[iOS] Crash in -[WebCALayerHostWrapper resolveBounds]
authorjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 4 May 2015 22:14:33 +0000 (22:14 +0000)
committerjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 4 May 2015 22:14:33 +0000 (22:14 +0000)
https://bugs.webkit.org/show_bug.cgi?id=144595

Reviewed by Eric Carlson.

It is possible for a WebCALayorHostWrapper to outlive the WebVideoFullscreenModel to which it refers,
since the model pointer is bare, rather than a RefPtr. The reference to the model must be invalidated
before the model is destroyed.

* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(WebVideoFullscreenInterfaceAVKit::cleanupFullscreenInternal):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@183774 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/ios/WebVideoFullscreenInterfaceAVKit.mm

index 30caf9a..569aa3e 100644 (file)
@@ -1,3 +1,17 @@
+2015-05-04  Jer Noble  <jer.noble@apple.com>
+
+        [iOS] Crash in -[WebCALayerHostWrapper resolveBounds]
+        https://bugs.webkit.org/show_bug.cgi?id=144595
+
+        Reviewed by Eric Carlson.
+
+        It is possible for a WebCALayorHostWrapper to outlive the WebVideoFullscreenModel to which it refers,
+        since the model pointer is bare, rather than a RefPtr. The reference to the model must be invalidated
+        before the model is destroyed.
+
+        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
+        (WebVideoFullscreenInterfaceAVKit::cleanupFullscreenInternal):
+
 2015-05-04  Ryosuke Niwa  <rniwa@webkit.org>
 
         Toggling underline or strike through affects each other
index 4584133..530f8c1 100644 (file)
@@ -1159,6 +1159,8 @@ void WebVideoFullscreenInterfaceAVKit::cleanupFullscreenInternal()
     [m_videoLayerContainer setPlayerViewController:nil];
     [[m_viewController view] removeFromSuperview];
 
+    [m_layerHostWrapper setModel:nullptr];
+
     m_layerHostWrapper = nil;
     m_videoLayer = nil;
     m_videoLayerContainer = nil;