| Summary: | Crash under HTMLMediaElement::{resolve, reject}PendingPlayPromises() when playback is interrupted | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Daniel Bates <dbates> | ||||
| Component: | Media | Assignee: | Daniel Bates <dbates> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | eric.carlson, jer.noble, youennf | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | WebKit Local Build | ||||||
| Hardware: | iPhone / iPad | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
Created attachment 284919 [details]
Patch and Layout Tests
Comment on attachment 284919 [details] Patch and Layout Tests Clearing flags on attachment: 284919 Committed r203931: <http://trac.webkit.org/changeset/203931> All reviewed patches have been landed. Closing bug. |
Depending on timing if media.play() is called when a system interruption occurs then we may try to settle the returned Promise twice. This causes the assertion ASSERT(m_deferred) to fail in DeferredWrapper::{resolve, rejectWithValue}() in a debug build and causes a crash in a release build (since m_globalObject is null). Once a Promise is settled we clear out is reference to the global object of the page and its JSPromiseDeferred object so as to ensure that a Promise is only settled once.