Modified: trunk/Source/WebKit/ChangeLog (247191 => 247192)
--- trunk/Source/WebKit/ChangeLog 2019-07-06 05:37:36 UTC (rev 247191)
+++ trunk/Source/WebKit/ChangeLog 2019-07-06 08:14:16 UTC (rev 247192)
@@ -1,3 +1,22 @@
+2019-07-06 Chris Fleizach <cfleiz...@apple.com>
+
+ AX: CrashTracer: com.apple.WebKit.WebContent at WebKit: WebKit::WebSpeechSynthesisClient::speak
+ https://bugs.webkit.org/show_bug.cgi?id=199435
+
+ Reviewed by Ryosuke Niwa.
+
+ Ensure we don't access null observers in speech callbacks.
+
+ * WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp:
+ (WebKit::WebSpeechSynthesisClient::voiceList):
+ (WebKit::WebSpeechSynthesisClient::speak):
+ (WebKit::WebSpeechSynthesisClient::pause):
+ (WebKit::WebSpeechSynthesisClient::resume):
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::speakingErrorOccurred):
+ (WebKit::WebPage::boundaryEventOccurred):
+ (WebKit::WebPage::voicesDidChange):
+
2019-07-05 Chris Dumez <cdu...@apple.com>
Fix thread safety bug in WebResourceLoadStatisticsTelemetry::calculateAndSubmit()
Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp (247191 => 247192)
--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp 2019-07-06 05:37:36 UTC (rev 247191)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.cpp 2019-07-06 08:14:16 UTC (rev 247192)
@@ -43,18 +43,25 @@
m_page.sendSync(Messages::WebPageProxy::SpeechSynthesisVoiceList(), voiceList);
m_voices.clear();
- for (auto& voice : voiceList) {
+ for (auto& voice : voiceList)
m_voices.append(WebCore::PlatformSpeechSynthesisVoice::create(voice.voiceURI, voice.name, voice.lang, voice.localService, voice.defaultLang));
-
- }
return m_voices;
}
+WebCore::SpeechSynthesisClientObserver* WebSpeechSynthesisClient::corePageObserver() const
+{
+ if (m_page.corePage() && m_page.corePage()->speechSynthesisClient() && m_page.corePage()->speechSynthesisClient()->observer())
+ return m_page.corePage()->speechSynthesisClient()->observer().get();
+ return nullptr;
+}
+
void WebSpeechSynthesisClient::speak(RefPtr<WebCore::PlatformSpeechSynthesisUtterance> utterance)
{
WTF::CompletionHandler<void()> completionHandler = [this, weakThis = makeWeakPtr(*this)]() mutable {
- if (weakThis)
- m_page.corePage()->speechSynthesisClient()->observer()->didFinishSpeaking();
+ if (!weakThis)
+ return;
+ if (auto observer = corePageObserver())
+ observer->didFinishSpeaking();
};
auto voice = utterance->voice();
@@ -65,8 +72,8 @@
auto isDefault = voice ? voice->isDefault() : false;
m_page.sendWithAsyncReply(Messages::WebPageProxy::SpeechSynthesisSpeak(utterance->text(), utterance->lang(), utterance->volume(), utterance->rate(), utterance->pitch(), utterance->startTime(), voiceURI, name, lang, localService, isDefault), WTFMove(completionHandler));
-
- m_page.corePage()->speechSynthesisClient()->observer()->didStartSpeaking();
+ if (auto observer = corePageObserver())
+ observer->didStartSpeaking();
}
void WebSpeechSynthesisClient::cancel()
@@ -77,8 +84,10 @@
void WebSpeechSynthesisClient::pause()
{
WTF::CompletionHandler<void()> completionHandler = [this, weakThis = makeWeakPtr(*this)]() mutable {
- if (weakThis)
- m_page.corePage()->speechSynthesisClient()->observer()->didPauseSpeaking();
+ if (!weakThis)
+ return;
+ if (auto observer = corePageObserver())
+ observer->didPauseSpeaking();
};
m_page.sendWithAsyncReply(Messages::WebPageProxy::SpeechSynthesisPause(), WTFMove(completionHandler));
@@ -87,8 +96,10 @@
void WebSpeechSynthesisClient::resume()
{
WTF::CompletionHandler<void()> completionHandler = [this, weakThis = makeWeakPtr(*this)]() mutable {
- if (weakThis)
- m_page.corePage()->speechSynthesisClient()->observer()->didResumeSpeaking();
+ if (!weakThis)
+ return;
+ if (auto observer = corePageObserver())
+ observer->didResumeSpeaking();
};
m_page.sendWithAsyncReply(Messages::WebPageProxy::SpeechSynthesisResume(), WTFMove(completionHandler));
Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.h (247191 => 247192)
--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.h 2019-07-06 05:37:36 UTC (rev 247191)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebSpeechSynthesisClient.h 2019-07-06 08:14:16 UTC (rev 247192)
@@ -49,12 +49,12 @@
void cancel() override;
void pause() override;
void resume() override;
-
+private:
void setObserver(WeakPtr<WebCore::SpeechSynthesisClientObserver> observer) override { m_observer = observer; }
WeakPtr<WebCore::SpeechSynthesisClientObserver> observer() const override { return m_observer; }
+
+ WebCore::SpeechSynthesisClientObserver* corePageObserver() const;
-
-private:
WebPage& m_page;
WeakPtr<WebCore::SpeechSynthesisClientObserver> m_observer;
Vector<RefPtr<WebCore::PlatformSpeechSynthesisVoice>> m_voices;
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (247191 => 247192)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2019-07-06 05:37:36 UTC (rev 247191)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2019-07-06 08:14:16 UTC (rev 247192)
@@ -6584,17 +6584,20 @@
#if ENABLE(SPEECH_SYNTHESIS)
void WebPage::speakingErrorOccurred()
{
- corePage()->speechSynthesisClient()->observer()->speakingErrorOccurred();
+ if (auto observer = corePage()->speechSynthesisClient()->observer())
+ observer->speakingErrorOccurred();
}
void WebPage::boundaryEventOccurred(bool wordBoundary, unsigned charIndex)
{
- corePage()->speechSynthesisClient()->observer()->boundaryEventOccurred(wordBoundary, charIndex);
+ if (auto observer = corePage()->speechSynthesisClient()->observer())
+ observer->boundaryEventOccurred(wordBoundary, charIndex);
}
void WebPage::voicesDidChange()
{
- corePage()->speechSynthesisClient()->observer()->voicesChanged();
+ if (auto observer = corePage()->speechSynthesisClient()->observer())
+ observer->voicesChanged();
}
#endif
