<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[180692] branches/safari-600.1.4.15-branch/Source</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/180692">180692</a></dd>
<dt>Author</dt> <dd>lforschler@apple.com</dd>
<dt>Date</dt> <dd>2015-02-26 11:56:49 -0800 (Thu, 26 Feb 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merged <a href="http://trac.webkit.org/projects/webkit/changeset/179480">r179480</a>. rdar://problem/19709193</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari6001415branchSourceWebCoreChangeLog">branches/safari-600.1.4.15-branch/Source/WebCore/ChangeLog</a></li>
<li><a href="#branchessafari6001415branchSourceWebCoreWebCoreexpin">branches/safari-600.1.4.15-branch/Source/WebCore/WebCore.exp.in</a></li>
<li><a href="#branchessafari6001415branchSourceWebCoreplatformiosWebVideoFullscreenInterfaceh">branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenInterface.h</a></li>
<li><a href="#branchessafari6001415branchSourceWebCoreplatformiosWebVideoFullscreenInterfaceAVKith">branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenInterfaceAVKit.h</a></li>
<li><a href="#branchessafari6001415branchSourceWebCoreplatformiosWebVideoFullscreenInterfaceAVKitmm">branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenInterfaceAVKit.mm</a></li>
<li><a href="#branchessafari6001415branchSourceWebCoreplatformiosWebVideoFullscreenModelMediaElementmm">branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenModelMediaElement.mm</a></li>
<li><a href="#branchessafari6001415branchSourceWebKit2ChangeLog">branches/safari-600.1.4.15-branch/Source/WebKit2/ChangeLog</a></li>
<li><a href="#branchessafari6001415branchSourceWebKit2UIProcessiosWebVideoFullscreenManagerProxymessagesin">branches/safari-600.1.4.15-branch/Source/WebKit2/UIProcess/ios/WebVideoFullscreenManagerProxy.messages.in</a></li>
<li><a href="#branchessafari6001415branchSourceWebKit2WebProcessiosWebVideoFullscreenManagerh">branches/safari-600.1.4.15-branch/Source/WebKit2/WebProcess/ios/WebVideoFullscreenManager.h</a></li>
<li><a href="#branchessafari6001415branchSourceWebKit2WebProcessiosWebVideoFullscreenManagermm">branches/safari-600.1.4.15-branch/Source/WebKit2/WebProcess/ios/WebVideoFullscreenManager.mm</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari6001415branchSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1.4.15-branch/Source/WebCore/ChangeLog (180691 => 180692)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1.4.15-branch/Source/WebCore/ChangeLog 2015-02-26 19:51:52 UTC (rev 180691)
+++ branches/safari-600.1.4.15-branch/Source/WebCore/ChangeLog 2015-02-26 19:56:49 UTC (rev 180692)
</span><span class="lines">@@ -1,3 +1,56 @@
</span><ins>+2015-02-26 Lucas Forschler <lforschler@apple.com>
+
+ Merge r179480
+
+ 2015-02-02 Jeremy Jones <jeremyj@apple.com>
+
+ Prevent crash when accessing WebAVPlayerController.delegate.
+ https://bugs.webkit.org/show_bug.cgi?id=140893
+
+ Reviewed by Darin Adler.
+
+ This patch aims to prevent a null delegate access during invalidation by adding null checks before accessing the delegate, by making explicit the recreation of m_playerController, and by consolidating and correcting the teardown sequence.
+
+ * WebCore.exp.in:
+ * platform/ios/WebVideoFullscreenInterface.h: add resetMediaState()
+ * platform/ios/WebVideoFullscreenInterfaceAVKit.h: ditto.
+ * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
+ (-[WebAVPlayerController playerViewController:shouldExitFullScreenWithReason:]): Check for null before accessing delegate.
+ (-[WebAVPlayerController play:]): ditto.
+ (-[WebAVPlayerController pause:]): ditto.
+ (-[WebAVPlayerController togglePlayback:]): ditto.
+ (-[WebAVPlayerController setPlaying:]): ditto.
+ (-[WebAVPlayerController beginScrubbing:]): ditto.
+ (-[WebAVPlayerController endScrubbing:]): ditto.
+ (-[WebAVPlayerController seekToTime:]): ditto.
+ (-[WebAVPlayerController beginScanningForward:]): ditto.
+ (-[WebAVPlayerController endScanningForward:]): ditto.
+ (-[WebAVPlayerController beginScanningBackward:]): ditto.
+ (-[WebAVPlayerController endScanningBackward:]): ditto.
+ (-[WebAVPlayerController seekToBeginning:]): ditto.
+ (-[WebAVPlayerController seekToEnd:]): ditto.
+ (-[WebAVPlayerController setCurrentAudioMediaSelectionOption:]): ditto.
+ (-[WebAVPlayerController setCurrentLegibleMediaSelectionOption:]): ditto.
+ (-[WebAVPlayerController layoutSublayersOfLayer:]): ditto.
+ (WebVideoFullscreenInterfaceAVKit::WebVideoFullscreenInterfaceAVKit): initialize m_playerController
+ (WebVideoFullscreenInterfaceAVKit::resetMediaState): Added.
+ (WebVideoFullscreenInterfaceAVKit::setDuration): remove playerController()
+ (WebVideoFullscreenInterfaceAVKit::setCurrentTime): ditto.
+ (WebVideoFullscreenInterfaceAVKit::setRate): ditto.
+ (WebVideoFullscreenInterfaceAVKit::setVideoDimensions): ditto.
+ (WebVideoFullscreenInterfaceAVKit::setSeekableRanges): ditto.
+ (WebVideoFullscreenInterfaceAVKit::setCanPlayFastReverse): ditto.
+ (WebVideoFullscreenInterfaceAVKit::setAudioMediaSelectionOptions): ditto.
+ (WebVideoFullscreenInterfaceAVKit::setLegibleMediaSelectionOptions): ditto.
+ (WebVideoFullscreenInterfaceAVKit::setExternalPlayback): ditto.
+ (WebVideoFullscreenInterfaceAVKit::setupFullscreenInternal): ditto.
+ (WebVideoFullscreenInterfaceAVKit::enterFullscreenStandard): ditto.
+ (WebVideoFullscreenInterfaceAVKit::cleanupFullscreenInternal): consolidated cleanup code from invalidate()
+ (WebVideoFullscreenInterfaceAVKit::invalidate): consolidate cleanup code.
+ (WebVideoFullscreenInterfaceAVKit::playerController): Deleted.
+ * platform/ios/WebVideoFullscreenModelVideoElement.mm:
+ (WebVideoFullscreenModelVideoElement::setVideoElement): call resetMediaState()
+
</ins><span class="cx"> 2015-02-25 Babak Shafiei <bshafiei@apple.com>
</span><span class="cx">
</span><span class="cx"> Merge r180274.
</span></span></pre></div>
<a id="branchessafari6001415branchSourceWebCoreWebCoreexpin"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1.4.15-branch/Source/WebCore/WebCore.exp.in (180691 => 180692)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1.4.15-branch/Source/WebCore/WebCore.exp.in 2015-02-26 19:51:52 UTC (rev 180691)
+++ branches/safari-600.1.4.15-branch/Source/WebCore/WebCore.exp.in 2015-02-26 19:56:49 UTC (rev 180692)
</span><span class="lines">@@ -3446,6 +3446,7 @@
</span><span class="cx"> __ZN7WebCore32WebVideoFullscreenInterfaceAVKit14setCurrentTimeEdd
</span><span class="cx"> __ZN7WebCore32WebVideoFullscreenInterfaceAVKit15enterFullscreenEv
</span><span class="cx"> __ZN7WebCore32WebVideoFullscreenInterfaceAVKit15setupFullscreenER7CALayerNS_7IntRectEP6UIView
</span><ins>+__ZN7WebCore32WebVideoFullscreenInterfaceAVKit15resetMediaStateEv
</ins><span class="cx"> __ZN7WebCore32WebVideoFullscreenInterfaceAVKit17cleanupFullscreenEv
</span><span class="cx"> __ZN7WebCore32WebVideoFullscreenInterfaceAVKit17setSeekableRangesERKNS_10TimeRangesE
</span><span class="cx"> __ZN7WebCore32WebVideoFullscreenInterfaceAVKit18setVideoDimensionsEbff
</span></span></pre></div>
<a id="branchessafari6001415branchSourceWebCoreplatformiosWebVideoFullscreenInterfaceh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenInterface.h (180691 => 180692)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenInterface.h 2015-02-26 19:51:52 UTC (rev 180691)
+++ branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenInterface.h 2015-02-26 19:56:49 UTC (rev 180692)
</span><span class="lines">@@ -44,6 +44,7 @@
</span><span class="cx"> enum ExternalPlaybackTargetType { TargetTypeNone, TargetTypeAirPlay, TargetTypeTVOut };
</span><span class="cx">
</span><span class="cx"> virtual ~WebVideoFullscreenInterface() { };
</span><ins>+ virtual void resetMediaState() = 0;
</ins><span class="cx"> virtual void setDuration(double) = 0;
</span><span class="cx"> virtual void setCurrentTime(double currentTime, double anchorTime) = 0;
</span><span class="cx"> virtual void setRate(bool isPlaying, float playbackRate) = 0;
</span></span></pre></div>
<a id="branchessafari6001415branchSourceWebCoreplatformiosWebVideoFullscreenInterfaceAVKith"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenInterfaceAVKit.h (180691 => 180692)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenInterfaceAVKit.h 2015-02-26 19:51:52 UTC (rev 180691)
+++ branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenInterfaceAVKit.h 2015-02-26 19:56:49 UTC (rev 180692)
</span><span class="lines">@@ -63,6 +63,7 @@
</span><span class="cx">
</span><span class="cx"> protected:
</span><span class="cx"> void setupFullscreenInternal(PlatformLayer&, IntRect initialRect, UIView *);
</span><ins>+ void beginSession();
</ins><span class="cx"> void enterFullscreenOptimized();
</span><span class="cx"> void enterFullscreenStandard();
</span><span class="cx"> void exitFullscreenInternal(IntRect finalRect);
</span><span class="lines">@@ -81,8 +82,6 @@
</span><span class="cx"> RetainPtr<UIView> m_parentView;
</span><span class="cx"> RetainPtr<UIWindow> m_parentWindow;
</span><span class="cx">
</span><del>- WebAVPlayerController *playerController();
-
</del><span class="cx"> void doEnterFullscreen();
</span><span class="cx">
</span><span class="cx"> public:
</span><span class="lines">@@ -91,6 +90,7 @@
</span><span class="cx"> void setWebVideoFullscreenModel(WebVideoFullscreenModel*);
</span><span class="cx"> void setWebVideoFullscreenChangeObserver(WebVideoFullscreenChangeObserver*);
</span><span class="cx">
</span><ins>+ virtual void resetMediaState() override;
</ins><span class="cx"> virtual void setDuration(double) override;
</span><span class="cx"> virtual void setCurrentTime(double currentTime, double anchorTime) override;
</span><span class="cx"> virtual void setRate(bool isPlaying, float playbackRate) override;
</span></span></pre></div>
<a id="branchessafari6001415branchSourceWebCoreplatformiosWebVideoFullscreenInterfaceAVKitmm"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenInterfaceAVKit.mm (180691 => 180692)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenInterfaceAVKit.mm 2015-02-26 19:51:52 UTC (rev 180691)
+++ branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenInterfaceAVKit.mm 2015-02-26 19:56:49 UTC (rev 180692)
</span><span class="lines">@@ -89,6 +89,7 @@
</span><span class="cx"> WebAVMediaSelectionOption *_currentLegibleMediaSelectionOption;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+-(void)resetState;
</ins><span class="cx"> @property(retain) AVPlayerController* playerControllerProxy;
</span><span class="cx"> @property(assign) WebVideoFullscreenModel* delegate;
</span><span class="cx">
</span><span class="lines">@@ -156,6 +157,38 @@
</span><span class="cx"> [super dealloc];
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+
+-(void)resetState {
+ self.contentDuration = 0;
+ self.maxTime = 0;
+ self.contentDurationWithinEndTimes = 0;
+ self.loadedTimeRanges = @[];
+
+ self.canPlay = NO;
+ self.canPause = NO;
+ self.canTogglePlayback = NO;
+ self.hasEnabledAudio = NO;
+ self.canSeek = NO;
+ self.minTime = 0;
+ self.status = AVPlayerControllerStatusUnknown;
+
+ self.timing = nil;
+ self.rate = 0;
+
+ self.hasEnabledVideo = NO;
+ self.contentDimensions = CGSizeMake(0, 0);
+
+ self.seekableTimeRanges = [NSMutableArray array];
+
+ self.canScanBackward = NO;
+
+ self.audioMediaSelectionOptions = nil;
+ self.currentAudioMediaSelectionOption = nil;
+
+ self.legibleMediaSelectionOptions = nil;
+ self.currentLegibleMediaSelectionOption = nil;
+}
+
</ins><span class="cx"> - (id)forwardingTargetForSelector:(SEL)selector
</span><span class="cx"> {
</span><span class="cx"> UNUSED_PARAM(selector);
</span><span class="lines">@@ -166,9 +199,12 @@
</span><span class="cx"> {
</span><span class="cx"> UNUSED_PARAM(playerViewController);
</span><span class="cx"> UNUSED_PARAM(reason);
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return YES;
+
</ins><span class="cx"> if (reason == AVPlayerViewControllerExitFullScreenReasonDoneButtonTapped || reason == AVPlayerViewControllerExitFullScreenReasonRemoteControlStopEventReceived)
</span><span class="cx"> self.delegate->pause();
</span><ins>+
</ins><span class="cx"> self.delegate->requestExitFullscreen();
</span><span class="cx"> return NO;
</span><span class="cx"> }
</span><span class="lines">@@ -176,21 +212,24 @@
</span><span class="cx"> - (void)play:(id)sender
</span><span class="cx"> {
</span><span class="cx"> UNUSED_PARAM(sender);
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx"> self.delegate->play();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> - (void)pause:(id)sender
</span><span class="cx"> {
</span><span class="cx"> UNUSED_PARAM(sender);
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx"> self.delegate->pause();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> - (void)togglePlayback:(id)sender
</span><span class="cx"> {
</span><span class="cx"> UNUSED_PARAM(sender);
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx"> self.delegate->togglePlayState();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -201,12 +240,13 @@
</span><span class="cx">
</span><span class="cx"> - (void)setPlaying:(BOOL)playing
</span><span class="cx"> {
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx"> if (playing)
</span><span class="cx"> self.delegate->play();
</span><span class="cx"> else
</span><span class="cx"> self.delegate->pause();
</span><del>- }
</del><ins>+}
</ins><span class="cx">
</span><span class="cx"> + (NSSet *)keyPathsForValuesAffectingPlaying
</span><span class="cx"> {
</span><span class="lines">@@ -216,20 +256,23 @@
</span><span class="cx"> - (void)beginScrubbing:(id)sender
</span><span class="cx"> {
</span><span class="cx"> UNUSED_PARAM(sender);
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx"> self.delegate->beginScrubbing();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> - (void)endScrubbing:(id)sender
</span><span class="cx"> {
</span><span class="cx"> UNUSED_PARAM(sender);
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx"> self.delegate->endScrubbing();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> - (void)seekToTime:(NSTimeInterval)time
</span><span class="cx"> {
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx"> self.delegate->fastSeek(time);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -292,28 +335,32 @@
</span><span class="cx"> - (void)beginScanningForward:(id)sender
</span><span class="cx"> {
</span><span class="cx"> UNUSED_PARAM(sender);
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx"> self.delegate->beginScanningForward();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> - (void)endScanningForward:(id)sender
</span><span class="cx"> {
</span><span class="cx"> UNUSED_PARAM(sender);
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx"> self.delegate->endScanning();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> - (void)beginScanningBackward:(id)sender
</span><span class="cx"> {
</span><span class="cx"> UNUSED_PARAM(sender);
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx"> self.delegate->beginScanningBackward();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> - (void)endScanningBackward:(id)sender
</span><span class="cx"> {
</span><span class="cx"> UNUSED_PARAM(sender);
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx"> self.delegate->endScanning();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -335,8 +382,8 @@
</span><span class="cx"> - (void)seekToBeginning:(id)sender
</span><span class="cx"> {
</span><span class="cx"> UNUSED_PARAM(sender);
</span><del>- ASSERT(self.delegate);
-
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx"> self.delegate->seekToTime(-INFINITY);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -363,8 +410,8 @@
</span><span class="cx"> - (void)seekToEnd:(id)sender
</span><span class="cx"> {
</span><span class="cx"> UNUSED_PARAM(sender);
</span><del>- ASSERT(self.delegate);
-
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx"> self.delegate->seekToTime(INFINITY);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -417,7 +464,8 @@
</span><span class="cx"> [_currentAudioMediaSelectionOption release];
</span><span class="cx"> _currentAudioMediaSelectionOption = [option retain];
</span><span class="cx">
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx">
</span><span class="cx"> NSInteger index = NSNotFound;
</span><span class="cx">
</span><span class="lines">@@ -440,7 +488,8 @@
</span><span class="cx"> [_currentLegibleMediaSelectionOption release];
</span><span class="cx"> _currentLegibleMediaSelectionOption = [option retain];
</span><span class="cx">
</span><del>- ASSERT(self.delegate);
</del><ins>+ if (!self.delegate)
+ return;
</ins><span class="cx">
</span><span class="cx"> NSInteger index = NSNotFound;
</span><span class="cx">
</span><span class="lines">@@ -580,22 +629,25 @@
</span><span class="cx"> @end
</span><span class="cx">
</span><span class="cx"> WebVideoFullscreenInterfaceAVKit::WebVideoFullscreenInterfaceAVKit()
</span><del>- : m_videoFullscreenModel(nullptr)
</del><ins>+ : m_playerController(adoptNS([[WebAVPlayerController alloc] init]))
+ , m_videoFullscreenModel(nullptr)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>-WebAVPlayerController *WebVideoFullscreenInterfaceAVKit::playerController()
</del><ins>+void WebVideoFullscreenInterfaceAVKit::resetMediaState()
</ins><span class="cx"> {
</span><del>- if (!m_playerController)
- {
- m_playerController = adoptNS([[WebAVPlayerController alloc] init]);
- if (m_videoFullscreenModel)
- [m_playerController setDelegate:m_videoFullscreenModel];
- }
- return m_playerController.get();
</del><ins>+ RefPtr<WebVideoFullscreenInterfaceAVKit> strongThis(this);
+
+ dispatch_async(dispatch_get_main_queue(), [strongThis] {
+ if (!strongThis->m_playerController) {
+ strongThis->m_playerController = adoptNS([[WebAVPlayerController alloc] init]);
+ [strongThis->m_playerController setDelegate:strongThis->m_videoFullscreenModel];
+
+ } else
+ [strongThis->m_playerController resetState];
+ });
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-
</del><span class="cx"> void WebVideoFullscreenInterfaceAVKit::setWebVideoFullscreenModel(WebVideoFullscreenModel* model)
</span><span class="cx"> {
</span><span class="cx"> m_videoFullscreenModel = model;
</span><span class="lines">@@ -612,7 +664,7 @@
</span><span class="cx"> RefPtr<WebVideoFullscreenInterfaceAVKit> strongThis(this);
</span><span class="cx">
</span><span class="cx"> dispatch_async(dispatch_get_main_queue(), [strongThis, duration] {
</span><del>- WebAVPlayerController* playerController = strongThis->playerController();
</del><ins>+ WebAVPlayerController* playerController = strongThis->m_playerController.get();
</ins><span class="cx">
</span><span class="cx"> // FIXME: https://bugs.webkit.org/show_bug.cgi?id=127017 use correct values instead of duration for all these
</span><span class="cx"> playerController.contentDuration = duration;
</span><span class="lines">@@ -636,10 +688,10 @@
</span><span class="cx"> RefPtr<WebVideoFullscreenInterfaceAVKit> strongThis(this);
</span><span class="cx">
</span><span class="cx"> dispatch_async(dispatch_get_main_queue(), [strongThis, currentTime, anchorTime] {
</span><del>- NSTimeInterval anchorTimeStamp = ![strongThis->playerController() rate] ? NAN : anchorTime;
</del><ins>+ NSTimeInterval anchorTimeStamp = ![strongThis->m_playerController rate] ? NAN : anchorTime;
</ins><span class="cx"> AVValueTiming *timing = [getAVValueTimingClass() valueTimingWithAnchorValue:currentTime
</span><span class="cx"> anchorTimeStamp:anchorTimeStamp rate:0];
</span><del>- strongThis->playerController().timing = timing;
</del><ins>+ [strongThis->m_playerController setTiming:timing];
</ins><span class="cx"> });
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -648,7 +700,7 @@
</span><span class="cx"> RefPtr<WebVideoFullscreenInterfaceAVKit> strongThis(this);
</span><span class="cx">
</span><span class="cx"> dispatch_async(dispatch_get_main_queue(), [strongThis, isPlaying, playbackRate] {
</span><del>- strongThis->playerController().rate = isPlaying ? playbackRate : 0.;
</del><ins>+ [strongThis->m_playerController setRate:isPlaying ? playbackRate : 0.];
</ins><span class="cx"> });
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -657,8 +709,8 @@
</span><span class="cx"> RefPtr<WebVideoFullscreenInterfaceAVKit> strongThis(this);
</span><span class="cx">
</span><span class="cx"> dispatch_async(dispatch_get_main_queue(), [strongThis, hasVideo, width, height] {
</span><del>- strongThis->playerController().hasEnabledVideo = hasVideo;
- strongThis->playerController().contentDimensions = CGSizeMake(width, height);
</del><ins>+ [strongThis->m_playerController setHasEnabledVideo:hasVideo];
+ [strongThis->m_playerController setContentDimensions:CGSizeMake(width, height)];
</ins><span class="cx"> });
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -678,7 +730,7 @@
</span><span class="cx"> RefPtr<WebVideoFullscreenInterfaceAVKit> strongThis(this);
</span><span class="cx">
</span><span class="cx"> dispatch_async(dispatch_get_main_queue(), [strongThis, seekableRanges] {
</span><del>- strongThis->playerController().seekableTimeRanges = seekableRanges.get();
</del><ins>+ [strongThis->m_playerController setSeekableTimeRanges:seekableRanges.get()];
</ins><span class="cx"> });
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -687,7 +739,7 @@
</span><span class="cx"> RefPtr<WebVideoFullscreenInterfaceAVKit> strongThis(this);
</span><span class="cx">
</span><span class="cx"> dispatch_async(dispatch_get_main_queue(), [strongThis, canPlayFastReverse] {
</span><del>- strongThis->playerController().canScanBackward = canPlayFastReverse;
</del><ins>+ [strongThis->m_playerController setCanScanBackward:canPlayFastReverse];
</ins><span class="cx"> });
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -708,9 +760,9 @@
</span><span class="cx"> RefPtr<WebVideoFullscreenInterfaceAVKit> strongThis(this);
</span><span class="cx">
</span><span class="cx"> dispatch_async(dispatch_get_main_queue(), [webOptions, strongThis, selectedIndex] {
</span><del>- strongThis->playerController().audioMediaSelectionOptions = webOptions.get();
</del><ins>+ [strongThis->m_playerController setAudioMediaSelectionOptions:webOptions.get()];
</ins><span class="cx"> if (selectedIndex < [webOptions count])
</span><del>- strongThis->playerController().currentAudioMediaSelectionOption = [webOptions objectAtIndex:static_cast<NSUInteger>(selectedIndex)];
</del><ins>+ [strongThis->m_playerController setCurrentAudioMediaSelectionOption:[webOptions objectAtIndex:static_cast<NSUInteger>(selectedIndex)]];
</ins><span class="cx"> });
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -720,9 +772,9 @@
</span><span class="cx"> RefPtr<WebVideoFullscreenInterfaceAVKit> strongThis(this);
</span><span class="cx">
</span><span class="cx"> dispatch_async(dispatch_get_main_queue(), [webOptions, strongThis, selectedIndex] {
</span><del>- strongThis->playerController().legibleMediaSelectionOptions = webOptions.get();
</del><ins>+ [strongThis->m_playerController setLegibleMediaSelectionOptions:webOptions.get()];
</ins><span class="cx"> if (selectedIndex < [webOptions count])
</span><del>- strongThis->playerController().currentLegibleMediaSelectionOption = [webOptions objectAtIndex:static_cast<NSUInteger>(selectedIndex)];
</del><ins>+ [strongThis->m_playerController setCurrentLegibleMediaSelectionOption:[webOptions objectAtIndex:static_cast<NSUInteger>(selectedIndex)]];
</ins><span class="cx"> });
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -737,7 +789,7 @@
</span><span class="cx"> RefPtr<WebVideoFullscreenInterfaceAVKit> strongThis(this);
</span><span class="cx">
</span><span class="cx"> dispatch_async(dispatch_get_main_queue(), [strongThis, enabled, localizedDeviceName, externalPlaybackType] {
</span><del>- WebAVPlayerController* playerController = strongThis->playerController();
</del><ins>+ WebAVPlayerController* playerController = strongThis->m_playerController.get();
</ins><span class="cx"> playerController.externalPlaybackAirPlayDeviceLocalizedName = localizedDeviceName;
</span><span class="cx"> playerController.externalPlaybackType = externalPlaybackType;
</span><span class="cx"> playerController.externalPlaybackActive = enabled;
</span><span class="lines">@@ -777,17 +829,17 @@
</span><span class="cx"> [m_videoLayer removeFromSuperlayer];
</span><span class="cx">
</span><span class="cx"> m_videoLayerContainer = [WebAVVideoLayer videoLayer];
</span><del>- [m_videoLayerContainer setHidden:playerController().externalPlaybackActive];
</del><ins>+ [m_videoLayerContainer setHidden:[m_playerController isExternalPlaybackActive]];
</ins><span class="cx"> [m_videoLayerContainer setVideoSublayer:m_videoLayer.get()];
</span><span class="cx">
</span><del>- CGSize videoSize = playerController().contentDimensions;
</del><ins>+ CGSize videoSize = [m_playerController contentDimensions];
</ins><span class="cx"> CGRect videoRect = CGRectMake(0, 0, videoSize.width, videoSize.height);
</span><span class="cx"> [m_videoLayerContainer setVideoRect:videoRect];
</span><span class="cx">
</span><span class="cx"> m_playerViewController = adoptNS([[getAVPlayerViewControllerClass() alloc] initWithVideoLayer:m_videoLayerContainer.get()]);
</span><span class="cx"> [m_playerViewController setShowsPlaybackControls:NO];
</span><del>- [m_playerViewController setPlayerController:(AVPlayerController *)playerController()];
- [m_playerViewController setDelegate:playerController()];
</del><ins>+ [m_playerViewController setPlayerController:(AVPlayerController *)m_playerController.get()];
+ [m_playerViewController setDelegate:m_playerController.get()];
</ins><span class="cx"> [m_videoLayerContainer setPlayerViewController:m_playerViewController.get()];
</span><span class="cx">
</span><span class="cx"> if (m_viewController) {
</span><span class="lines">@@ -893,18 +945,27 @@
</span><span class="cx"> if (m_parentWindow)
</span><span class="cx"> [[getUIApplicationClass() sharedApplication] _setStatusBarOrientation:[m_parentWindow interfaceOrientation]];
</span><span class="cx"> }
</span><ins>+
+ [m_playerController setDelegate:nil];
+
</ins><span class="cx"> [m_playerViewController setDelegate:nil];
</span><ins>+ [m_playerViewController setPlayerController:nil];
+
+ [m_playerViewController exitFullScreenAnimated:NO completionHandler:nil];
+
</ins><span class="cx"> [[m_playerViewController view] removeFromSuperview];
</span><span class="cx"> if (m_viewController)
</span><span class="cx"> [m_playerViewController removeFromParentViewController];
</span><del>- [m_playerViewController setPlayerController:nil];
- m_playerViewController = nil;
</del><ins>+
</ins><span class="cx"> [m_videoLayer removeFromSuperlayer];
</span><del>- m_videoLayer = nil;
</del><span class="cx"> [m_videoLayerContainer removeFromSuperlayer];
</span><span class="cx"> [m_videoLayerContainer setPlayerViewController:nil];
</span><ins>+ [[m_viewController view] removeFromSuperview];
+
+ m_videoLayer = nil;
</ins><span class="cx"> m_videoLayerContainer = nil;
</span><del>- [[m_viewController view] removeFromSuperview];
</del><ins>+ m_playerViewController = nil;
+ m_playerController = nil;
</ins><span class="cx"> m_viewController = nil;
</span><span class="cx"> m_window = nil;
</span><span class="cx"> m_parentView = nil;
</span><span class="lines">@@ -919,26 +980,10 @@
</span><span class="cx">
</span><span class="cx"> void WebVideoFullscreenInterfaceAVKit::invalidate()
</span><span class="cx"> {
</span><del>- [m_window setHidden:YES];
- [m_window setRootViewController:nil];
- [m_playerViewController exitFullScreenAnimated:NO completionHandler:nil];
- m_playerController = nil;
- [m_playerViewController setDelegate:nil];
- [[m_playerViewController view] removeFromSuperview];
- if (m_viewController)
- [m_playerViewController removeFromParentViewController];
- [m_playerViewController setPlayerController:nil];
- m_playerViewController = nil;
- [m_videoLayer removeFromSuperlayer];
- m_videoLayer = nil;
- [m_videoLayerContainer removeFromSuperlayer];
- [m_videoLayerContainer setPlayerViewController:nil];
- m_videoLayerContainer = nil;
- [[m_viewController view] removeFromSuperview];
- m_viewController = nil;
- m_window = nil;
- m_parentView = nil;
- m_parentWindow = nil;
</del><ins>+ m_videoFullscreenModel = nil;
+ m_fullscreenChangeObserver = nil;
+
+ cleanupFullscreenInternal();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void WebVideoFullscreenInterfaceAVKit::requestHideAndExitFullscreen()
</span></span></pre></div>
<a id="branchessafari6001415branchSourceWebCoreplatformiosWebVideoFullscreenModelMediaElementmm"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenModelMediaElement.mm (180691 => 180692)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenModelMediaElement.mm 2015-02-26 19:51:52 UTC (rev 180691)
+++ branches/safari-600.1.4.15-branch/Source/WebCore/platform/ios/WebVideoFullscreenModelMediaElement.mm 2015-02-26 19:56:49 UTC (rev 180692)
</span><span class="lines">@@ -68,6 +68,9 @@
</span><span class="cx"> if (m_mediaElement == mediaElement)
</span><span class="cx"> return;
</span><span class="cx">
</span><ins>+ if (m_videoFullscreenInterface)
+ m_videoFullscreenInterface->resetMediaState();
+
</ins><span class="cx"> if (m_mediaElement && m_isListening) {
</span><span class="cx"> for (auto eventName : observedEventNames())
</span><span class="cx"> m_mediaElement->removeEventListener(eventName, this, false);
</span></span></pre></div>
<a id="branchessafari6001415branchSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1.4.15-branch/Source/WebKit2/ChangeLog (180691 => 180692)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1.4.15-branch/Source/WebKit2/ChangeLog 2015-02-26 19:51:52 UTC (rev 180691)
+++ branches/safari-600.1.4.15-branch/Source/WebKit2/ChangeLog 2015-02-26 19:56:49 UTC (rev 180692)
</span><span class="lines">@@ -1,3 +1,23 @@
</span><ins>+2015-02-26 Lucas Forschler <lforschler@apple.com>
+
+ Merge r179480
+
+ 2015-02-02 Jeremy Jones <jeremyj@apple.com>
+
+ Prevent crash when accessing WebAVPlayerController.delegate.
+ https://bugs.webkit.org/show_bug.cgi?id=140893
+
+ Reviewed by Darin Adler.
+
+ Plumb new resetMediaState() through IPC interface WebVideoFullscreenManagerProxy.
+
+ * UIProcess/ios/WebVideoFullscreenManagerProxy.messages.in:
+ * UIProcess/ios/WebVideoFullscreenManagerProxy.mm:
+ (WebKit::WebVideoFullscreenManagerProxy::invalidate): remove redundant set to nullptr.
+ * WebProcess/ios/WebVideoFullscreenManager.h:
+ * WebProcess/ios/WebVideoFullscreenManager.mm:
+ (WebKit::WebVideoFullscreenManager::resetMediaState):
+
</ins><span class="cx"> 2015-02-25 Babak Shafiei <bshafiei@apple.com>
</span><span class="cx">
</span><span class="cx"> Merge r180539.
</span></span></pre></div>
<a id="branchessafari6001415branchSourceWebKit2UIProcessiosWebVideoFullscreenManagerProxymessagesin"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1.4.15-branch/Source/WebKit2/UIProcess/ios/WebVideoFullscreenManagerProxy.messages.in (180691 => 180692)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1.4.15-branch/Source/WebKit2/UIProcess/ios/WebVideoFullscreenManagerProxy.messages.in 2015-02-26 19:51:52 UTC (rev 180691)
+++ branches/safari-600.1.4.15-branch/Source/WebKit2/UIProcess/ios/WebVideoFullscreenManagerProxy.messages.in 2015-02-26 19:56:49 UTC (rev 180692)
</span><span class="lines">@@ -22,6 +22,7 @@
</span><span class="cx">
</span><span class="cx"> #if PLATFORM(IOS)
</span><span class="cx"> messages -> WebVideoFullscreenManagerProxy {
</span><ins>+ ResetMediaState()
</ins><span class="cx"> SetCurrentTime(double currentTime, double hostTime)
</span><span class="cx"> SetVideoDimensions(bool hasVideo, unsigned width, unsigned height)
</span><span class="cx"> SetSeekableRangesVector(Vector<std::pair<double, double>> ranges);
</span></span></pre></div>
<a id="branchessafari6001415branchSourceWebKit2WebProcessiosWebVideoFullscreenManagerh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1.4.15-branch/Source/WebKit2/WebProcess/ios/WebVideoFullscreenManager.h (180691 => 180692)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1.4.15-branch/Source/WebKit2/WebProcess/ios/WebVideoFullscreenManager.h 2015-02-26 19:51:52 UTC (rev 180691)
+++ branches/safari-600.1.4.15-branch/Source/WebKit2/WebProcess/ios/WebVideoFullscreenManager.h 2015-02-26 19:56:49 UTC (rev 180692)
</span><span class="lines">@@ -67,6 +67,7 @@
</span><span class="cx"> virtual bool operator==(const EventListener& rhs) override { return static_cast<WebCore::EventListener*>(this) == &rhs; }
</span><span class="cx">
</span><span class="cx"> // FullscreenInterface
</span><ins>+ virtual void resetMediaState() override;
</ins><span class="cx"> virtual void setDuration(double) override;
</span><span class="cx"> virtual void setCurrentTime(double currentTime, double anchorTime) override;
</span><span class="cx"> virtual void setRate(bool isPlaying, float playbackRate) override;
</span></span></pre></div>
<a id="branchessafari6001415branchSourceWebKit2WebProcessiosWebVideoFullscreenManagermm"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1.4.15-branch/Source/WebKit2/WebProcess/ios/WebVideoFullscreenManager.mm (180691 => 180692)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1.4.15-branch/Source/WebKit2/WebProcess/ios/WebVideoFullscreenManager.mm 2015-02-26 19:51:52 UTC (rev 180691)
+++ branches/safari-600.1.4.15-branch/Source/WebKit2/WebProcess/ios/WebVideoFullscreenManager.mm 2015-02-26 19:56:49 UTC (rev 180692)
</span><span class="lines">@@ -114,6 +114,11 @@
</span><span class="cx"> m_page->send(Messages::WebVideoFullscreenManagerProxy::ExitFullscreen(clientRectForNode(node)), m_page->pageID());
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void WebVideoFullscreenManager::resetMediaState()
+{
+ m_page->send(Messages::WebVideoFullscreenManagerProxy::ResetMediaState(), m_page->pageID());
+}
+
</ins><span class="cx"> void WebVideoFullscreenManager::setDuration(double duration)
</span><span class="cx"> {
</span><span class="cx"> m_page->send(Messages::WebVideoFullscreenManagerProxy::SetDuration(duration), m_page->pageID());
</span></span></pre>
</div>
</div>
</body>
</html>