/HTMLMediaElement.cpp (211808 => 211809)
--- branches/safari-604.1.5-branch/Source/WebCore/html/HTMLMediaElement.cpp 2017-02-07 14:49:57 UTC (rev 211808)
+++ branches/safari-604.1.5-branch/Source/WebCore/html/HTMLMediaElement.cpp 2017-02-07 14:50:01 UTC (rev 211809)
@@ -576,6 +576,8 @@
m_player->invalidate();
m_player = nullptr;
}
+
+ m_mediaSession = nullptr;
updatePlaybackControlsManager();
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
