Changeset 207294 in webkit
- Timestamp:
- Oct 13, 2016 11:13:19 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/media/media-source/media-source-remove-crash-expected.txt (added)
-
LayoutTests/media/media-source/media-source-remove-crash.html (added)
-
Source/WebCore/ChangeLog (modified) (1 diff)
-
Source/WebCore/Modules/mediasource/SourceBuffer.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r207290 r207294 1 2016-10-13 Jer Noble <jer.noble@apple.com> 2 3 CRASH at WebCore::SourceBuffer::removeCodedFrames + 37 4 https://bugs.webkit.org/show_bug.cgi?id=163336 5 6 Reviewed by Alex Christensen. 7 8 * media/media-source/media-source-remove-crash-expected.txt: Added. 9 * media/media-source/media-source-remove-crash.html: Added. 10 1 11 2016-10-13 Sergio Villar Senin <svillar@igalia.com> 2 12 -
trunk/Source/WebCore/ChangeLog
r207293 r207294 1 2016-10-13 Jer Noble <jer.noble@apple.com> 2 3 CRASH at WebCore::SourceBuffer::removeCodedFrames + 37 4 https://bugs.webkit.org/show_bug.cgi?id=163336 5 6 Reviewed by Alex Christensen. 7 8 Test: media/media-source/media-source-remove-crash.html 9 10 A null-deref crash can occur if a SourceBuffer is removed from a MediaSource after 11 SourceBuffer.remove() is called, but before the removeTimer is fired. 12 13 * Modules/mediasource/SourceBuffer.cpp: 14 (WebCore::SourceBuffer::removeTimerFired): 15 1 16 2016-10-13 Michael Catanzaro <mcatanzaro@igalia.com> 2 17 -
trunk/Source/WebCore/Modules/mediasource/SourceBuffer.cpp
r207007 r207294 830 830 void SourceBuffer::removeTimerFired() 831 831 { 832 if (isRemoved()) 833 return; 834 832 835 ASSERT(m_updating); 833 836 ASSERT(m_pendingRemoveStart.isValid());
Note: See TracChangeset
for help on using the changeset viewer.
