[webkit-changes] [126776] trunk

Mon, 27 Aug 2012 11:05:06 -0700

Title: [126776] trunk
Revision
126776
Author
[email protected]
Date
2012-08-27 11:05:44 -0700 (Mon, 27 Aug 2012)

Log Message

Crash when trying to render empty cues
https://bugs.webkit.org/show_bug.cgi?id=94776

Reviewed by Eric Carlson.

Added extra safety checks.

Source/WebCore:

Test: media/track/track-cue-rendering-empty-cue-crash.html

* html/track/TextTrackCue.cpp:
(WebCore::TextTrackCue::getCueAsHTML):
(WebCore::TextTrackCue::updateDisplayTree):

LayoutTests:

* media/track/track-cue-rendering-empty-cue-crash-expected.txt: Added.
* media/track/track-cue-rendering-empty-cue-crash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (126775 => 126776)


--- trunk/LayoutTests/ChangeLog	2012-08-27 17:56:10 UTC (rev 126775)
+++ trunk/LayoutTests/ChangeLog	2012-08-27 18:05:44 UTC (rev 126776)
@@ -1,3 +1,15 @@
+2012-08-27  Victor Carbune  <[email protected]>
+
+        Crash when trying to render empty cues
+        https://bugs.webkit.org/show_bug.cgi?id=94776
+
+        Reviewed by Eric Carlson.
+
+        Added extra safety checks.
+
+        * media/track/track-cue-rendering-empty-cue-crash-expected.txt: Added.
+        * media/track/track-cue-rendering-empty-cue-crash.html: Added.
+
 2012-08-27  Julien Chaffraix  <[email protected]>
 
         Unreviewed Chromium gardening.

Added: trunk/LayoutTests/media/track/track-cue-rendering-empty-cue-crash-expected.txt (0 => 126776)


--- trunk/LayoutTests/media/track/track-cue-rendering-empty-cue-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/media/track/track-cue-rendering-empty-cue-crash-expected.txt	2012-08-27 18:05:44 UTC (rev 126776)
@@ -0,0 +1,10 @@
+Tests that having empty cues does not crash the browser.
+
+** Add a text track to the video element **
+** Add an empty cue to the track **
+** Play the video and render the cue **
+
+No crash. PASS.
+
+END OF TEST
+

Added: trunk/LayoutTests/media/track/track-cue-rendering-empty-cue-crash.html (0 => 126776)


--- trunk/LayoutTests/media/track/track-cue-rendering-empty-cue-crash.html	                        (rev 0)
+++ trunk/LayoutTests/media/track/track-cue-rendering-empty-cue-crash.html	2012-08-27 18:05:44 UTC (rev 126776)
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+        <script src=""
+        <script src=""
+        <script>
+        function startTest()
+        {
+            findMediaElement();
+            video.src = "" '../content/test');
+
+            consoleWrite("** Add a text track to the video element **");
+            video.addTextTrack("captions", "regular captions track", "en");
+
+            consoleWrite("** Add an empty cue to the track **");
+            video.textTracks[0].addCue(new TextTrackCue(0.00, 4.00, ""));
+
+            consoleWrite("** Play the video and render the cue **");
+            video.play();
+
+            consoleWrite("");
+            consoleWrite("No crash. PASS.");
+            consoleWrite("");
+
+            endTest();
+          }
+        </script>
+    </head>
+
+    <body _onload_="startTest()">
+        <p>Tests that having empty cues does not crash the browser.</p>
+        <video controls />
+    </body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (126775 => 126776)


--- trunk/Source/WebCore/ChangeLog	2012-08-27 17:56:10 UTC (rev 126775)
+++ trunk/Source/WebCore/ChangeLog	2012-08-27 18:05:44 UTC (rev 126776)
@@ -1,3 +1,18 @@
+2012-08-27  Victor Carbune  <[email protected]>
+
+        Crash when trying to render empty cues
+        https://bugs.webkit.org/show_bug.cgi?id=94776
+
+        Reviewed by Eric Carlson.
+
+        Added extra safety checks.
+
+        Test: media/track/track-cue-rendering-empty-cue-crash.html
+
+        * html/track/TextTrackCue.cpp:
+        (WebCore::TextTrackCue::getCueAsHTML):
+        (WebCore::TextTrackCue::updateDisplayTree):
+
 2012-08-24  Simon Fraser  <[email protected]>
 
         Implement sticky positioning

Modified: trunk/Source/WebCore/html/track/TextTrackCue.cpp (126775 => 126776)


--- trunk/Source/WebCore/html/track/TextTrackCue.cpp	2012-08-27 17:56:10 UTC (rev 126775)
+++ trunk/Source/WebCore/html/track/TextTrackCue.cpp	2012-08-27 18:05:44 UTC (rev 126776)
@@ -473,6 +473,9 @@
         m_hasInnerTimestamps = false;
         m_documentFragment = WebVTTParser::create(0, m_scriptExecutionContext)->createDocumentFragmentFromCueText(m_content);
 
+        if (!m_documentFragment)
+          return 0;
+
         for (Node *child = m_documentFragment->firstChild(); !m_hasInnerTimestamps && child; child = child->nextSibling()) {
             if (child->nodeName() == "timestamp")
                 m_hasInnerTimestamps = true;
@@ -652,6 +655,9 @@
     DEFINE_STATIC_LOCAL(const AtomicString, trackPastNodesShadowPseudoId, ("-webkit-media-text-track-past-nodes"));
     DEFINE_STATIC_LOCAL(const AtomicString, trackFutureNodesShadowPseudoId, ("-webkit-media-text-track-future-nodes"));
 
+    if (!track()->isRendered())
+      return;
+
     bool isPastNode = true;
 
     // Clear the contents of the two sets.

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to