CRASH in WebCore::MediaPlayerPrivateAVFoundation::setPreload
authorjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 12 Oct 2018 15:28:40 +0000 (15:28 +0000)
committerjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 12 Oct 2018 15:28:40 +0000 (15:28 +0000)
commit42f1c9feca23aa3b30dbd1b55b06e09272f78df6
tree53cd0f00362663f02dbdcb157d6d3e03e7ebbedd
parent5ec7820a9a2277af1c6adf60e3f1a7d563386f6e
CRASH in WebCore::MediaPlayerPrivateAVFoundation::setPreload
https://bugs.webkit.org/show_bug.cgi?id=190485
<rdar://problem/34613350>

Reviewed by Eric Carlson.

Crash analytics show that a pure-virtual function is called by MediaPlayerPrivateAVFoundation::setPreload(), and
the likely cause of that pure-virtual function call is that the MediaPlayerPrivateAVFoundation object itself has
been destroyed, likely as a side effect of calling MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL().
The usual suspect for this kind of crash is due to calling into JS (e.g., from a callback passed up to
HTMLMediaElement). Code inspection hasn't yielded any good hints about why this might be occurring, so we will
add a ScriptDisallowedScope assertion inside HTMLMediaElement::prepareToPlay(), to generate a good crashlog
showing exactly what callback is resulting in a JS call. But just in case the deallocation is not due to JS,
also add an explicit strong-ref inside MediaPlayer::prepareToPlay.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::prepareToPlay):
* platform/graphics/MediaPlayer.cpp:
(WebCore::MediaPlayer::prepareToPlay):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@237067 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/html/HTMLMediaElement.cpp
Source/WebCore/platform/graphics/MediaPlayer.cpp