Bug 145986

Summary:

Media Session: Improve the safety of playback toggling

Product:

WebKit

Reporter:

Matt Rajca <mrajca>

Component:

Media

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, commit-queue, conrad_shultz, darin, eric.carlson, jer.noble, mrajca, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Bug Depends on:

Bug Blocks:

145411

Attachments:

Description	Flags
Patch	none

Matt Rajca

Reported 2015-06-15 13:25:12 PDT

Per Darin's feedback in Bug 145978, we should be careful about iterating elements that were deleted underneath us in MediaSession::togglePlayback.

Attachments
Patch (2.74 KB, patch) 2015-06-15 13:38 PDT, Matt Rajca	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2015-06-15 13:26:43 PDT

<rdar://problem/21388739>

Matt Rajca

Comment 2 2015-06-15 13:38:40 PDT

Created attachment 254891 [details] Patch

Alex Christensen

Comment 3 2015-06-15 13:42:51 PDT

Comment on attachment 254891 [details] Patch There's no need to make a member variable for something that's only used in MediaSsession::togglePlayback.

Matt Rajca

Comment 4 2015-06-15 13:50:43 PDT

(In reply to comment #3) > Comment on attachment 254891 [details] > Patch > > There's no need to make a member variable for something that's only used in > MediaSsession::togglePlayback. We will have to remove elements from that set when elements from the underlying m_activeParticipatingElements set are removed.

Alex Christensen

Comment 5 2015-06-15 14:08:14 PDT

It would be much nicer to not use so many raw pointers everywhere.

Darin Adler

Comment 6 2015-06-15 15:10:18 PDT

Comment on attachment 254891 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=254891&action=review > Source/WebCore/Modules/mediasession/MediaSession.cpp:97 > + ASSERT(!m_iteratedActiveParticipatingElements); What guarantees this won’t happen? I’d think that if we make something play that some events might fire and in response we might run some code and end up back here. Maybe we need to handle this case, perhaps by doing nothing?

Matt Rajca

Comment 7 2015-06-15 15:14:01 PDT

(In reply to comment #6) > Comment on attachment 254891 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=254891&action=review > > > Source/WebCore/Modules/mediasession/MediaSession.cpp:97 > > + ASSERT(!m_iteratedActiveParticipatingElements); > > What guarantees this won’t happen? I’d think that if we make something play > that some events might fire and in response we might run some code and end > up back here. > > Maybe we need to handle this case, perhaps by doing nothing? This assertion is in the MediaSession::togglePlayback method which is currently only called in response to play/pause media keys. This method will never call itself.

Darin Adler

Comment 8 2015-06-15 15:18:15 PDT

Comment on attachment 254891 [details] Patch Oops, just noticed this doesn’t add the needed call to remove. Why not?

Matt Rajca

Comment 9 2015-06-15 15:22:10 PDT

We cur(In reply to comment #8) > Comment on attachment 254891 [details] > Patch > > Oops, just noticed this doesn’t add the needed call to remove. Why not? We currently don't remove elements from m_activeParticipatingElements (and thus m_iteratedActiveParticipatingElements). That's part of the algorithm for "interrupting a media session from a media element" which I'll implement in the next couple days.

Alex Christensen

Comment 10 2015-06-15 15:27:22 PDT

(In reply to comment #9) > We currently don't remove elements from m_activeParticipatingElements (and > thus m_iteratedActiveParticipatingElements). That's part of > the algorithm for "interrupting a media session from a media element" which > I'll implement in the next couple days. This is why I was so confused. This will need to be done, but 185560 doesn't need it yet.

Darin Adler

Comment 11 2015-06-15 15:41:28 PDT

(In reply to comment #9) > We cur(In reply to comment #8) > > Comment on attachment 254891 [details] > > Patch > > > > Oops, just noticed this doesn’t add the needed call to remove. Why not? > > We currently don't remove elements from m_activeParticipatingElements (and > thus m_iteratedActiveParticipatingElements). That's part of > the algorithm for "interrupting a media session from a media element" which > I'll implement in the next couple days. Before that algorithm comes into play: What guarantees that m_activeParticipatingElements doesn’t point to deleted objects when media elements go away?

Matt Rajca

Comment 12 2015-06-15 15:48:24 PDT

Good catch. Section 6.5 of the Media Session spec describes what should happen when an element is removed from the document (which includes removing it from the media session's set of active participating elements). I'll get to that soon as well.

WebKit Commit Bot

Comment 13 2015-06-15 16:06:41 PDT

Comment on attachment 254891 [details] Patch Clearing flags on attachment: 254891 Committed r185570: <http://trac.webkit.org/changeset/185570>

WebKit Commit Bot

Comment 14 2015-06-15 16:06:48 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.