Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: f2a3aa2211b24b76ef86c189d19828d07576e1f6
https://github.com/WebKit/WebKit/commit/f2a3aa2211b24b76ef86c189d19828d07576e1f6
Author: David Kilzer <[email protected]>
Date: 2026-04-28 (Tue, 28 Apr 2026)
Changed paths:
M
Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm
Log Message:
-----------
Remove all KVO observers before calling [m_objcObserver disconnect] in
WebCore::MediaPlayerPrivateAVFoundationObjC::cancelLoad()
<https://bugs.webkit.org/show_bug.cgi?id=307543>
<rdar://161488988>
Reviewed by Per Arne Vollan.
MTE detects a crash when Foundation's KVO infrastructure encounters stale
weak references in its internal hash tables while processing
`-removeObserver:forKeyPath:` calls. The current cleanup order calls
`[m_objcObserver disconnect]` before removing KVO observers from
`m_avPlayerItem`, `m_avPlayer`, and `m_cachedTracks`.
The fix consolidates all KVO observer removal to happen before calling
`[m_objcObserver disconnect]`. This follows the standard practice
where KVO observers are removed before invalidating the observer object.
Covered by existing tests.
*
Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::cancelLoad):
Originally-landed-as: 305413.290@safari-7624-branch (1c952d61fc64).
rdar://173969070
Canonical link: https://commits.webkit.org/312223@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
