RESOLVED FIXED168404
REGRESSION (r212311): NULL-dereference in HTMLMediaElement::prepareToPlay() 
https://bugs.webkit.org/show_bug.cgi?id=168404
Summary REGRESSION (r212311): NULL-dereference in HTMLMediaElement::prepareToPlay()
Jer Noble
Reported 2017-02-15 19:48:27 PST
REGRESSION (r212311): NULL-dereference in HTMLMediaElement::prepareToPlay()
Attachments
Patch (1.56 KB, patch)
2017-02-15 19:52 PST, Jer Noble 		bweinstein: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jer Noble
Comment 1 2017-02-15 19:52:52 PST
Created attachment 301691 [details] Patch
Jer Noble
Comment 2 2017-02-15 19:53:20 PST
rdar://problem/30547188
Brian Weinstein
Comment 3 2017-02-15 19:59:03 PST
Comment on attachment 301691 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=301691&action=review > Source/WebCore/ChangeLog:10 > + prepareToPlay(). r212311 began calling prepareToPlay() on a subsequent run-loop iteration Extra space between sentences.
Brian Weinstein
Comment 4 2017-02-15 19:59:25 PST
Comment on attachment 301691 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=301691&action=review >> Source/WebCore/ChangeLog:10 >> + prepareToPlay(). r212311 began calling prepareToPlay() on a subsequent run-loop iteration > > Extra space between sentences. Extra space between sentences.
Jer Noble
Comment 5 2017-02-15 20:27:13 PST
Committed r212420: <http://trac.webkit.org/changeset/212420>
Alexey Proskuryakov
Comment 6 2017-02-16 21:43:28 PST
Comment on attachment 301691 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=301691&action=review > Source/WebCore/html/HTMLMediaElement.cpp:2562 > m_havePreparedToPlay = true; > - m_player->prepareToPlay(); > + if (m_player) > + m_player->prepareToPlay(); Shouldn't setting m_havePreparedToPlay be inside the "if" too? This looks like it fixes the crash, but keeps the incorrect behavior.
Jer Noble
Comment 7 2017-02-16 22:03:52 PST
(In reply to comment #6) > Comment on attachment 301691 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=301691&action=review > > > Source/WebCore/html/HTMLMediaElement.cpp:2562 > > m_havePreparedToPlay = true; > > - m_player->prepareToPlay(); > > + if (m_player) > > + m_player->prepareToPlay(); > > Shouldn't setting m_havePreparedToPlay be inside the "if" too? > > This looks like it fixes the crash, but keeps the incorrect behavior. No. The behavior is correct. If m_havePreparedToPlay is set, we will call m_player->prepareToPlay() next time the MediaPlayer is created.
Jer Noble
Comment 8 2017-02-16 22:10:40 PST
(In reply to comment #7) > (In reply to comment #6) > > Comment on attachment 301691 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=301691&action=review > > > > > Source/WebCore/html/HTMLMediaElement.cpp:2562 > > > m_havePreparedToPlay = true; > > > - m_player->prepareToPlay(); > > > + if (m_player) > > > + m_player->prepareToPlay(); > > > > Shouldn't setting m_havePreparedToPlay be inside the "if" too? > > > > This looks like it fixes the crash, but keeps the incorrect behavior. > > No. The behavior is correct. If m_havePreparedToPlay is set, we will call > m_player->prepareToPlay() next time the MediaPlayer is created. Double-checking; it's actually the opposite. m_havePreparedToPlay is cleared whenever a MediaPlayer is created. Same deal though: the behavior is exactly the same whether setting m_havePreparedToPlay is inside the null check our outside.
Alexey Proskuryakov
Comment 9 2017-02-16 22:15:47 PST
Hmm. If the behaviour is correct, then the naming is not. The code says "have prepared to play" without doing the "prepare to play" now. It used to be straightforward before the fix, but now it immediately raises a red flag.
Simon Fraser (smfr)
Comment 10 2017-02-21 17:35:20 PST
Is this exercised by tests?
Jer Noble
Comment 11 2017-02-21 17:39:14 PST
(In reply to comment #10) > Is this exercised by tests? This code is hit by every autoplay test.
Note You need to log in before you can comment on or make changes to this bug.