Bug 130777

Summary:

Fix a crash caused by track insertion after load()

Product:

WebKit

Reporter:

Brent Fulgham <bfulgham>

Component:

Media

Assignee:

Brent Fulgham <bfulgham>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

calvaris, commit-queue, eric.carlson, esprehn+autocc, glenn, gyuyoung.kim, jer.noble, philipj, sergio

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
Patch	none

Description Brent Fulgham 2014-03-26 09:25:39 PDT

Merge the following Blink change:

Fix a crash caused by track insertion after load().

This patch fixes a crash caused by stale LoadMediaResource flag in
m_pendingActionFlags when load() is explicitly called on a media
element. The insertion of a <track> element triggers the crash by
triggering the scheduling of the m_loadTimer, which ends up using the
stale flag data when the timer fires. The fix is to clear the
LoadMediaResource flag from m_pendingActionFlags when a new load is
initiated.

BUG=356352
TEST=LayoutTests/media/track/track-insert-after-load-crash.html

Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=170003

Comment 1 Brent Fulgham 2014-03-26 09:41:07 PDT

Created attachment 227853 [details]
Patch

Comment 2 WebKit Commit Bot 2014-03-27 10:51:20 PDT

Comment on attachment 227853 [details]
Patch

Clearing flags on attachment: 227853

Committed r166362: <http://trac.webkit.org/changeset/166362>

Comment 3 WebKit Commit Bot 2014-03-27 10:51:25 PDT

All reviewed patches have been landed.  Closing bug.