[Webkit-unassigned] [Bug 109211] New: [V8] Binding Integrity crash in V8MediaStream::createWrapper

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 7 10:53:13 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=109211

           Summary: [V8] Binding Integrity crash in
                    V8MediaStream::createWrapper
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: ASSIGNED
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: tsepez at chromium.org
                CC: abarth at webkit.org, jschuh at chromium.org,
                    cevans at google.com


LocalMediaStream wrapped as a MediaStream despite having IDL that knows better.

0x01fca175     [Google Chrome Framework]     + 0x01fa9175]    WebCore::V8MediaStream::createWrapper(WTF::PassRefPtr<WebCore::MediaStream>, v8::Handle<v8::Object>, v8::Isolate*)
0x01eab664     [Google Chrome Framework]     + 0x01e8a664]    WebCore::MediaStreamAudioDestinationNodeV8Internal::streamAttrGetter(v8::Local<v8::String>, v8::AccessorInfo const&)
0x0142e86f     [Google Chrome Framework]     + 0x0140d86f]    v8::internal::JSObject::GetPropertyWithCallback(v8::internal::Object*, v8::internal::Object*, v8::internal::String*)
0x0142e62c     [Google Chrome Framework]     + 0x0140d62c]    v8::internal::Object::GetProperty(v8::internal::Object*, v8::internal::LookupResult*, v8::internal::String*, PropertyAttributes*)
0x013dcc8c     [Google Chrome Framework]     + 0x013bbc8c]    v8::internal::LoadIC::Load(v8::internal::InlineCacheState, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::String>)
0x013e06e5     [Google Chrome Framework]     + 0x013bf6e5]    v8::internal::LoadIC_Miss(v8::internal::Arguments, v8::internal::Isolate*)

Suppress check for now, but there's an underlying bug that the stop() method in LocalMediaStream.idl won't be available on a local media stream wrapped in this manner. Need a custom wrapper to check if islocal and wrap accordingly.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list