125269 – [MSE][Mac] Crash when removing MediaSource from HTMLMediaElement.

Bug 125269 - [MSE][Mac] Crash when removing MediaSource from HTMLMediaElement.

Summary: [MSE][Mac] Crash when removing MediaSource from HTMLMediaElement.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Jer Noble

URL:
Keywords:

Depends on:
Blocks:	125270
	Show dependency tree / graph

Reported:	2013-12-04 17:34 PST by Jer Noble
Modified:	2013-12-09 08:20 PST (History)
CC List:	4 users (show)

See Also:

Attachments
Patch (9.26 KB, patch) 2013-12-04 17:41 PST, Jer Noble	no flags	Details \| Formatted Diff \| Diff
Patch (13.50 KB, patch) 2013-12-07 16:41 PST, Jer Noble	sam: review+	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jer Noble 2013-12-04 17:34:53 PST

[MSE][Mac] Crash when removing MediaSource from HTMLMediaElement.

Comment 1 Jer Noble 2013-12-04 17:41:15 PST

Created attachment 218474 [details]
Patch

Comment 2 Jer Noble 2013-12-07 16:41:41 PST

Created attachment 218670 [details]
Patch

Comment 3 Sam Weinig 2013-12-07 17:35:54 PST

Comment on attachment 218670 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=218670&action=review

Test case?

> Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:62
> +    void clearMediaSource() { m_mediaSource = 0; }

nullptr?

Comment 4 Jer Noble 2013-12-07 22:18:37 PST

(In reply to comment #3)
> (From update of attachment 218670 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=218670&action=review
> 
> Test case?

The crash only (reliably) happens with MallocScribble enabled.  But when it is enabled, an existing test crashes.

> > Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:62
> > +    void clearMediaSource() { m_mediaSource = 0; }
> 
> nullptr?

Will change.

Comment 5 Jer Noble 2013-12-07 22:37:04 PST

Committed r160281: <http://trac.webkit.org/changeset/160281>

Comment 6 Simon Fraser (smfr) 2013-12-08 10:09:01 PST

Could this have caused two tests to show malloc errors?
http://build.webkit.org/results/Apple%20Mavericks%20Debug%20WK2%20(Tests)/r160286%20(853)/results.html

Comment 7 Jer Noble 2013-12-09 08:20:26 PST

(In reply to comment #6)
> Could this have caused two tests to show malloc errors?
> http://build.webkit.org/results/Apple%20Mavericks%20Debug%20WK2%20(Tests)/r160286%20(853)/results.html

It's unlikely; those test cases should never hit MSE code.  But i'll check.