[Webkit-unassigned] [Bug 181597] ASSERTION FAILED: m_scriptExecutionContext under WebCore::AudioContext::isPlayingAudioDidChange()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jan 12 10:50:40 PST 2018


https://bugs.webkit.org/show_bug.cgi?id=181597

--- Comment #3 from Chris Dumez <cdumez at apple.com> ---
void AudioContext::isPlayingAudioDidChange()
{
    // Make sure to call Document::updateIsPlayingMedia() on the main thread, since
    // we could be on the audio I/O thread here and the call into WebCore could block.
    callOnMainThread([protectedThis = makeRef(*this)] {
        if (protectedThis->document())
            protectedThis->document()->updateIsPlayingMedia();
    });
}

Document* AudioContext::document() const
{
    ASSERT(m_scriptExecutionContext);
    return downcast<Document>(m_scriptExecutionContext);
}

The code tries to null-check document() but document() asserts that it cannot return null. Even if the AudioContext had a scriptExecutionContext/Document when isPlayingAudioDidChange() was called (which I did not verify), there is definitely NO guarantee it still has one once the lambda passed to callOnMainThread() is called. Therefore, this code is clearly wrong.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180112/a1c514b4/attachment.html>


More information about the webkit-unassigned mailing list