Changeset 227272 in webkit

Timestamp:

Jan 20, 2018 8:55:45 AM (6 years ago)

Author:

jer.noble@apple.com

Message:

Release ASSERT when reloading Vimeo page @ WebCore: WebCore::Document::updateLayout
​https://bugs.webkit.org/show_bug.cgi?id=181840
<rdar://problem/36186214>

Reviewed by Simon Fraser.

Source/WebCore:

Test: media/video-fullscreen-reload-crash.html

Short circuit play() or pause() operations if the document is suspended or stopped.

• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::playInternal):
(WebCore::HTMLMediaElement::pauseInternal):

Source/WebKit:

Updating layout while the document is suspended or stopped is unsafe.

• WebProcess/cocoa/VideoFullscreenManager.mm:

(WebKit::inlineVideoFrame):

LayoutTests:

• media/video-fullscreen-reload-crash-expected.txt: Added.
• media/video-fullscreen-reload-crash.html: Added.
• platform/ios/TestExpectations:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/media/video-fullscreen-reload-crash-expected.txt (added)
• LayoutTests/media/video-fullscreen-reload-crash.html (added)
• LayoutTests/platform/ios/TestExpectations (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/dom/Document.h (modified) (1 diff)
• Source/WebCore/html/HTMLMediaElement.cpp (modified) (2 diffs)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2018-01-20  Jer Noble  <jer.noble@apple.com>
+
+        Release ASSERT when reloading Vimeo page @ WebCore: WebCore::Document::updateLayout
+        https://bugs.webkit.org/show_bug.cgi?id=181840
+        <rdar://problem/36186214>
+
+        Reviewed by Simon Fraser.
+
+        * media/video-fullscreen-reload-crash-expected.txt: Added.
+        * media/video-fullscreen-reload-crash.html: Added.
+        * platform/ios/TestExpectations:
+
 2018-01-20  Youenn Fablet  <youenn@apple.com>
 

trunk/LayoutTests/platform/ios/TestExpectations

@@ -952 +952 @@
 media/restricted-audio-playback-with-document-gesture.html [ Skip ]
 media/restricted-audio-playback-with-multiple-settimeouts.html [ Skip ]
+media/video-fullscreen-reload-crash.html [ Skip ]
 scrollbars/scrolling-backward-by-page-accounting-bottom-fixed-elements-on-keyboard-spacebar.html [ Skip ]
 scrollbars/scrolling-backward-by-page-on-keyboard-spacebar.html [ Skip ]

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2018-01-20  Jer Noble  <jer.noble@apple.com>
+
+        Release ASSERT when reloading Vimeo page @ WebCore: WebCore::Document::updateLayout
+        https://bugs.webkit.org/show_bug.cgi?id=181840
+        <rdar://problem/36186214>
+
+        Reviewed by Simon Fraser.
+
+        Test: media/video-fullscreen-reload-crash.html
+
+        Short circuit play() or pause() operations if the document is suspended or stopped.
+
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::playInternal):
+        (WebCore::HTMLMediaElement::pauseInternal):
+
 2018-01-20  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebCore/dom/Document.h

@@ -1252 +1252 @@
     bool inStyleRecalc() const { return m_inStyleRecalc; }
     bool inRenderTreeUpdate() const { return m_inRenderTreeUpdate; }
-    bool isSafeToUpdateStyleOrLayout() const;
+    WEBCORE_EXPORT bool isSafeToUpdateStyleOrLayout() const;
 
     void updateTextRenderer(Text&, unsigned offsetOfReplacedText, unsigned lengthOfReplacedText);

trunk/Source/WebCore/html/HTMLMediaElement.cpp

@@ -3443 +3443 @@
     ALWAYS_LOG(LOGIDENTIFIER);
 
+    if (isSuspended()) {
+        ALWAYS_LOG(LOGIDENTIFIER, "  returning because context is suspended");
+        return;
+    }
+
     if (!m_mediaSession->clientWillBeginPlayback()) {
         ALWAYS_LOG(LOGIDENTIFIER, "  returning because of interruption");
@@ -3527 +3532 @@
 {
     ALWAYS_LOG(LOGIDENTIFIER);
+
+    if (isSuspended()) {
+        ALWAYS_LOG(LOGIDENTIFIER, "  returning because context is suspended");
+        return;
+    }
 
     if (!m_mediaSession->clientWillPausePlayback()) {

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2018-01-20  Jer Noble  <jer.noble@apple.com>
+
+        Release ASSERT when reloading Vimeo page @ WebCore: WebCore::Document::updateLayout
+        https://bugs.webkit.org/show_bug.cgi?id=181840
+        <rdar://problem/36186214>
+
+        Reviewed by Simon Fraser.
+
+        Updating layout while the document is suspended or stopped is unsafe.
+
+        * WebProcess/cocoa/VideoFullscreenManager.mm:
+        (WebKit::inlineVideoFrame):
+
 2018-01-20  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm

@@ -59 +59 @@
 static IntRect inlineVideoFrame(HTMLVideoElement& element)
 {
-    element.document().updateLayoutIgnorePendingStylesheets();
+    auto& document = element.document();
+    if (!document.isSafeToUpdateStyleOrLayout())
+        return { };
+
+    document.updateLayoutIgnorePendingStylesheets();
     auto* renderer = element.renderer();
     if (!renderer)