[CherryPick] Crash in WebCore::HTMLMediaElement::~HTMLMediaElement.
[Title][CherryPick] Crash in WebCore::HTMLMediaElement::~HTMLMediaElement.
[Problem] Crash reproducible from time to time with HTMLMediaElement
[Cause] Did not clear MediaPlayer cleanly.
[Solution] Clear MediaPlay manually before the destructor exits.
[Cherry-Picker] Soo-Hyun Choi <sh9.choi@samsung.com>
https://bugs.webkit.org/show_bug.cgi?id=113531
Reviewed by Eric Carlson.
No new tests, though this is intermittently reproducible with
http/tests/misc/delete-frame-during-readystatechange.html under ASAN.
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::~HTMLMediaElement): Clear the media player manually
before the destructor exits. Clearing the media player may cancel a resource load,
which can trigger a readystatechange event. It's possible for the HTMLMediaElement
to attempt to fire an abort event within the readystatechange event, even though it is
now in an inconsistent state. Clearling the media player before finishing the destructor
ensures that the HTMLMediaElement will at least still be alive if this case is triggered.
Set m_completelyLoaded to true to ensure that if userCancelledLoad() is called, it doesn't
attempt to fire events while destructing.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148636
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
Conflicts:
Source/WebCore/ChangeLog
Source/WebCore/html/HTMLMediaElement.cpp
Change-Id: Ia61805750d80ac1c3ac6ef914e15981382e6e026
projects / platform / framework / web / webkit-efl.git / commit