Changeset 231392 in webkit
- Timestamp:
- May 4, 2018 4:58:04 PM (6 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 4 edited
-
ChangeLog (modified) (1 diff)
-
html/HTMLMediaElement.cpp (modified) (1 diff)
-
html/HTMLMediaElement.h (modified) (1 diff)
-
loader/FrameLoader.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r231390 r231392 1 2018-05-03 Ryosuke Niwa <rniwa@webkit.org> 2 3 Release assert in ScriptController::canExecuteScripts via HTMLMediaElement::~HTMLMediaElement() 4 https://bugs.webkit.org/show_bug.cgi?id=185288 5 6 Reviewed by Jer Noble. 7 8 The crash is caused by HTMLMediaElement::~HTMLMediaElement canceling the resource load via CachedResource 9 which ends up calling FrameLoader::checkCompleted() and fire load event on the document synchronously. 10 Speculatively fix the crash by scheduling the check instead. 11 12 In long term, ResourceLoader::cancel should never fire load event synchronously: webkit.org/b/185284. 13 14 Unfortunately, no new tests since I can't get MediaResource to get destructed at the right time. 15 16 * html/HTMLMediaElement.cpp: 17 (WebCore::HTMLMediaElement::isRunningDestructor): Added to detect this specific case. 18 (WebCore::HTMLMediaElementDestructorScope): Added. 19 (WebCore::HTMLMediaElementDestructorScope::HTMLMediaElementDestructorScope): Added. 20 (WebCore::HTMLMediaElementDestructorScope::~HTMLMediaElementDestructorScope): Added. 21 (WebCore::HTMLMediaElement::~HTMLMediaElement): Instantiate HTMLMediaElement. 22 * html/HTMLMediaElement.h: 23 * loader/FrameLoader.cpp: 24 (WebCore::FrameLoader::checkCompleted): Call scheduleCheckCompleted instead of synchronously calling 25 checkCompleted if we're in the middle of destructing a HTMLMediaElement. 26 1 27 2018-05-04 Ryosuke Niwa <rniwa@webkit.org> 2 28 -
trunk/Source/WebCore/html/HTMLMediaElement.cpp
r231382 r231392 577 577 } 578 578 579 // FIXME: Remove this code once https://webkit.org/b/185284 is fixed. 580 static unsigned s_destructorCount = 0; 581 582 bool HTMLMediaElement::isRunningDestructor() 583 { 584 return !!s_destructorCount; 585 } 586 587 class HTMLMediaElementDestructorScope { 588 public: 589 HTMLMediaElementDestructorScope() { ++s_destructorCount; } 590 ~HTMLMediaElementDestructorScope() { --s_destructorCount; } 591 }; 592 579 593 HTMLMediaElement::~HTMLMediaElement() 580 594 { 595 HTMLMediaElementDestructorScope destructorScope; 581 596 ALWAYS_LOG(LOGIDENTIFIER); 582 597 -
trunk/Source/WebCore/html/HTMLMediaElement.h
r231045 r231392 158 158 static HTMLMediaElement* bestMediaElementForShowingPlaybackControlsManager(MediaElementSession::PlaybackControlsPurpose); 159 159 160 static bool isRunningDestructor(); 161 160 162 WEBCORE_EXPORT void rewind(double timeDelta); 161 163 WEBCORE_EXPORT void returnToRealtime() override; -
trunk/Source/WebCore/loader/FrameLoader.cpp
r231282 r231392 806 806 if (m_isComplete) 807 807 return; 808 809 // FIXME: Remove this code once https://webkit.org/b/185284 is fixed. 810 if (HTMLMediaElement::isRunningDestructor()) { 811 ASSERT_NOT_REACHED(); 812 scheduleCheckCompleted(); 813 return; 814 } 808 815 809 816 // FIXME: It would be better if resource loads were kicked off after render tree update (or didn't complete synchronously).
Note: See TracChangeset
for help on using the changeset viewer.
