<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - HTMLMediaElement::resume() may cause JavaScriptExecution"
href="https://bugs.webkit.org/show_bug.cgi?id=159327">159327</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>HTMLMediaElement::resume() may cause JavaScriptExecution
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>Media Elements
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>cdumez@apple.com
</td>
</tr></table>
<p>
<div>
<pre>HTMLMediaElement::resume() may cause JavaScriptExecution, which is not allowed and will cause crashes such as this one:
Thread 0 Crashed ↩:
0 WebCore 0x0000000195435fd8 WebCore::ScriptExecutionContext::didCreateActiveDOMObject(WebCore::ActiveDOMObject&) + 52 (ScriptExecutionContext.cpp:332)
1 WebCore 0x00000001955238ec WebCore::SuspendableTimer::SuspendableTimer(WebCore::ScriptExecutionContext&) + 36 (SuspendableTimer.cpp:35)
2 WebCore 0x0000000194b986b4 WebCore::DOMTimer::DOMTimer(WebCore::ScriptExecutionContext&, std::__1::unique_ptr<WebCore::ScheduledAction, std::__1::default_delete<WebCore::ScheduledAction> >, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> >, bool) + 64 (DOMTimer.cpp:172)
3 WebCore 0x0000000194b989b4 WebCore::DOMTimer::install(WebCore::ScriptExecutionContext&, std::__1::unique_ptr<WebCore::ScheduledAction, std::__1::default_delete<WebCore::ScheduledAction> >, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> >, bool) + 84 (DOMTimer.cpp:179)
4 WebCore 0x0000000194ba3c94 WebCore::DOMWindow::setTimeout(std::__1::unique_ptr<WebCore::ScheduledAction, std::__1::default_delete<WebCore::ScheduledAction> >, int, int&) + 52 (DOMWindow.cpp:1599)
5 WebCore 0x0000000194f46cec WebCore::JSDOMWindow::setTimeout(JSC::ExecState&) + 320 (JSDOMWindowCustom.cpp:576)
6 WebCore 0x0000000194f3f46c WebCore::jsDOMWindowInstanceFunctionSetTimeout(JSC::ExecState*) + 188 (JSDOMWindow.cpp:26371)
7 ??? 0x000000012dd2c030 0 + 5063753776
8 JavaScriptCore 0x000000019433358c llint_entry + 24748
9 JavaScriptCore 0x000000019433358c llint_entry + 24748
10 JavaScriptCore 0x000000019432d318 vmEntryToJavaScript + 264
11 JavaScriptCore 0x00000001941f7a50 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 168 (JITCode.cpp:80)
12 JavaScriptCore 0x0000000193c49f70 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 368 (Interpreter.cpp:1015)
13 JavaScriptCore 0x00000001941614b8 JSC::callSetter(JSC::ExecState*, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::ECMAMode) + 320 (GetterSetter.cpp:105)
14 JavaScriptCore 0x00000001942870d4 JSC::JSObject::putInlineSlow(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 2608 (JSObject.cpp:552)
15 JavaScriptCore 0x0000000193c44bbc JSC::JSObject::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 552 (JSObjectInlines.h:81)
16 WebCore 0x0000000194d39714 WebCore::HTMLMediaElement::setControllerJSProperty(char const*, JSC::JSValue) + 468 (HTMLMediaElement.cpp:6524)
17 WebCore 0x0000000194b237d0 WebCore::Document::pageScaleFactorChangedAndStable() + 96 (Document.cpp:4878)
18 WebCore 0x00000001952829c4 WebCore::Page::setPageScaleFactor(float, WebCore::IntPoint const&, bool) + 212 (Page.cpp:820)
19 WebKit 0x00000001992e7064 WebKit::WebPage::scalePage(double, WebCore::IntPoint const&) + 340 (WebPage.cpp:1548)
20 WebKit 0x00000001992f554c WebKit::WebPage::restorePageState(WebCore::HistoryItem const&) + 668 (WebPageIOS.mm:298)
21 WebCore 0x00000001947ecc1c WebCore::FrameLoader::didFirstLayout() + 76 (FrameLoader.cpp:2399)
22 WebCore 0x0000000194ca06b0 WebCore::FrameView::fireLayoutRelatedMilestonesIfNeeded() + 64 (FrameView.cpp:4800)
23 WebCore 0x00000001947ec494 WebCore::FrameView::performPostLayoutTasks() + 224 (FrameView.cpp:3175)
24 WebCore 0x00000001947e8680 WebCore::FrameView::layout(bool) + 3536 (FrameView.cpp:1493)
25 WebCore 0x000000019483fe60 WebCore::Document::updateLayout() + 260 (Document.cpp:1985)
26 WebCore 0x0000000194b1b0b0 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) + 240 (Document.cpp:2017)
27 WebKit 0x000000019939fc38 WebKit::inlineVideoFrame(WebCore::HTMLVideoElement&) + 56 (WebVideoFullscreenManager.mm:58)
28 WebKit 0x000000019939f8b4 WebKit::WebVideoFullscreenManager::enterVideoFullscreenForVideoElement(WebCore::HTMLVideoElement&, unsigned int) + 216 (WebVideoFullscreenManager.mm:280)
29 WebCore 0x0000000194d37624 WebCore::HTMLMediaElement::enterFullscreen(unsigned int) + 176 (HTMLMediaElement.cpp:5394)
30 WebCore 0x0000000194d308fc WebCore::HTMLMediaElement::updatePlayState() + 396 (HTMLMediaElement.cpp:4862)
31 WebCore 0x0000000194d36f84 WebCore::HTMLMediaElement::resume() + 92 (HTMLMediaElement.cpp:4932)
32 WebCore 0x00000001948f1e6c WebCore::ScriptExecutionContext::resumeActiveDOMObjects(WebCore::ActiveDOMObject::ReasonForSuspension) + 136 (ScriptExecutionContext.cpp:271)
33 WebCore 0x0000000194b23244 WebCore::Document::resume(WebCore::ActiveDOMObject::ReasonForSuspension) + 216 (Document.cpp:2467)
34 WebCore 0x00000001948f1a98 WebCore::CachedFrameBase::restore() + 112 (CachedFrame.cpp:95)
35 WebCore 0x00000001948f1948 WebCore::FrameLoader::open(WebCore::CachedFrameBase&) + 744 (FrameLoader.cpp:2123)
36 WebCore 0x00000001949c76f0 WebCore::CachedPage::restore(WebCore::Page&) + 32 (CachedPage.cpp:77)
37 WebCore 0x00000001947d8a14 WebCore::FrameLoader::commitProvisionalLoad() + 756 (FrameLoader.cpp:1831)</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>