[Webkit-unassigned] [Bug 137065] New: [GStreamer] Video resolution changes trigger a crash in the TextureMapper

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Sep 24 04:30:18 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=137065

           Summary: [GStreamer] Video resolution changes trigger a crash
                    in the TextureMapper
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: pnormand at igalia.com


When the video sink updates its caps the player is notified and clears its internal video size cache but this is not protected by a mutex so it's possible that the player tries to use caps that don't correspond to the buffer being rendered, triggering this crash:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:36
36    ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S: No such file or directory.
(gdb) bt
#0  __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:36
#1  0x00007fe5bd010b5e in ?? () from /usr/lib/x86_64-linux-gnu/dri/vmwgfx_dri.so
#2  0x00007fe5bd015f20 in ?? () from /usr/lib/x86_64-linux-gnu/dri/vmwgfx_dri.so
#3  0x00007fe5bd0160d2 in ?? () from /usr/lib/x86_64-linux-gnu/dri/vmwgfx_dri.so
#4  0x00007fe5bd06a902 in ?? () from /usr/lib/x86_64-linux-gnu/dri/vmwgfx_dri.so
#5  0x00007fe5bd000e27 in ?? () from /usr/lib/x86_64-linux-gnu/dri/vmwgfx_dri.so
#6  0x00007fe5bd004b5f in ?? () from /usr/lib/x86_64-linux-gnu/dri/vmwgfx_dri.so
#7  0x00007fe623104f1a in WebCore::BitmapTextureGL::updateContentsNoSwizzle(void const*, WebCore::IntRect const&, WebCore::IntPoint const&, int, unsigned int, unsigned int) ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007fe62310569a in WebCore::BitmapTextureGL::updateContents(void const*, WebCore::IntRect const&, WebCore::IntPoint const&, int, WebCore::BitmapTexture::UpdateContentsFlag) ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007fe6230b891c in WebCore::MediaPlayerPrivateGStreamerBase::updateTexture(WebCore::TextureMapper*) () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007fe6230b8a2f in WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper(WebCore::TextureMapper*, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float) ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007fe622bbe3f3 in WebCore::TextureMapperLayer::paintSelf(WebCore::TextureMapperPaintOptions const&) () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007fe622bc1dc2 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#13 0x00007fe622bc1f7d in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#14 0x00007fe622bc1aa5 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#15 0x00007fe622bc1d45 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) [clone .part.108] ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#16 0x00007fe622bc1f7d in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#17 0x00007fe622bc1aa5 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#18 0x00007fe622bc1d45 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) [clone .part.108] ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#19 0x00007fe622bc1f7d in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#20 0x00007fe622bc1aa5 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#21 0x00007fe622bc1d45 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) [clone .part.108] ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#22 0x00007fe622bc1f7d in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#23 0x00007fe622bc1aa5 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#24 0x00007fe622bc1d45 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) [clone .part.108] ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#25 0x00007fe622bc1f7d in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#26 0x00007fe622bc1aa5 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#27 0x00007fe622bc1d45 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) [clone .part.108] ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#28 0x00007fe622bc1f7d in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#29 0x00007fe622bc1aa5 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#30 0x00007fe622bc1d45 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) [clone .part.108] ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#31 0x00007fe622bc1f7d in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#32 0x00007fe622bc1aa5 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#33 0x00007fe622bc1d45 in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) [clone .part.108] ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#34 0x00007fe622bc1f7d in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) ()
   from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#35 0x00007fe622bc1aa5 in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#36 0x00007fe622bc1bc1 in WebCore::TextureMapperLayer::paint() () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#37 0x00007fe6223171a7 in WebKit::LayerTreeHostGtk::compositeLayersToContext(WebKit::LayerTreeHostGtk::CompositePurpose) () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#38 0x00007fe622317710 in WebKit::LayerTreeHostGtk::flushAndRenderLayers() () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#39 0x00007fe6223177bb in WebKit::LayerTreeHostGtk::layerFlushTimerFired() () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#40 0x00007fe62048174c in WTF::GMainLoopSource::voidCallback() () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
---Type <return> to continue, or q <return> to quit---
#41 0x00007fe620481929 in WTF::GMainLoopSource::voidSourceCallback(WTF::GMainLoopSource*) () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#42 0x00007fe61db9c0fe in g_main_dispatch (context=0x13fdb10) at gmain.c:3065
#43 g_main_context_dispatch (context=context at entry=0x13fdb10) at gmain.c:3641
#44 0x00007fe61db9c4a8 in g_main_context_iterate (context=0x13fdb10, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3712
#45 0x00007fe61db9c912 in g_main_loop_run (loop=0x19c76b0) at gmain.c:3906
#46 0x00007fe62231b911 in WebProcessMainUnix () from /home/phil/dev/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#47 0x00007fe6207bfb45 in __libc_start_main (main=0x4006f0 <main>, argc=2, argv=0x7fffe3e8fd28, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffe3e8fd18)
    at libc-start.c:287
#48 0x0000000000400723 in _start ()

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list