Diff
Modified: branches/safari-605-branch/LayoutTests/ChangeLog (227332 => 227333)
--- branches/safari-605-branch/LayoutTests/ChangeLog 2018-01-22 17:58:46 UTC (rev 227332)
+++ branches/safari-605-branch/LayoutTests/ChangeLog 2018-01-22 17:58:49 UTC (rev 227333)
@@ -1,5 +1,21 @@
2018-01-22 Jason Marcell <[email protected]>
+ Cherry-pick r227272. rdar://problem/36722635
+
+ 2018-01-20 Jer Noble <[email protected]>
+
+ Release ASSERT when reloading Vimeo page @ WebCore: WebCore::Document::updateLayout
+ https://bugs.webkit.org/show_bug.cgi?id=181840
+ <rdar://problem/36186214>
+
+ Reviewed by Simon Fraser.
+
+ * media/video-fullscreen-reload-crash-expected.txt: Added.
+ * media/video-fullscreen-reload-crash.html: Added.
+ * platform/ios/TestExpectations:
+
+2018-01-22 Jason Marcell <[email protected]>
+
Cherry-pick r227270. rdar://problem/36722650
2018-01-20 Youenn Fablet <[email protected]>
Added: branches/safari-605-branch/LayoutTests/media/video-fullscreen-reload-crash-expected.txt (0 => 227333)
--- branches/safari-605-branch/LayoutTests/media/video-fullscreen-reload-crash-expected.txt (rev 0)
+++ branches/safari-605-branch/LayoutTests/media/video-fullscreen-reload-crash-expected.txt 2018-01-22 17:58:49 UTC (rev 227333)
@@ -0,0 +1,10 @@
+Destroy the document containing a video while that video is in fullscreen; should not crash.
+
+RUN(internals.settings.setAllowsInlineMediaPlayback(false))
+RUN(video.load())
+EVENT(canplaythrough)
+RUN(video.play())
+EVENT(webkitbeginfullscreen)
+RUN(iframe.src = ""
+END OF TEST
+
Added: branches/safari-605-branch/LayoutTests/media/video-fullscreen-reload-crash.html (0 => 227333)
--- branches/safari-605-branch/LayoutTests/media/video-fullscreen-reload-crash.html (rev 0)
+++ branches/safari-605-branch/LayoutTests/media/video-fullscreen-reload-crash.html 2018-01-22 17:58:49 UTC (rev 227333)
@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script src=""
+<script>
+function runTest() {
+ run('internals.settings.setAllowsInlineMediaPlayback(false)');
+
+ iframe = document.querySelector('iframe');
+ mediaElement = video = iframe.contentDocument.createElement('video');
+ iframe.contentDocument.body.appendChild(video);
+
+ video.controls = true;
+ video.src = "" "content/test");
+ video.style.width = '100%';
+ video.style.height = '100%';
+
+ video.addEventListener('webkitbeginfullscreen', beginfullscreen);
+ video.addEventListener('webkitfullscreenchange', beginfullscreen);
+ waitForEvent('canplaythrough', canplaythrough);
+
+ runWithKeyDown(() => {
+ run('video.load()');
+ });
+}
+
+function canplaythrough() {
+ runWithKeyDown(() => {
+ run('video.play()');
+ });
+}
+
+function beginfullscreen() {
+ consoleWrite("EVENT(webkitbeginfullscreen)");
+ setTimeout(() => {
+ run('iframe.src = ""
+ setTimeout(endTest, 100);
+ }, 1000);
+}
+</script>
+</head>
+<body _onload_="runTest()">
+ <div>Destroy the document containing a video while that video is in fullscreen; should not crash.</div>
+ <iframe></iframe>
+</body>
+</html>
Modified: branches/safari-605-branch/LayoutTests/platform/ios/TestExpectations (227332 => 227333)
--- branches/safari-605-branch/LayoutTests/platform/ios/TestExpectations 2018-01-22 17:58:46 UTC (rev 227332)
+++ branches/safari-605-branch/LayoutTests/platform/ios/TestExpectations 2018-01-22 17:58:49 UTC (rev 227333)
@@ -954,6 +954,7 @@
media/audio-playback-volume-changes-with-restrictions.html [ Skip ]
media/restricted-audio-playback-with-document-gesture.html [ Skip ]
media/restricted-audio-playback-with-multiple-settimeouts.html [ Skip ]
+media/video-fullscreen-reload-crash.html [ Skip ]
scrollbars/scrolling-backward-by-page-accounting-bottom-fixed-elements-on-keyboard-spacebar.html [ Skip ]
scrollbars/scrolling-backward-by-page-on-keyboard-spacebar.html [ Skip ]
scrollbars/scrolling-by-page-accounting-oversized-fixed-elements-on-keyboard-spacebar.html [ Skip ]
Modified: branches/safari-605-branch/Source/WebCore/ChangeLog (227332 => 227333)
--- branches/safari-605-branch/Source/WebCore/ChangeLog 2018-01-22 17:58:46 UTC (rev 227332)
+++ branches/safari-605-branch/Source/WebCore/ChangeLog 2018-01-22 17:58:49 UTC (rev 227333)
@@ -1,5 +1,25 @@
2018-01-22 Jason Marcell <[email protected]>
+ Cherry-pick r227272. rdar://problem/36722635
+
+ 2018-01-20 Jer Noble <[email protected]>
+
+ Release ASSERT when reloading Vimeo page @ WebCore: WebCore::Document::updateLayout
+ https://bugs.webkit.org/show_bug.cgi?id=181840
+ <rdar://problem/36186214>
+
+ Reviewed by Simon Fraser.
+
+ Test: media/video-fullscreen-reload-crash.html
+
+ Short circuit play() or pause() operations if the document is suspended or stopped.
+
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::playInternal):
+ (WebCore::HTMLMediaElement::pauseInternal):
+
+2018-01-22 Jason Marcell <[email protected]>
+
Cherry-pick r227270. rdar://problem/36722650
2018-01-20 Youenn Fablet <[email protected]>
Modified: branches/safari-605-branch/Source/WebCore/dom/Document.h (227332 => 227333)
--- branches/safari-605-branch/Source/WebCore/dom/Document.h 2018-01-22 17:58:46 UTC (rev 227332)
+++ branches/safari-605-branch/Source/WebCore/dom/Document.h 2018-01-22 17:58:49 UTC (rev 227333)
@@ -1250,7 +1250,7 @@
bool inStyleRecalc() const { return m_inStyleRecalc; }
bool inRenderTreeUpdate() const { return m_inRenderTreeUpdate; }
- bool isSafeToUpdateStyleOrLayout() const;
+ WEBCORE_EXPORT bool isSafeToUpdateStyleOrLayout() const;
void updateTextRenderer(Text&, unsigned offsetOfReplacedText, unsigned lengthOfReplacedText);
Modified: branches/safari-605-branch/Source/WebCore/html/HTMLMediaElement.cpp (227332 => 227333)
--- branches/safari-605-branch/Source/WebCore/html/HTMLMediaElement.cpp 2018-01-22 17:58:46 UTC (rev 227332)
+++ branches/safari-605-branch/Source/WebCore/html/HTMLMediaElement.cpp 2018-01-22 17:58:49 UTC (rev 227333)
@@ -3442,6 +3442,11 @@
{
ALWAYS_LOG(LOGIDENTIFIER);
+ if (isSuspended()) {
+ ALWAYS_LOG(LOGIDENTIFIER, " returning because context is suspended");
+ return;
+ }
+
if (!m_mediaSession->clientWillBeginPlayback()) {
ALWAYS_LOG(LOGIDENTIFIER, " returning because of interruption");
return;
@@ -3527,6 +3532,11 @@
{
ALWAYS_LOG(LOGIDENTIFIER);
+ if (isSuspended()) {
+ ALWAYS_LOG(LOGIDENTIFIER, " returning because context is suspended");
+ return;
+ }
+
if (!m_mediaSession->clientWillPausePlayback()) {
ALWAYS_LOG(LOGIDENTIFIER, " returning because of interruption");
return;
Modified: branches/safari-605-branch/Source/WebKit/ChangeLog (227332 => 227333)
--- branches/safari-605-branch/Source/WebKit/ChangeLog 2018-01-22 17:58:46 UTC (rev 227332)
+++ branches/safari-605-branch/Source/WebKit/ChangeLog 2018-01-22 17:58:49 UTC (rev 227333)
@@ -1,5 +1,22 @@
2018-01-22 Jason Marcell <[email protected]>
+ Cherry-pick r227272. rdar://problem/36722635
+
+ 2018-01-20 Jer Noble <[email protected]>
+
+ Release ASSERT when reloading Vimeo page @ WebCore: WebCore::Document::updateLayout
+ https://bugs.webkit.org/show_bug.cgi?id=181840
+ <rdar://problem/36186214>
+
+ Reviewed by Simon Fraser.
+
+ Updating layout while the document is suspended or stopped is unsafe.
+
+ * WebProcess/cocoa/VideoFullscreenManager.mm:
+ (WebKit::inlineVideoFrame):
+
+2018-01-22 Jason Marcell <[email protected]>
+
Cherry-pick r227269. rdar://problem/36722433
2018-01-20 Chris Dumez <[email protected]>
Modified: branches/safari-605-branch/Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm (227332 => 227333)
--- branches/safari-605-branch/Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm 2018-01-22 17:58:46 UTC (rev 227332)
+++ branches/safari-605-branch/Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm 2018-01-22 17:58:49 UTC (rev 227333)
@@ -58,7 +58,11 @@
static IntRect inlineVideoFrame(HTMLVideoElement& element)
{
- element.document().updateLayoutIgnorePendingStylesheets();
+ auto& document = element.document();
+ if (!document.isSafeToUpdateStyleOrLayout())
+ return { };
+
+ document.updateLayoutIgnorePendingStylesheets();
auto* renderer = element.renderer();
if (!renderer)
return { };
