If -[AVAsset cancelLoading] is called while the asset is checking the "playable" property, it will call the completion handler to report that the asset is not playable. This callback triggers a networkState change and a callback to HTMLMediaElement. This can cause a crash if the load was cancelled because the media element was released or stopped: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010ddf0a0e unsigned int WTF::StringHasher::computeHash<unsigned short, &(WTF::StringHasher::defaultCoverter(unsigned short))>(unsigned short const*, unsigned int) + 126 1 com.apple.WebCore 0x000000010ddf097b unsigned int WTF::StringHasher::computeHash<unsigned short>(unsigned short const*, unsigned int) + 27 2 com.apple.WebCore 0x000000010ddf0942 WTF::StringImpl::hash() const + 50 3 com.apple.WebCore 0x000000010ddf08fd WTF::StringHash::hash(WTF::String const&) + 29 4 com.apple.WebCore 0x000000010df00085 WTF::IdentityHashTranslator<WTF::String, WTF::String, WTF::StringHash>::hash(WTF::String const&) + 21 5 com.apple.WebCore 0x000000010df00536 WTF::String* WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor<WTF::String>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::lookup<WTF::String, WTF::IdentityHashTranslator<WTF::String, WTF::String, WTF::StringHash> >(WTF::String const&) + 70 6 com.apple.WebCore 0x000000010df8774e bool WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor<WTF::String>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::contains<WTF::String, WTF::IdentityHashTranslator<WTF::String, WTF::String, WTF::StringHash> >(WTF::String const&) const + 62 7 com.apple.WebCore 0x000000010df876f9 WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor<WTF::String>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::contains(WTF::String const&) const + 25 8 com.apple.WebCore 0x000000010df7e289 WTF::HashSet<WTF::String, WTF::StringHash, WTF::HashTraits<WTF::String> >::contains(WTF::String const&) const + 25 9 com.apple.WebCore 0x000000010edc87ed WebCore::MediaPlayerPrivateQTKit::supportsType(WTF::String const&, WTF::String const&) + 61 10 com.apple.WebCore 0x000000010edb877f WebCore::bestMediaEngineForTypeAndCodecs(WTF::String const&, WTF::String const&, WebCore::MediaPlayerFactory*) + 319 11 com.apple.WebCore 0x000000010edb9ed6 WebCore::MediaPlayer::networkStateChanged() + 230 12 com.apple.WebCore 0x000000010edbd298 WebCore::MediaPlayerPrivateAVFoundation::updateStates() + 984 13 com.apple.WebCore 0x000000010edbce32 WebCore::MediaPlayerPrivateAVFoundation::playabilityKnown() + 50 14 com.apple.WebCore 0x000000010edbeb42 WebCore::MediaPlayerPrivateAVFoundation::dispatchNotification() + 994 15 com.apple.WebCore 0x000000010edbedc0 WebCore::MediaPlayerPrivateAVFoundation::scheduleMainThreadNotification(WebCore::MediaPlayerPrivateAVFoundation::Notification) + 320 16 com.apple.WebCore 0x000000010edbec70 WebCore::MediaPlayerPrivateAVFoundation::scheduleMainThreadNotification(WebCore::MediaPlayerPrivateAVFoundation::Notification::Type, double) + 96 17 com.apple.WebCore 0x000000010edc5dac -[WebCoreAVFMovieObserver playableKnown] + 92 18 com.apple.WebCore 0x000000010edc1f28 __checkPlayability_block_invoke_0 + 56 19 com.apple.avfoundation 0x00007fff934bbd1c -[AVAssetInspectorLoader _setStatus:figErrorCode:] + 296 20 com.apple.avfoundation 0x00007fff934bcabc -[AVFormatReaderInspectorLoader cancelLoading] + 94 21 com.apple.WebCore 0x000000010edc096f WebCore::MediaPlayerPrivateAVFoundationObjC::cancelLoad() + 303 22 com.apple.WebCore 0x000000010edc062b WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC() + 43 23 com.apple.WebCore 0x000000010edc05f5 WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC() + 21 24 com.apple.WebCore 0x000000010edc058d WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC() + 29 25 com.apple.WebCore 0x000000010edbaa2e void WTF::deleteOwnedPtr<WebCore::MediaPlayerPrivateInterface>(WebCore::MediaPlayerPrivateInterface*) + 46 26 com.apple.WebCore 0x000000010edbaa58 WTF::OwnPtr<WebCore::MediaPlayerPrivateInterface*>::~OwnPtr() + 24 27 com.apple.WebCore 0x000000010edba4d5 WTF::OwnPtr<WebCore::MediaPlayerPrivateInterface*>::~OwnPtr() + 21 28 com.apple.WebCore 0x000000010edb7a99 WebCore::MediaPlayer::~MediaPlayer() + 105 29 com.apple.WebCore 0x000000010edb7a25 WebCore::MediaPlayer::~MediaPlayer() + 21 30 com.apple.WebCore 0x000000010edb79bd WebCore::MediaPlayer::~MediaPlayer() + 29 31 com.apple.WebCore 0x000000010e67866e void WTF::deleteOwnedPtr<WebCore::MediaPlayer>(WebCore::MediaPlayer*) + 46 32 com.apple.WebCore 0x000000010e6784f7 WTF::OwnPtr<WebCore::MediaPlayer>::clear() + 39 33 com.apple.WebCore 0x000000010e676a9a WebCore::HTMLMediaElement::userCancelledLoad() + 122 34 com.apple.WebCore 0x000000010e676cd7 WebCore::HTMLMediaElement::stop() + 119 35 com.apple.WebCore 0x000000010e676c55 non-virtual thunk to WebCore::HTMLMediaElement::stop() + 37 36 com.apple.WebCore 0x000000010f1b662c WebCore::ScriptExecutionContext::stopActiveDOMObjects() + 364
<rdar;//problem/9382942>
Created attachment 92451 [details] Proposed patch.
http://trac.webkit.org/changeset/85872
http://trac.webkit.org/changeset/85872 might have broken GTK Linux 32-bit Debug The following tests are not passing: svg/W3C-SVG-1.1/animate-elem-46-t.svg
Revision r85872 cherry-picked into qtwebkit-2.2 with commit db27609 <http://gitorious.org/webkit/qtwebkit/commit/db27609>