[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
eric at webkit.org
eric at webkit.org
Thu Apr 8 02:21:01 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit 46d3d32facc1ab5023e6454e659ebacf9a5f3d2d
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Mar 12 19:03:06 2010 +0000
2010-03-12 Alpha Lam <hclam at chromium.org>
Reviewed by Eric Carlson.
HTMLMediaElement crash when it is used after resource loading is canceled.
https://bugs.webkit.org/show_bug.cgi?id=35992
Adding a test to access the duration property of a video element after
resource loading was canceled.
* http/tests/media/video-cancel-load-expected.txt: Added.
* http/tests/media/video-cancel-load.html: Added.
2010-03-12 Alpha Lam <hclam at chromium.org>
Reviewed by Eric Carlson.
Fix a crash when resource loading of media element is canceled.
https://bugs.webkit.org/show_bug.cgi?id=35992
Use of HTMLMediaElement::duration() after resource loading was canceled
will cause a crash. This is because HTMLMediaElement::m_player is used
when NULL.
Test: http/tests/media/video-cancel-load.html
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::duration):
Avoid calling to m_player when it is null.
(WebCore::HTMLMediaElement::userCancelledLoad):
Set m_readyState to HAVE_NOTHING.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@55917 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index fce7bfb..99fc410 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,16 @@
+2010-03-12 Alpha Lam <hclam at chromium.org>
+
+ Reviewed by Eric Carlson.
+
+ HTMLMediaElement crash when it is used after resource loading is canceled.
+ https://bugs.webkit.org/show_bug.cgi?id=35992
+
+ Adding a test to access the duration property of a video element after
+ resource loading was canceled.
+
+ * http/tests/media/video-cancel-load-expected.txt: Added.
+ * http/tests/media/video-cancel-load.html: Added.
+
2010-03-05 Ojan Vafai <ojan at chromium.org>
Reviewed by David Levin.
diff --git a/JavaScriptCore/tests/mozilla/js1_6/Array/browser.js b/LayoutTests/http/tests/media/video-cancel-load-expected.txt
similarity index 100%
copy from JavaScriptCore/tests/mozilla/js1_6/Array/browser.js
copy to LayoutTests/http/tests/media/video-cancel-load-expected.txt
diff --git a/LayoutTests/http/tests/media/video-cancel-load.html b/LayoutTests/http/tests/media/video-cancel-load.html
new file mode 100644
index 0000000..54e6f8e
--- /dev/null
+++ b/LayoutTests/http/tests/media/video-cancel-load.html
@@ -0,0 +1,55 @@
+<html>
+<head>
+ <title>Cancel loading a video file and access its properties afterwards.</title>
+</head>
+<body>
+ Access a video element with resource loading canceled.
+ If this test is successful it will terminate with a blank page.
+ This test should finish without crashing.
+
+ <script src=../../../media/media-file.js></script>
+ <script src=../../../media/video-test.js></script>
+ <video controls id="video"></video>
+
+ <textarea id="child_content" style="display: none;">
+ <!-- Begin child content -->
+ <!-- The following section contains the content in the document of child window. -->
+ <script>
+ var video = window.opener.video;
+ window.setTimeout(function () {
+ var d = video.duration;
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }, 50);
+ window.opener.blank();
+ </script>
+ <!-- End child content -->
+ </textarea>
+
+ <script>
+ if (window.layoutTestController) {
+ layoutTestController.setCanOpenWindows();
+ }
+
+ var video = document.getElementById("video");
+ var file = findMediaFile("video", "resources/test");
+
+ // Opens a window and writes the child content into the document.
+ video.addEventListener("loadedmetadata", function main()
+ {
+ var win = window.open("", "child");
+ var doc = win.document;
+ doc.open();
+ doc.write(document.getElementById("child_content").value);
+ doc.close();
+ });
+ video.src = "http://127.0.0.1:8000/media/video-throttled-load.cgi?throttle=40&name=" + file;
+
+ // Change URL of the current page to a blank page.
+ function blank()
+ {
+ location.href = "about:blank";
+ }
+ </script>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 818f874..bbaa093 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,21 @@
+2010-03-12 Alpha Lam <hclam at chromium.org>
+
+ Reviewed by Eric Carlson.
+
+ Fix a crash when resource loading of media element is canceled.
+ https://bugs.webkit.org/show_bug.cgi?id=35992
+
+ Use of HTMLMediaElement::duration() after resource loading was canceled
+ will cause a crash. This is because HTMLMediaElement::m_player is used
+ when NULL.
+ Test: http/tests/media/video-cancel-load.html
+
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::duration):
+ Avoid calling to m_player when it is null.
+ (WebCore::HTMLMediaElement::userCancelledLoad):
+ Set m_readyState to HAVE_NOTHING.
+
2010-03-12 Dan Bernstein <mitz at apple.com>
Reviewed by Darin Adler.
diff --git a/WebCore/html/HTMLMediaElement.cpp b/WebCore/html/HTMLMediaElement.cpp
index 4c48a12..4170a0b 100644
--- a/WebCore/html/HTMLMediaElement.cpp
+++ b/WebCore/html/HTMLMediaElement.cpp
@@ -1078,7 +1078,7 @@ float HTMLMediaElement::startTime() const
float HTMLMediaElement::duration() const
{
- if (m_readyState >= HAVE_METADATA)
+ if (m_player && m_readyState >= HAVE_METADATA)
return m_player->duration();
return numeric_limits<float>::quiet_NaN();
@@ -1785,6 +1785,9 @@ void HTMLMediaElement::userCancelledLoad()
// 7 - Abort the overall resource selection algorithm.
m_currentSourceNode = 0;
+
+ // Reset m_readyState since m_player is gone.
+ m_readyState = HAVE_NOTHING;
}
void HTMLMediaElement::documentWillBecomeInactive()
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list