[Webkit-unassigned] [Bug 150193] New: Null dereference loading Blink layout test fast/mediastream/MediaStream-add-remove-tracks.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 15 15:23:39 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=150193

            Bug ID: 150193
           Summary: Null dereference loading Blink layout test
                    fast/mediastream/MediaStream-add-remove-tracks.html
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: HasReduction, NeedsRadar
          Severity: Normal
          Priority: P2
         Component: Media Elements
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jhoneycutt at apple.com
                CC: jer.noble at apple.com,
                    webkit-bug-importer at group.apple.com

Created attachment 263200
  --> https://bugs.webkit.org/attachment.cgi?id=263200&action=review
crashing test

Null dereference loading Blink layout test fast/mediastream/MediaStream-add-remove-tracks.html

Stack trace:

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGABRT)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000078

VM Regions Near 0x78:
--> 
    __TEXT                 000000010fcd2000-000000010fd6c000 [  616K] r-x/rwx SM=COW  /Users/USER/*

Application Specific Information:
CRASHING TEST: blink-tests-that-are-different/fast/mediastream/MediaStream-add-remove-tracks.html
================================================================
==25591==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000078 (pc 0x000116d8af5d bp 0x7fff4ff29fe0 sp 0x7fff4ff29fe0 T0)
    #0 0x116d8af5c in WTF::Ref<WebCore::MediaStreamTrackPrivate>::operator->() const Ref.h:114
    #1 0x116d9e4dc in WebCore::MediaStreamTrack::id() const MediaStreamTrack.cpp:82
    #2 0x116d879ea in WebCore::MediaStream::internalRemoveTrack(WTF::RefPtr<WebCore::MediaStreamTrack>&&, WebCore::MediaStream::StreamModifier) MediaStream.cpp:229
    #3 0x116d877b7 in WebCore::MediaStream::removeTrack(WebCore::MediaStreamTrack*) MediaStream.cpp:144
    #4 0x11680357d in WebCore::jsMediaStreamPrototypeFunctionRemoveTrack(JSC::ExecState*) JSMediaStream.cpp:512
    #5 0x58ef70801027  (<unknown module>)
    #6 0x110b0664f in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab464f)
    #7 0x110b0664f in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab464f)
    #8 0x110b00a0a in vmEntryToJavaScript (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xaaea0a)
    #9 0x11086207d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) JITCode.cpp:80
    #10 0x11081f714 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) Interpreter.cpp:1024
    #11 0x1101309d1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) CallData.cpp:39
    #12 0x110130ac1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) CallData.cpp:44
    #13 0x1164429c7 in WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) JSMainThreadExecState.h:56
    #14 0x116442308 in WebCore::JSCallbackData::invokeCallback(JSC::JSObject*, JSC::MarkedArgumentBuffer&, WebCore::JSCallbackData::CallbackType, JSC::PropertyName, WTF::NakedPtr<JSC::Exception>&) JSCallbackData.cpp:85
    #15 0x11684b4d7 in WebCore::JSNavigatorUserMediaSuccessCallback::handleEvent(WebCore::MediaStream*) JSNavigatorUserMediaSuccessCallback.cpp:75
    #16 0x115ab0202 in WebCore::Document::postTask(WebCore::ScriptExecutionContext::Task)::$_0::operator()() const Document.cpp:5243
    #17 0x110ebda9c in WTF::dispatchFunctionsFromMainThread() MainThread.cpp:134
    #18 0x110ebe5fe in WTF::timerFired(__CFRunLoopTimer*, void*) MainThreadMac.mm:112
    #19 0x7fff96fa2c83 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x92c83)
    #20 0x7fff96fa2912 in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x92912)
    #21 0x7fff96fa2469 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x92469)
    #22 0x7fff96f99960 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89960)
    #23 0x7fff96f98fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7)
    #24 0x10fcf498d in runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) DumpRenderTree.mm:2030
    #25 0x10fcf3f39 in runTestingServerLoop() DumpRenderTree.mm:1180
    #26 0x10fcf3267 in dumpRenderTree(int, char const**) DumpRenderTree.mm:1288
    #27 0x10fcf52b1 in DumpRenderTreeMain(int, char const**) DumpRenderTree.mm:1418
    #28 0x7fff931e95ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
    #29 0x1  (<unknown module>)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV Ref.h:114 WTF::Ref<WebCore::MediaStreamTrackPrivate>::operator->() const

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151015/e8c57e28/attachment.html>

More information about the webkit-unassigned mailing list