Title: [217581] trunk/Source/WebCore
- Revision
- 217581
- Author
- [email protected]
- Date
- 2017-05-30 14:59:14 -0700 (Tue, 30 May 2017)
Log Message
m_resourceSelectionTaskQueue tasks should be cleared when player is destroyed to prevent invalid state.
https://bugs.webkit.org/show_bug.cgi?id=172726
rdar://problem/30867764
Patch by Jeremy Jones <[email protected]> on 2017-05-30
Reviewed by Eric Carlson.
I haven't found a reproducible way to make a test case for this race condition.
If m_player is cleared while there is an outstanding task in m_resourceSelectionTaskQueue,
that task may assume m_player is not null and crash. It is better to cancel that task than
to perform it part way with null checks.
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::~HTMLMediaElement):
(WebCore::HTMLMediaElement::clearMediaPlayer):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (217580 => 217581)
--- trunk/Source/WebCore/ChangeLog 2017-05-30 21:54:52 UTC (rev 217580)
+++ trunk/Source/WebCore/ChangeLog 2017-05-30 21:59:14 UTC (rev 217581)
@@ -1,3 +1,21 @@
+2017-05-30 Jeremy Jones <[email protected]>
+
+ m_resourceSelectionTaskQueue tasks should be cleared when player is destroyed to prevent invalid state.
+ https://bugs.webkit.org/show_bug.cgi?id=172726
+ rdar://problem/30867764
+
+ Reviewed by Eric Carlson.
+
+ I haven't found a reproducible way to make a test case for this race condition.
+
+ If m_player is cleared while there is an outstanding task in m_resourceSelectionTaskQueue,
+ that task may assume m_player is not null and crash. It is better to cancel that task than
+ to perform it part way with null checks.
+
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::~HTMLMediaElement):
+ (WebCore::HTMLMediaElement::clearMediaPlayer):
+
2017-05-30 Ryosuke Niwa <[email protected]>
Only include DataDetectorsUI headers in iOS
Modified: trunk/Source/WebCore/html/HTMLMediaElement.cpp (217580 => 217581)
--- trunk/Source/WebCore/html/HTMLMediaElement.cpp 2017-05-30 21:54:52 UTC (rev 217580)
+++ trunk/Source/WebCore/html/HTMLMediaElement.cpp 2017-05-30 21:59:14 UTC (rev 217581)
@@ -583,6 +583,7 @@
m_pauseAfterDetachedTaskQueue.close();
m_updatePlaybackControlsManagerQueue.close();
m_playbackControlsManagerBehaviorRestrictionsQueue.close();
+ m_resourceSelectionTaskQueue.close();
m_completelyLoaded = true;
@@ -5217,6 +5218,8 @@
m_mediaSession->clientCharacteristicsChanged();
m_mediaSession->canProduceAudioChanged();
+ m_resourceSelectionTaskQueue.cancelAllTasks();
+
updateSleepDisabling();
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
