WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
160366
Crash under HTMLMediaElement::{resolve, reject}PendingPlayPromises() when playback is interrupted
https://bugs.webkit.org/show_bug.cgi?id=160366
Summary
Crash under HTMLMediaElement::{resolve, reject}PendingPlayPromises() when pla...
Daniel Bates
Reported
2016-07-29 16:58:10 PDT
Depending on timing if media.play() is called when a system interruption occurs then we may try to settle the returned Promise twice. This causes the assertion ASSERT(m_deferred) to fail in DeferredWrapper::{resolve, rejectWithValue}() in a debug build and causes a crash in a release build (since m_globalObject is null). Once a Promise is settled we clear out is reference to the global object of the page and its JSPromiseDeferred object so as to ensure that a Promise is only settled once.
Attachments
Patch and Layout Tests
(9.01 KB, patch)
2016-07-29 17:02 PDT
,
Daniel Bates
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Daniel Bates
Comment 1
2016-07-29 16:58:47 PDT
<
rdar://problem/27317407
>
Daniel Bates
Comment 2
2016-07-29 17:02:56 PDT
Created
attachment 284919
[details]
Patch and Layout Tests
Daniel Bates
Comment 3
2016-07-29 17:31:29 PDT
Comment on
attachment 284919
[details]
Patch and Layout Tests Clearing flags on attachment: 284919 Committed
r203931
: <
http://trac.webkit.org/changeset/203931
>
Daniel Bates
Comment 4
2016-07-29 17:31:32 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug