Changeset 249147 in webkit

Timestamp:

Aug 27, 2019 9:48:21 AM (5 years ago)

Author:

jer.noble@apple.com

Message:

Removing fullscreen element in rAF() callback after requestFullscreen() can leave fullscreen in inconsistent state.
​https://bugs.webkit.org/show_bug.cgi?id=201101
<rdar://problem/54164587>

Reviewed by Eric Carlson.

Source/WebCore:

Test: fullscreen/full-screen-request-removed-with-raf.html

Add a new state variable, m_pendingFullscreenElement, to track which element is about to
become the fullscreen element, so that when elements are removed or cancelFullscreen() is
called, the state machine inside the fullscreen algorithm can cancel effectively.

• dom/FullscreenManager.cpp:

(WebCore::FullscreenManager::requestFullscreenForElement):
(WebCore::FullscreenManager::cancelFullscreen):
(WebCore::FullscreenManager::exitFullscreen):
(WebCore::FullscreenManager::willEnterFullscreen):
(WebCore::FullscreenManager::willExitFullscreen):
(WebCore::FullscreenManager::didExitFullscreen):
(WebCore::FullscreenManager::adjustFullscreenElementOnNodeRemoval):
(WebCore::FullscreenManager::clear):
(WebCore::FullscreenManager::fullscreenElementRemoved): Deleted.

• dom/FullscreenManager.h:

Source/WebKit:

Add more state to track in which direction the animation is flowing to allow in-process
animations to be cancelled more gracefully.

• UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:

(-[WKFullScreenWindowController enterFullScreen]):
(-[WKFullScreenWindowController beganEnterFullScreenWithInitialFrame:finalFrame:]):
(-[WKFullScreenWindowController requestExitFullScreen]):
(-[WKFullScreenWindowController exitFullScreen]):

• WebProcess/cocoa/VideoFullscreenManager.h:

(WebKit::VideoFullscreenInterfaceContext::animationState const):
(WebKit::VideoFullscreenInterfaceContext::setAnimationState):
(WebKit::VideoFullscreenInterfaceContext::isAnimating const): Deleted.
(WebKit::VideoFullscreenInterfaceContext::setIsAnimating): Deleted.

• WebProcess/cocoa/VideoFullscreenManager.mm:

(WebKit::VideoFullscreenManager::enterVideoFullscreenForVideoElement):
(WebKit::VideoFullscreenManager::exitVideoFullscreenForVideoElement):
(WebKit::VideoFullscreenManager::didEnterFullscreen):
(WebKit::VideoFullscreenManager::didCleanupFullscreen):

LayoutTests:

• fullscreen/full-screen-request-removed-with-raf-expected.txt: Added.
• fullscreen/full-screen-request-removed-with-raf.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fullscreen/full-screen-request-removed-with-raf-expected.txt (added)
• LayoutTests/fullscreen/full-screen-request-removed-with-raf.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/dom/FullscreenManager.cpp (modified) (12 diffs)
• Source/WebCore/dom/FullscreenManager.h (modified) (1 diff)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm (modified) (5 diffs)
• Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.h (modified) (2 diffs)
• Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm (modified) (4 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2019-08-26  Jer Noble  <jer.noble@apple.com>
+
+        Removing fullscreen element in rAF() callback after requestFullscreen() can leave fullscreen in inconsistent state.
+        https://bugs.webkit.org/show_bug.cgi?id=201101
+        <rdar://problem/54164587>
+
+        Reviewed by Eric Carlson.
+
+        * fullscreen/full-screen-request-removed-with-raf-expected.txt: Added.
+        * fullscreen/full-screen-request-removed-with-raf.html: Added.
+
 2019-08-27  Peng Liu  <peng.liu6@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2019-08-26  Jer Noble  <jer.noble@apple.com>
+
+        Removing fullscreen element in rAF() callback after requestFullscreen() can leave fullscreen in inconsistent state.
+        https://bugs.webkit.org/show_bug.cgi?id=201101
+        <rdar://problem/54164587>
+
+        Reviewed by Eric Carlson.
+
+        Test: fullscreen/full-screen-request-removed-with-raf.html
+
+        Add a new state variable, m_pendingFullscreenElement, to track which element is about to
+        become the fullscreen element, so that when elements are removed or cancelFullscreen() is
+        called, the state machine inside the fullscreen algorithm can cancel effectively.
+
+        * dom/FullscreenManager.cpp:
+        (WebCore::FullscreenManager::requestFullscreenForElement):
+        (WebCore::FullscreenManager::cancelFullscreen):
+        (WebCore::FullscreenManager::exitFullscreen):
+        (WebCore::FullscreenManager::willEnterFullscreen):
+        (WebCore::FullscreenManager::willExitFullscreen):
+        (WebCore::FullscreenManager::didExitFullscreen):
+        (WebCore::FullscreenManager::adjustFullscreenElementOnNodeRemoval):
+        (WebCore::FullscreenManager::clear):
+        (WebCore::FullscreenManager::fullscreenElementRemoved): Deleted.
+        * dom/FullscreenManager.h:
+
 2019-08-27  Peng Liu  <peng.liu6@apple.com>
 

trunk/Source/WebCore/dom/FullscreenManager.cpp

@@ -121 +121 @@
     }
 
+    m_pendingFullscreenElement = element;
+
     m_fullscreenTaskQueue.enqueueTask([this, element = makeRefPtr(element), checkType, hasKeyboardAccess, failedPreflights] () mutable {
+        // Don't allow fullscreen if it has been cancelled or a different fullscreen element
+        // has requested fullscreen.
+        if (m_pendingFullscreenElement != element) {
+            failedPreflights(WTFMove(element));
+            return;
+        }
+
         // Don't allow fullscreen if document is hidden.
         if (document().hidden()) {
@@ -210 +219 @@
         // 6. Optionally, perform some animation.
         m_areKeysEnabledInFullscreen = hasKeyboardAccess;
-        m_fullscreenTaskQueue.enqueueTask([this, element = WTFMove(element)] {
-            if (auto page = this->page())
-                page->chrome().client().enterFullScreenForElement(*element.get());
+        m_fullscreenTaskQueue.enqueueTask([this, element = WTFMove(element), failedPreflights = WTFMove(failedPreflights)] () mutable {
+            auto page = this->page();
+            if (!page || document().hidden() || m_pendingFullscreenElement != element || !element->isConnected()) {
+                failedPreflights(element);
+                return;
+            }
+            page->chrome().client().enterFullScreenForElement(*element.get());
         });
 
@@ -226 +239 @@
     // context's document and subsequently empty that document's fullscreen element stack."
     Document& topDocument = document().topDocument();
-    if (!topDocument.fullscreenManager().fullscreenElement())
-        return;
+    if (!topDocument.fullscreenManager().fullscreenElement()) {
+        // If there is a pending fullscreen element but no top document fullscreen element,
+        // there is a pending task in enterFullscreen(). Cause it to cancel and fire an error
+        // by clearing the pending fullscreen element.
+        m_pendingFullscreenElement = nullptr;
+        return;
+    }
 
     // To achieve that aim, remove all the elements from the top document's stack except for the first before
@@ -246 +264 @@
 
     // 2. If doc's fullscreen element stack is empty, terminate these steps.
-    if (m_fullscreenElementStack.isEmpty())
-        return;
+    if (m_fullscreenElementStack.isEmpty()) {
+        // If there is a pending fullscreen element but an empty fullscreen element stack,
+        // there is a pending task in requestFullscreenForElement(). Cause it to cancel and fire an error
+        // by clearing the pending fullscreen element.
+        m_pendingFullscreenElement = nullptr;
+        return;
+    }
 
     // 3. Let descendants be all the doc's descendant browsing context's documents with a non-empty fullscreen
@@ -299 +322 @@
             return;
 
+        // If there is a pending fullscreen element but no fullscreen element
+        // there is a pending task in requestFullscreenForElement(). Cause it to cancel and fire an error
+        // by clearing the pending fullscreen element.
+        if (!fullscreenElement && m_pendingFullscreenElement) {
+            m_pendingFullscreenElement = nullptr;
+            return;
+        }
+
         // Only exit out of full screen window mode if there are no remaining elements in the
         // full screen stack.
@@ -340 +371 @@
         return;
 
+    // If pending fullscreen element is unset or another element's was requested,
+    // issue a cancel fullscreen request to the client
+    if (m_pendingFullscreenElement != &element) {
+        page()->chrome().client().exitFullScreenForElement(&element);
+        return;
+    }
+
     ASSERT(page()->settings().fullScreenEnabled());
 
@@ -346 +384 @@
     element.willBecomeFullscreenElement();
 
+    ASSERT(&element == m_pendingFullscreenElement);
+    m_pendingFullscreenElement = nullptr;
     m_fullscreenElement = &element;
 
@@ -386 +426 @@
 void FullscreenManager::willExitFullscreen()
 {
-    if (!m_fullscreenElement)
+    auto fullscreenElement = fullscreenOrPendingElement();
+    if (!fullscreenElement)
         return;
 
@@ -392 +433 @@
         return;
 
-    m_fullscreenElement->willStopBeingFullscreenElement();
+    fullscreenElement->willStopBeingFullscreenElement();
 }
 
 void FullscreenManager::didExitFullscreen()
 {
-    if (!m_fullscreenElement)
+    auto fullscreenElement = fullscreenOrPendingElement();
+    if (!fullscreenElement)
         return;
 
     if (!hasLivingRenderTree() || pageCacheState() != Document::NotInPageCache)
         return;
-
-    m_fullscreenElement->setContainsFullScreenElementOnAncestorsCrossingFrameBoundaries(false);
+    fullscreenElement->setContainsFullScreenElementOnAncestorsCrossingFrameBoundaries(false);
 
     m_areKeysEnabledInFullscreen = false;
@@ -410 +451 @@
 
     m_fullscreenElement = nullptr;
+    m_pendingFullscreenElement = nullptr;
     scheduleFullStyleRebuild();
 
@@ -484 +526 @@
 }
 
-void FullscreenManager::fullscreenElementRemoved()
-{
-    m_fullscreenElement->setContainsFullScreenElementOnAncestorsCrossingFrameBoundaries(false);
-    cancelFullscreen();
-}
-
 void FullscreenManager::adjustFullscreenElementOnNodeRemoval(Node& node, Document::NodeRemoval nodeRemoval)
 {
-    if (!m_fullscreenElement)
+    auto fullscreenElement = fullscreenOrPendingElement();
+    if (!fullscreenElement)
         return;
 
     bool elementInSubtree = false;
     if (nodeRemoval == Document::NodeRemoval::ChildrenOfNode)
-        elementInSubtree = m_fullscreenElement->isDescendantOf(node);
+        elementInSubtree = fullscreenElement->isDescendantOf(node);
     else
-        elementInSubtree = (m_fullscreenElement == &node) || m_fullscreenElement->isDescendantOf(node);
-
-    if (elementInSubtree)
-        fullscreenElementRemoved();
+        elementInSubtree = (fullscreenElement == &node) || fullscreenElement->isDescendantOf(node);
+
+    if (elementInSubtree) {
+        fullscreenElement->setContainsFullScreenElementOnAncestorsCrossingFrameBoundaries(false);
+        cancelFullscreen();
+    }
 }
 
@@ -542 +581 @@
 {
     m_fullscreenElement = nullptr;
+    m_pendingFullscreenElement = nullptr;
     m_fullscreenElementStack.clear();
 }

trunk/Source/WebCore/dom/FullscreenManager.h

@@ -110 +110 @@
     Document& m_document;
 
+    RefPtr<Element> fullscreenOrPendingElement() const { return m_fullscreenElement ? m_fullscreenElement : m_pendingFullscreenElement; }
+
+    RefPtr<Element> m_pendingFullscreenElement;
     RefPtr<Element> m_fullscreenElement;
     Vector<RefPtr<Element>> m_fullscreenElementStack;

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-08-26  Jer Noble  <jer.noble@apple.com>
+
+        Removing fullscreen element in rAF() callback after requestFullscreen() can leave fullscreen in inconsistent state.
+        https://bugs.webkit.org/show_bug.cgi?id=201101
+        <rdar://problem/54164587>
+
+        Reviewed by Eric Carlson.
+
+        Add more state to track in which direction the animation is flowing to allow in-process
+        animations to be cancelled more gracefully.
+
+        * UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:
+        (-[WKFullScreenWindowController enterFullScreen]):
+        (-[WKFullScreenWindowController beganEnterFullScreenWithInitialFrame:finalFrame:]):
+        (-[WKFullScreenWindowController requestExitFullScreen]):
+        (-[WKFullScreenWindowController exitFullScreen]):
+        * WebProcess/cocoa/VideoFullscreenManager.h:
+        (WebKit::VideoFullscreenInterfaceContext::animationState const):
+        (WebKit::VideoFullscreenInterfaceContext::setAnimationState):
+        (WebKit::VideoFullscreenInterfaceContext::isAnimating const): Deleted.
+        (WebKit::VideoFullscreenInterfaceContext::setIsAnimating): Deleted.
+        * WebProcess/cocoa/VideoFullscreenManager.mm:
+        (WebKit::VideoFullscreenManager::enterVideoFullscreenForVideoElement):
+        (WebKit::VideoFullscreenManager::exitVideoFullscreenForVideoElement):
+        (WebKit::VideoFullscreenManager::didEnterFullscreen):
+        (WebKit::VideoFullscreenManager::didCleanupFullscreen):
+
 2019-08-27  Carlos Garcia Campos  <cgarcia@igalia.com>
 

trunk/Source/WebKit/UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm

@@ -448 +448 @@
     BOOL _EVOrganizationNameIsValid;
     BOOL _inInteractiveDismiss;
+    BOOL _exitRequested;
 
     RetainPtr<id> _notificationListener;
@@ -598 +599 @@
         _repaintCallback = WebKit::VoidCallback::create([protectedSelf = retainPtr(self), self](WebKit::CallbackBase::Error) {
             _repaintCallback = nullptr;
+
+            if (_exitRequested) {
+                _exitRequested = NO;
+                [self _exitFullscreenImmediately];
+                return;
+            }
+
             if (auto* manager = [protectedSelf _manager]) {
                 manager->willEnterFullScreen();
@@ -640 +648 @@
     [_rootViewController presentViewController:_fullscreenViewController.get() animated:YES completion:^{
         _fullScreenState = WebKit::InFullScreen;
+
+        if (_exitRequested) {
+            _exitRequested = NO;
+            [self _exitFullscreenImmediately];
+            return;
+        }
 
         auto* page = [self._webView _page];
@@ -658 +672 @@
 - (void)requestExitFullScreen
 {
+    if (_fullScreenState != WebKit::InFullScreen) {
+        _exitRequested = YES;
+        return;
+    }
+
     if (auto* manager = self._manager) {
         manager->requestExitFullScreen();
@@ -669 +688 @@
 - (void)exitFullScreen
 {
-    if (!self.isFullScreen)
-        return;
+    if (_fullScreenState < WebKit::InFullScreen) {
+        _exitRequested = YES;
+        return;
+    }
     _fullScreenState = WebKit::WaitingToExitFullScreen;
 

trunk/Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.h

@@ -74 +74 @@
     void setLayerHostingContext(std::unique_ptr<LayerHostingContext>&&);
 
-    bool isAnimating() const { return m_isAnimating; }
-    void setIsAnimating(bool flag) { m_isAnimating = flag; }
+    enum class AnimationType { None, IntoFullscreen, FromFullscreen };
+    AnimationType animationState() const { return m_animationType; }
+    void setAnimationState(AnimationType flag) { m_animationType = flag; }
 
     bool targetIsFullscreen() const { return m_targetIsFullscreen; }
@@ -99 +100 @@
     uint64_t m_contextId;
     std::unique_ptr<LayerHostingContext> m_layerHostingContext;
-    bool m_isAnimating { false };
+    AnimationType m_animationType { false };
     bool m_targetIsFullscreen { false };
     WebCore::HTMLMediaElementEnums::VideoFullscreenMode m_fullscreenMode { WebCore::HTMLMediaElementEnums::VideoFullscreenModeNone };

trunk/Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm

@@ -261 +261 @@
         model->setVideoLayerFrame(videoLayerFrame);
 
-    if (interface->isAnimating())
-        return;
-    interface->setIsAnimating(true);
+    if (interface->animationState() != VideoFullscreenInterfaceContext::AnimationType::None)
+        return;
+    interface->setAnimationState(VideoFullscreenInterfaceContext::AnimationType::IntoFullscreen);
 
     bool allowsPictureInPicture = videoElement.webkitSupportsPresentationMode(HTMLVideoElement::VideoPresentationMode::PictureInPicture);
@@ -297 +297 @@
     interface.setTargetIsFullscreen(false);
 
-    if (interface.isAnimating())
-        return;
-
-    interface.setIsAnimating(true);
+    if (interface.animationState() == VideoFullscreenInterfaceContext::AnimationType::FromFullscreen)
+        return;
+    interface.setAnimationState(VideoFullscreenInterfaceContext::AnimationType::FromFullscreen);
     m_page->send(Messages::VideoFullscreenManagerProxy::ExitFullscreen(contextId, inlineVideoFrame(videoElement)));
 }
@@ -439 +438 @@
     auto [model, interface] = ensureModelAndInterface(contextId);
 
-    interface->setIsAnimating(false);
+    interface->setAnimationState(VideoFullscreenInterfaceContext::AnimationType::None);
     interface->setIsFullscreen(false);
 
@@ -502 +501 @@
     }
 
-    interface->setIsAnimating(false);
+    interface->setAnimationState(VideoFullscreenInterfaceContext::AnimationType::None);
     interface->setIsFullscreen(false);
     HTMLMediaElementEnums::VideoFullscreenMode mode = interface->fullscreenMode();