<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[278448] trunk/Source/WebCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/278448">278448</a></dd>
<dt>Author</dt> <dd>jya@apple.com</dd>
<dt>Date</dt> <dd>2021-06-03 21:16:39 -0700 (Thu, 03 Jun 2021)</dd>
</dl>

<h3>Log Message</h3>
<pre>fast/dom/Window/property-access-on-cached-window-after-frame-removed.html (layout-test) may crash
https://bugs.webkit.org/show_bug.cgi?id=226612
rdar://78846264

Reviewed by Eric Carlson.

It is possible under some circumstances for a MediaSession to be constructed
when no page or frame exists (such as when we move in/out bfcache).
The MediaSession constructor incorrectly only created the MediaSessionCoordinatorPrivate
if a Page and Frame existed.
To avoid any ambiguities on when MediaSession::m_coordinator could be set, we
make this member a const Ref<>.
Test is covered by fast/dom/Window/property-access-on-cached-window-after-frame-removed.html

* Modules/mediasession/MediaSession.cpp:
(WebCore::MediaSession::MediaSession): Create MediaSessionCoordinatorPrivate in initializer list.
(WebCore::MediaSession::suspend): Remove unnecessary null check
(WebCore::MediaSession::stop): Remove unnecessary null check
* Modules/mediasession/MediaSession.h: Make m_coordinator a const Ref<>
(WebCore::MediaSession::coordinator const):
* Modules/mediasession/MediaSessionCoordinator.cpp:
(WebCore::MediaSessionCoordinator::create): Remove MediaSessionCoordinatorPrivate argument to constructor.
(WebCore::MediaSessionCoordinator::MediaSessionCoordinator):
* Modules/mediasession/MediaSessionCoordinator.h:</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreModulesmediasessionMediaSessioncpp">trunk/Source/WebCore/Modules/mediasession/MediaSession.cpp</a></li>
<li><a href="#trunkSourceWebCoreModulesmediasessionMediaSessionh">trunk/Source/WebCore/Modules/mediasession/MediaSession.h</a></li>
<li><a href="#trunkSourceWebCoreModulesmediasessionMediaSessionCoordinatorcpp">trunk/Source/WebCore/Modules/mediasession/MediaSessionCoordinator.cpp</a></li>
<li><a href="#trunkSourceWebCoreModulesmediasessionMediaSessionCoordinatorh">trunk/Source/WebCore/Modules/mediasession/MediaSessionCoordinator.h</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (278447 => 278448)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog   2021-06-04 03:45:04 UTC (rev 278447)
+++ trunk/Source/WebCore/ChangeLog      2021-06-04 04:16:39 UTC (rev 278448)
</span><span class="lines">@@ -1,3 +1,30 @@
</span><ins>+2021-06-03  Jean-Yves Avenard  <jya@apple.com>
+
+        fast/dom/Window/property-access-on-cached-window-after-frame-removed.html (layout-test) may crash
+        https://bugs.webkit.org/show_bug.cgi?id=226612
+        rdar://78846264
+
+        Reviewed by Eric Carlson.
+
+        It is possible under some circumstances for a MediaSession to be constructed
+        when no page or frame exists (such as when we move in/out bfcache).
+        The MediaSession constructor incorrectly only created the MediaSessionCoordinatorPrivate
+        if a Page and Frame existed.
+        To avoid any ambiguities on when MediaSession::m_coordinator could be set, we
+        make this member a const Ref<>.
+        Test is covered by fast/dom/Window/property-access-on-cached-window-after-frame-removed.html
+
+        * Modules/mediasession/MediaSession.cpp:
+        (WebCore::MediaSession::MediaSession): Create MediaSessionCoordinatorPrivate in initializer list.
+        (WebCore::MediaSession::suspend): Remove unnecessary null check
+        (WebCore::MediaSession::stop): Remove unnecessary null check
+        * Modules/mediasession/MediaSession.h: Make m_coordinator a const Ref<>
+        (WebCore::MediaSession::coordinator const):
+        * Modules/mediasession/MediaSessionCoordinator.cpp:
+        (WebCore::MediaSessionCoordinator::create): Remove MediaSessionCoordinatorPrivate argument to constructor.
+        (WebCore::MediaSessionCoordinator::MediaSessionCoordinator):
+        * Modules/mediasession/MediaSessionCoordinator.h:
+
</ins><span class="cx"> 2021-06-03  Alan Bujtas  <zalan@apple.com>
</span><span class="cx"> 
</span><span class="cx">         Crack in hero text on https://www.apple.com/mac-mini/
</span></span></pre></div>
<a id="trunkSourceWebCoreModulesmediasessionMediaSessioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/mediasession/MediaSession.cpp (278447 => 278448)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/Modules/mediasession/MediaSession.cpp       2021-06-04 03:45:04 UTC (rev 278447)
+++ trunk/Source/WebCore/Modules/mediasession/MediaSession.cpp  2021-06-04 04:16:39 UTC (rev 278448)
</span><span class="lines">@@ -136,6 +136,9 @@
</span><span class="cx"> MediaSession::MediaSession(Navigator& navigator)
</span><span class="cx">     : ActiveDOMObject(navigator.scriptExecutionContext())
</span><span class="cx">     , m_navigator(makeWeakPtr(navigator))
</span><ins>+#if ENABLE(MEDIA_SESSION_COORDINATOR)
+    , m_coordinator(MediaSessionCoordinator::create(navigator.scriptExecutionContext()))
+#endif
</ins><span class="cx"> {
</span><span class="cx">     m_logger = makeRefPtr(Document::sharedLogger());
</span><span class="cx">     m_logIdentifier = nextLogIdentifier();
</span><span class="lines">@@ -142,8 +145,10 @@
</span><span class="cx"> 
</span><span class="cx"> #if ENABLE(MEDIA_SESSION_COORDINATOR)
</span><span class="cx">     auto* frame = navigator.frame();
</span><del>-    if (auto* page = frame ? frame->page() : nullptr)
-        createCoordinator(page->mediaSessionCoordinator());
</del><ins>+    auto* page = frame ? frame->page() : nullptr;
+    if (page && page->mediaSessionCoordinator())
+        m_coordinator->setMediaSessionCoordinatorPrivate(*page->mediaSessionCoordinator());
+    m_coordinator->setMediaSession(this);
</ins><span class="cx"> #endif
</span><span class="cx"> 
</span><span class="cx">     ALWAYS_LOG(LOGIDENTIFIER);
</span><span class="lines">@@ -154,7 +159,7 @@
</span><span class="cx"> void MediaSession::suspend(ReasonForSuspension reason)
</span><span class="cx"> {
</span><span class="cx"> #if ENABLE(MEDIA_SESSION_COORDINATOR)
</span><del>-    if (m_coordinator && reason == ReasonForSuspension::BackForwardCache)
</del><ins>+    if (reason == ReasonForSuspension::BackForwardCache)
</ins><span class="cx">         m_coordinator->leave();
</span><span class="cx"> #else
</span><span class="cx">     UNUSED_PARAM(reason);
</span><span class="lines">@@ -164,8 +169,7 @@
</span><span class="cx"> void MediaSession::stop()
</span><span class="cx"> {
</span><span class="cx"> #if ENABLE(MEDIA_SESSION_COORDINATOR)
</span><del>-    if (m_coordinator)
-        m_coordinator->close();
</del><ins>+    m_coordinator->close();
</ins><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -191,17 +195,6 @@
</span><span class="cx">     m_readyState = state;
</span><span class="cx">     notifyReadyStateObservers();
</span><span class="cx"> }
</span><del>-
-void MediaSession::createCoordinator(MediaSessionCoordinatorPrivate* coordinatorPrivate)
-{
-    ALWAYS_LOG(LOGIDENTIFIER);
-
-    if (m_coordinator)
-        m_coordinator->setMediaSession(nullptr);
-
-    m_coordinator = MediaSessionCoordinator::create(scriptExecutionContext(), coordinatorPrivate);
-    m_coordinator->setMediaSession(this);
-}
</del><span class="cx"> #endif
</span><span class="cx"> 
</span><span class="cx"> #if ENABLE(MEDIA_SESSION_PLAYLIST)
</span></span></pre></div>
<a id="trunkSourceWebCoreModulesmediasessionMediaSessionh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/mediasession/MediaSession.h (278447 => 278448)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/Modules/mediasession/MediaSession.h 2021-06-04 03:45:04 UTC (rev 278447)
+++ trunk/Source/WebCore/Modules/mediasession/MediaSession.h    2021-06-04 04:16:39 UTC (rev 278448)
</span><span class="lines">@@ -78,7 +78,7 @@
</span><span class="cx">     MediaSessionReadyState readyState() const { return m_readyState; };
</span><span class="cx">     void setReadyState(MediaSessionReadyState);
</span><span class="cx"> 
</span><del>-    MediaSessionCoordinator& coordinator() const { return *m_coordinator; }
</del><ins>+    MediaSessionCoordinator& coordinator() const { return m_coordinator.get(); }
</ins><span class="cx"> #endif
</span><span class="cx"> 
</span><span class="cx"> #if ENABLE(MEDIA_SESSION_PLAYLIST)
</span><span class="lines">@@ -123,10 +123,6 @@
</span><span class="cx">     void notifyActionHandlerObservers();
</span><span class="cx">     void notifyReadyStateObservers();
</span><span class="cx"> 
</span><del>-#if ENABLE(MEDIA_SESSION_COORDINATOR)
-    void createCoordinator(MediaSessionCoordinatorPrivate*);
-#endif
-
</del><span class="cx">     // ActiveDOMObject
</span><span class="cx">     const char* activeDOMObjectName() const final { return "MediaSession"; }
</span><span class="cx">     void suspend(ReasonForSuspension) final;
</span><span class="lines">@@ -148,7 +144,7 @@
</span><span class="cx"> 
</span><span class="cx"> #if ENABLE(MEDIA_SESSION_COORDINATOR)
</span><span class="cx">     MediaSessionReadyState m_readyState { MediaSessionReadyState::Havenothing };
</span><del>-    RefPtr<MediaSessionCoordinator> m_coordinator;
</del><ins>+    const Ref<MediaSessionCoordinator> m_coordinator;
</ins><span class="cx"> #endif
</span><span class="cx"> 
</span><span class="cx"> #if ENABLE(MEDIA_SESSION_PLAYLIST)
</span></span></pre></div>
<a id="trunkSourceWebCoreModulesmediasessionMediaSessionCoordinatorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/mediasession/MediaSessionCoordinator.cpp (278447 => 278448)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/Modules/mediasession/MediaSessionCoordinator.cpp    2021-06-04 03:45:04 UTC (rev 278447)
+++ trunk/Source/WebCore/Modules/mediasession/MediaSessionCoordinator.cpp       2021-06-04 04:16:39 UTC (rev 278448)
</span><span class="lines">@@ -48,14 +48,14 @@
</span><span class="cx">     return reinterpret_cast<const void*>(++logIdentifier);
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-Ref<MediaSessionCoordinator> MediaSessionCoordinator::create(ScriptExecutionContext* context, RefPtr<MediaSessionCoordinatorPrivate>&& privateCoordinator)
</del><ins>+Ref<MediaSessionCoordinator> MediaSessionCoordinator::create(ScriptExecutionContext* context)
</ins><span class="cx"> {
</span><del>-    auto coordinator = adoptRef(*new MediaSessionCoordinator(context, WTFMove(privateCoordinator)));
</del><ins>+    auto coordinator = adoptRef(*new MediaSessionCoordinator(context));
</ins><span class="cx">     coordinator->suspendIfNeeded();
</span><span class="cx">     return coordinator;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-MediaSessionCoordinator::MediaSessionCoordinator(ScriptExecutionContext* context, RefPtr<MediaSessionCoordinatorPrivate>&& privateCoordinator)
</del><ins>+MediaSessionCoordinator::MediaSessionCoordinator(ScriptExecutionContext* context)
</ins><span class="cx">     : ActiveDOMObject(context)
</span><span class="cx">     , m_logger(makeRef(Document::sharedLogger()))
</span><span class="cx">     , m_logIdentifier(nextCoordinatorLogIdentifier())
</span><span class="lines">@@ -62,9 +62,6 @@
</span><span class="cx">     , m_asyncEventQueue(MainThreadGenericEventQueue::create(*this))
</span><span class="cx"> {
</span><span class="cx">     ALWAYS_LOG(LOGIDENTIFIER);
</span><del>-
-    if (privateCoordinator)
-        setMediaSessionCoordinatorPrivate(*privateCoordinator);
</del><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void MediaSessionCoordinator::setMediaSessionCoordinatorPrivate(Ref<MediaSessionCoordinatorPrivate>&& privateCoordinator)
</span></span></pre></div>
<a id="trunkSourceWebCoreModulesmediasessionMediaSessionCoordinatorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/mediasession/MediaSessionCoordinator.h (278447 => 278448)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/Modules/mediasession/MediaSessionCoordinator.h      2021-06-04 03:45:04 UTC (rev 278447)
+++ trunk/Source/WebCore/Modules/mediasession/MediaSessionCoordinator.h 2021-06-04 04:16:39 UTC (rev 278448)
</span><span class="lines">@@ -48,7 +48,7 @@
</span><span class="cx">     , public EventTargetWithInlineData  {
</span><span class="cx">     WTF_MAKE_FAST_ALLOCATED;
</span><span class="cx"> public:
</span><del>-    WEBCORE_EXPORT static Ref<MediaSessionCoordinator> create(ScriptExecutionContext*, RefPtr<MediaSessionCoordinatorPrivate>&&);
</del><ins>+    WEBCORE_EXPORT static Ref<MediaSessionCoordinator> create(ScriptExecutionContext*);
</ins><span class="cx">     WEBCORE_EXPORT ~MediaSessionCoordinator();
</span><span class="cx">     WEBCORE_EXPORT void setMediaSessionCoordinatorPrivate(Ref<MediaSessionCoordinatorPrivate>&&);
</span><span class="cx"> 
</span><span class="lines">@@ -72,7 +72,7 @@
</span><span class="cx">     using RefCounted::deref;
</span><span class="cx"> 
</span><span class="cx"> private:
</span><del>-    MediaSessionCoordinator(ScriptExecutionContext*, RefPtr<MediaSessionCoordinatorPrivate>&&);
</del><ins>+    MediaSessionCoordinator(ScriptExecutionContext*);
</ins><span class="cx"> 
</span><span class="cx">     // EventTarget
</span><span class="cx">     void refEventTarget() final { ref(); }
</span></span></pre>
</div>
</div>

</body>
</html>