Protect lifetime of media element during HTMLMediaElement::notifyAboutPlaying()
authorjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 13 Jun 2017 19:14:23 +0000 (19:14 +0000)
committerjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 13 Jun 2017 19:14:23 +0000 (19:14 +0000)
https://bugs.webkit.org/show_bug.cgi?id=173320
<rdar://problem/32590276>

Reviewed by Brent Fulgham.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::notifyAboutPlaying):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@218190 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/html/HTMLMediaElement.cpp

index c19f891..c083464 100644 (file)
@@ -1,3 +1,14 @@
+2017-06-13  Jer Noble  <jer.noble@apple.com>
+
+        Protect lifetime of media element during HTMLMediaElement::notifyAboutPlaying()
+        https://bugs.webkit.org/show_bug.cgi?id=173320
+        <rdar://problem/32590276>
+
+        Reviewed by Brent Fulgham.
+
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::notifyAboutPlaying):
+
 2017-06-13  Youenn Fablet  <youenn@apple.com>
 
         getReceivers() should return transceivers that have only an active receiver
index c5bd173..4a3bfa1 100644 (file)
@@ -1020,6 +1020,7 @@ void HTMLMediaElement::scheduleNotifyAboutPlaying()
 
 void HTMLMediaElement::notifyAboutPlaying()
 {
+    Ref<HTMLMediaElement> protectedThis(*this); // The 'playing' event can make arbitrary DOM mutations.
     m_playbackStartedTime = currentMediaTime().toDouble();
     dispatchEvent(Event::create(eventNames().playingEvent, false, true));
     resolvePendingPlayPromises();