Skip to site navigation (Press enter)

[webkit-changes] [225567] trunk

commit-queue Tue, 05 Dec 2017 21:25:32 -0800

Title: [225567] trunk

Revision: 225567
Author: commit-qu...@webkit.org
Date: 2017-12-05 21:25:15 -0800 (Tue, 05 Dec 2017)

Log Message

[GTK] Layout test media/track/track-in-band-duplicate-tracks-when-source-changes.html crashes and times out
https://bugs.webkit.org/show_bug.cgi?id=160131


Patch by Fujii Hironori <hironori.fu...@sony.com> on 2017-12-05
Reviewed by Eric Carlson.

Source/WebCore:

Null dereference can be happen if VideoTrack and AudioTrack are
disconnected from its media element.

No new tests, no behavior change.

* html/track/AudioTrack.cpp:
(WebCore::AudioTrack::willRemove): Null-check mediaElement.
* html/track/VideoTrack.cpp:
(WebCore::VideoTrack::setLanguage): Ditto.

LayoutTests:

* platform/gtk/TestExpectations:

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/LayoutTests/platform/gtk/TestExpectations
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/html/track/AudioTrack.cpp
trunk/Source/WebCore/html/track/VideoTrack.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (225566 => 225567)


--- trunk/LayoutTests/ChangeLog	2017-12-06 04:47:00 UTC (rev 225566)
+++ trunk/LayoutTests/ChangeLog	2017-12-06 05:25:15 UTC (rev 225567)
@@ -1,3 +1,12 @@
+2017-12-05  Fujii Hironori  <hironori.fu...@sony.com>
+
+        [GTK] Layout test media/track/track-in-band-duplicate-tracks-when-source-changes.html crashes and times out
+        https://bugs.webkit.org/show_bug.cgi?id=160131
+
+        Reviewed by Eric Carlson.
+
+        * platform/gtk/TestExpectations:
+
 2017-12-05  Chris Dumez  <cdu...@apple.com>
 
         ServiceWorkerGlobalScope prototype chain should be immutable

Modified: trunk/LayoutTests/platform/gtk/TestExpectations (225566 => 225567)


--- trunk/LayoutTests/platform/gtk/TestExpectations	2017-12-06 04:47:00 UTC (rev 225566)
+++ trunk/LayoutTests/platform/gtk/TestExpectations	2017-12-06 05:25:15 UTC (rev 225567)
@@ -3052,7 +3052,7 @@
 
 webkit.org/b/163512 media/media-controls-accessibility.html [ Failure ]
 webkit.org/b/163521 media/tab-focus-inside-media-elements.html [ Failure ]
-webkit.org/b/163523 media/track/track-manual-mode.html [ Failure Crash ]
+webkit.org/b/163523 media/track/track-manual-mode.html [ Failure ]
 webkit.org/b/163524 media/track/video-track-alternate-groups.html [ Failure ]
 webkit.org/b/163525 media/video-background-tab-playback.html [ Failure Pass Crash Timeout ]
 webkit.org/b/163526 media/video-controls-drop-and-restore-timeline.html [ Failure ]
@@ -3500,9 +3500,7 @@
 
 webkit.org/b/160119 media/click-volume-bar-not-pausing.html [ Timeout Failure Pass ]
 
-# This one has its own bug because the crashes were preexisting; only the
-# timeout is caused by the switch to threaded compositor.
-webkit.org/b/160131 media/track/track-in-band-duplicate-tracks-when-source-changes.html [ Crash Timeout Pass ]
+webkit.org/b/160131 media/track/track-in-band-duplicate-tracks-when-source-changes.html [ Timeout Pass ]
 
 webkit.org/b/160131 plugins/return-error-from-new-stream-doesnt-invoke-destroy-stream.html [ Timeout Pass ]

Modified: trunk/Source/WebCore/ChangeLog (225566 => 225567)


--- trunk/Source/WebCore/ChangeLog	2017-12-06 04:47:00 UTC (rev 225566)
+++ trunk/Source/WebCore/ChangeLog	2017-12-06 05:25:15 UTC (rev 225567)
@@ -1,3 +1,20 @@
+2017-12-05  Fujii Hironori  <hironori.fu...@sony.com>
+
+        [GTK] Layout test media/track/track-in-band-duplicate-tracks-when-source-changes.html crashes and times out
+        https://bugs.webkit.org/show_bug.cgi?id=160131
+
+        Reviewed by Eric Carlson.
+
+        Null dereference can be happen if VideoTrack and AudioTrack are
+        disconnected from its media element.
+
+        No new tests, no behavior change.
+
+        * html/track/AudioTrack.cpp:
+        (WebCore::AudioTrack::willRemove): Null-check mediaElement.
+        * html/track/VideoTrack.cpp:
+        (WebCore::VideoTrack::setLanguage): Ditto.
+
 2017-12-05  Chris Dumez  <cdu...@apple.com>
 
         ServiceWorkerGlobalScope prototype chain should be immutable

Modified: trunk/Source/WebCore/html/track/AudioTrack.cpp (225566 => 225567)


--- trunk/Source/WebCore/html/track/AudioTrack.cpp	2017-12-06 04:47:00 UTC (rev 225566)
+++ trunk/Source/WebCore/html/track/AudioTrack.cpp	2017-12-06 05:25:15 UTC (rev 225567)
@@ -160,7 +160,10 @@
 
 void AudioTrack::willRemove()
 {
-    mediaElement()->removeAudioTrack(*this);
+    auto element = makeRefPtr(mediaElement());
+    if (!element)
+        return;
+    element->removeAudioTrack(*this);
 }
 
 void AudioTrack::updateKindFromPrivate()

Modified: trunk/Source/WebCore/html/track/VideoTrack.cpp (225566 => 225567)


--- trunk/Source/WebCore/html/track/VideoTrack.cpp	2017-12-06 04:47:00 UTC (rev 225566)
+++ trunk/Source/WebCore/html/track/VideoTrack.cpp	2017-12-06 05:25:15 UTC (rev 225567)
@@ -210,7 +210,8 @@
 
     // 4. Queue a task to fire a simple event named change at the VideoTrackList object referenced by
     // the videoTracks attribute on the HTMLMediaElement.
-    mediaElement()->videoTracks().scheduleChangeEvent();
+    if (mediaElement())
+        mediaElement()->videoTracks().scheduleChangeEvent();
 }
 
 #endif

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes