Bug 60291 - Block callbacks delivered during destruction
Summary: Block callbacks delivered during destruction
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Media (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Eric Carlson
URL:
Keywords: InRadar, PlatformOnly
Depends on:
Blocks:
 
Reported: 2011-05-05 12:29 PDT by Eric Carlson
Modified: 2011-06-03 14:05 PDT (History)
4 users (show)

See Also:


Attachments
Proposed patch. (4.06 KB, patch)
2011-05-05 12:49 PDT, Eric Carlson
aroben: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Eric Carlson 2011-05-05 12:29:49 PDT
If -[AVAsset cancelLoading] is called while the asset is checking the "playable" property, it will call the completion handler to report that the asset is not playable. This callback triggers a networkState change and a callback to HTMLMediaElement. This can cause a crash if the load was cancelled because the media element was released or stopped:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x000000010ddf0a0e unsigned int WTF::StringHasher::computeHash<unsigned short, &(WTF::StringHasher::defaultCoverter(unsigned short))>(unsigned short const*, unsigned int) + 126
1   com.apple.WebCore             	0x000000010ddf097b unsigned int WTF::StringHasher::computeHash<unsigned short>(unsigned short const*, unsigned int) + 27
2   com.apple.WebCore             	0x000000010ddf0942 WTF::StringImpl::hash() const + 50
3   com.apple.WebCore             	0x000000010ddf08fd WTF::StringHash::hash(WTF::String const&) + 29
4   com.apple.WebCore             	0x000000010df00085 WTF::IdentityHashTranslator<WTF::String, WTF::String, WTF::StringHash>::hash(WTF::String const&) + 21
5   com.apple.WebCore             	0x000000010df00536 WTF::String* WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor<WTF::String>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::lookup<WTF::String, WTF::IdentityHashTranslator<WTF::String, WTF::String, WTF::StringHash> >(WTF::String const&) + 70
6   com.apple.WebCore             	0x000000010df8774e bool WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor<WTF::String>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::contains<WTF::String, WTF::IdentityHashTranslator<WTF::String, WTF::String, WTF::StringHash> >(WTF::String const&) const + 62
7   com.apple.WebCore             	0x000000010df876f9 WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor<WTF::String>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::contains(WTF::String const&) const + 25
8   com.apple.WebCore             	0x000000010df7e289 WTF::HashSet<WTF::String, WTF::StringHash, WTF::HashTraits<WTF::String> >::contains(WTF::String const&) const + 25
9   com.apple.WebCore             	0x000000010edc87ed WebCore::MediaPlayerPrivateQTKit::supportsType(WTF::String const&, WTF::String const&) + 61
10  com.apple.WebCore             	0x000000010edb877f WebCore::bestMediaEngineForTypeAndCodecs(WTF::String const&, WTF::String const&, WebCore::MediaPlayerFactory*) + 319
11  com.apple.WebCore             	0x000000010edb9ed6 WebCore::MediaPlayer::networkStateChanged() + 230
12  com.apple.WebCore             	0x000000010edbd298 WebCore::MediaPlayerPrivateAVFoundation::updateStates() + 984
13  com.apple.WebCore             	0x000000010edbce32 WebCore::MediaPlayerPrivateAVFoundation::playabilityKnown() + 50
14  com.apple.WebCore             	0x000000010edbeb42 WebCore::MediaPlayerPrivateAVFoundation::dispatchNotification() + 994
15  com.apple.WebCore             	0x000000010edbedc0 WebCore::MediaPlayerPrivateAVFoundation::scheduleMainThreadNotification(WebCore::MediaPlayerPrivateAVFoundation::Notification) + 320
16  com.apple.WebCore             	0x000000010edbec70 WebCore::MediaPlayerPrivateAVFoundation::scheduleMainThreadNotification(WebCore::MediaPlayerPrivateAVFoundation::Notification::Type, double) + 96
17  com.apple.WebCore             	0x000000010edc5dac -[WebCoreAVFMovieObserver playableKnown] + 92
18  com.apple.WebCore             	0x000000010edc1f28 __checkPlayability_block_invoke_0 + 56
19  com.apple.avfoundation        	0x00007fff934bbd1c -[AVAssetInspectorLoader _setStatus:figErrorCode:] + 296
20  com.apple.avfoundation        	0x00007fff934bcabc -[AVFormatReaderInspectorLoader cancelLoading] + 94
21  com.apple.WebCore             	0x000000010edc096f WebCore::MediaPlayerPrivateAVFoundationObjC::cancelLoad() + 303
22  com.apple.WebCore             	0x000000010edc062b WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC() + 43
23  com.apple.WebCore             	0x000000010edc05f5 WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC() + 21
24  com.apple.WebCore             	0x000000010edc058d WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC() + 29
25  com.apple.WebCore             	0x000000010edbaa2e void WTF::deleteOwnedPtr<WebCore::MediaPlayerPrivateInterface>(WebCore::MediaPlayerPrivateInterface*) + 46
26  com.apple.WebCore             	0x000000010edbaa58 WTF::OwnPtr<WebCore::MediaPlayerPrivateInterface*>::~OwnPtr() + 24
27  com.apple.WebCore             	0x000000010edba4d5 WTF::OwnPtr<WebCore::MediaPlayerPrivateInterface*>::~OwnPtr() + 21
28  com.apple.WebCore             	0x000000010edb7a99 WebCore::MediaPlayer::~MediaPlayer() + 105
29  com.apple.WebCore             	0x000000010edb7a25 WebCore::MediaPlayer::~MediaPlayer() + 21
30  com.apple.WebCore             	0x000000010edb79bd WebCore::MediaPlayer::~MediaPlayer() + 29
31  com.apple.WebCore             	0x000000010e67866e void WTF::deleteOwnedPtr<WebCore::MediaPlayer>(WebCore::MediaPlayer*) + 46
32  com.apple.WebCore             	0x000000010e6784f7 WTF::OwnPtr<WebCore::MediaPlayer>::clear() + 39
33  com.apple.WebCore             	0x000000010e676a9a WebCore::HTMLMediaElement::userCancelledLoad() + 122
34  com.apple.WebCore             	0x000000010e676cd7 WebCore::HTMLMediaElement::stop() + 119
35  com.apple.WebCore             	0x000000010e676c55 non-virtual thunk to WebCore::HTMLMediaElement::stop() + 37
36  com.apple.WebCore             	0x000000010f1b662c WebCore::ScriptExecutionContext::stopActiveDOMObjects() + 364
Comment 1 Eric Carlson 2011-05-05 12:30:17 PDT
<rdar;//problem/9382942>
Comment 2 Eric Carlson 2011-05-05 12:49:25 PDT
Created attachment 92451 [details]
Proposed patch.
Comment 3 Eric Carlson 2011-05-05 13:24:23 PDT
http://trac.webkit.org/changeset/85872
Comment 4 WebKit Review Bot 2011-05-05 16:06:52 PDT
http://trac.webkit.org/changeset/85872 might have broken GTK Linux 32-bit Debug
The following tests are not passing:
svg/W3C-SVG-1.1/animate-elem-46-t.svg
Comment 5 Ademar Reis 2011-06-03 14:05:17 PDT
Revision r85872 cherry-picked into qtwebkit-2.2 with commit db27609 <http://gitorious.org/webkit/qtwebkit/commit/db27609>