Fix a crash caused by track insertion after load()
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 27 Mar 2014 17:50:53 +0000 (17:50 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 27 Mar 2014 17:50:53 +0000 (17:50 +0000)
https://bugs.webkit.org/show_bug.cgi?id=130777

Reviewed by Eric Carlson.

Test: media/track/track-insert-after-load-crash.html

Based on the Blink change (patch by acolwell@chromium.org):
https://codereview.chromium.org/211373009/

Source/WebCore:

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::parseAttribute): Remove stale LoadMediaResource flag after explicit load.

LayoutTests:

* media/track/track-insert-after-load-crash-expected.txt: Added.
* media/track/track-insert-after-load-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@166362 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/media/track/track-insert-after-load-crash-expected.txt [new file with mode: 0644]
LayoutTests/media/track/track-insert-after-load-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/HTMLMediaElement.cpp

index d4d93ec..35bc447 100644 (file)
@@ -1,3 +1,18 @@
+2014-03-27  Brent Fulgham  <bfulgham@apple.com>
+
+        Fix a crash caused by track insertion after load()
+        https://bugs.webkit.org/show_bug.cgi?id=130777
+
+        Reviewed by Eric Carlson.
+
+        Test: media/track/track-insert-after-load-crash.html
+
+        Based on the Blink change (patch by acolwell@chromium.org):
+        https://codereview.chromium.org/211373009/
+
+        * media/track/track-insert-after-load-crash-expected.txt: Added.
+        * media/track/track-insert-after-load-crash.html: Added.
+
 2014-03-27  Manuel Rego Casasnovas  <rego@igalia.com>
 
         [CSS Grid Layout] Remove unused variable in fast/css-grid-layout/implicit-position-dynamic-change.html
diff --git a/LayoutTests/media/track/track-insert-after-load-crash-expected.txt b/LayoutTests/media/track/track-insert-after-load-crash-expected.txt
new file mode 100644 (file)
index 0000000..1284686
--- /dev/null
@@ -0,0 +1,5 @@
+Tests that inserting a <track> element immediately after a load() doesn't crash.
+
+
+END OF TEST
+
diff --git a/LayoutTests/media/track/track-insert-after-load-crash.html b/LayoutTests/media/track/track-insert-after-load-crash.html
new file mode 100644 (file)
index 0000000..1c3ca40
--- /dev/null
@@ -0,0 +1,18 @@
+<!DOCTYPE  html>
+<html>
+    <head>
+        <script src="../media-file.js"></script>
+        <script src="../video-test.js"></script>
+    </head>
+    <body>
+      <p>Tests that inserting a &lt;track&gt; element immediately after a load() doesn't crash.</p>
+      <video id="v"></video>
+      <script>
+        var v = document.querySelector('#v');
+        v.src = findMediaFile('video', '../content/test');
+        v.load();
+        v.appendChild(document.createElement('track'));
+        v.addEventListener('loadedmetadata', endTest);
+      </script>
+    </body>
+</html>
\ No newline at end of file
index fe0a3d7..048507b 100644 (file)
@@ -1,3 +1,18 @@
+2014-03-27  Brent Fulgham  <bfulgham@apple.com>
+
+        Fix a crash caused by track insertion after load()
+        https://bugs.webkit.org/show_bug.cgi?id=130777
+
+        Reviewed by Eric Carlson.
+
+        Test: media/track/track-insert-after-load-crash.html
+
+        Based on the Blink change (patch by acolwell@chromium.org):
+        https://codereview.chromium.org/211373009/
+
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::parseAttribute): Remove stale LoadMediaResource flag after explicit load.
+
 2014-03-27  Alexey Proskuryakov  <ap@apple.com>
 
         Connection::dispatchOneMessage() can be re-entered while handling Cmd-key menu
index 6053943..c6b0b1c 100644 (file)
@@ -938,6 +938,8 @@ void HTMLMediaElement::prepareForLoad()
     // Perform the cleanup required for the resource load algorithm to run.
     stopPeriodicTimers();
     m_loadTimer.stop();
+    // FIXME: Figure out appropriate place to reset LoadTextTrackResource if necessary and set m_pendingActionFlags to 0 here.
+    m_pendingActionFlags &= ~LoadMediaResource;
     m_sentEndEvent = false;
     m_sentStalledEvent = false;
     m_haveFiredLoadedData = false;