[Webkit-unassigned] [Bug 154454] New: Crash in -[WebAVPlayerController isPictureInPicturePossible]

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Feb 19 08:47:30 PST 2016 

https://bugs.webkit.org/show_bug.cgi?id=154454

            Bug ID: 154454
           Summary: Crash in -[WebAVPlayerController
                    isPictureInPicturePossible]
    Classification: Unclassified
           Product: WebKit
           Version: Other
          Hardware: iOS
                OS: iOS 9.2
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: lpromero at chromium.org

I get this crash:

Thread 23 CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000080 ] MAGIC SIGNATURE THREAD
0x0000000198148c04    (WebCore + 0x00e3cc04 )    -[WebAVPlayerController isPictureInPicturePossible]
0x0000000198148c00    (WebCore + 0x00e3cc00 )    -[WebAVPlayerController isPictureInPicturePossible]
0x0000000183cf3154    (AVKit + 0x00027154 )    -[AVPictureInPictureController isPictureInPicturePossible]
0x0000000183cf39a0    (AVKit + 0x000279a0 )    -[AVPictureInPictureController _updatePictureInPictureShouldStartWhenEnteringBackground]
0x0000000183cf3958    (AVKit + 0x00027958 )    -[AVPictureInPictureController _checkIsFullScreenAndUpdatePictureInPictureShouldStartWhenEnteringBackground]
0x0000000183cf3ff8    (AVKit + 0x00027ff8 )    __79-[AVPictureInPictureController observeValueForKeyPath:ofObject:change:context:]_block_invoke
0x000000019a9a96a4    (libdispatch.dylib + 0x000016a4 )    _dispatch_client_callout
0x000000019a9c02b8    (libdispatch.dylib + 0x000182b8 )    _dispatch_source_latch_and_call
0x000000019a9abb98    (libdispatch.dylib + 0x00003b98 )    _dispatch_source_invoke
0x000000019a9b75b8    (libdispatch.dylib + 0x0000f5b8 )    _dispatch_root_queue_drain
0x000000019a9b72d8    (libdispatch.dylib + 0x0000f2d8 )    _dispatch_worker_thread3
0x000000019abc946c    (libsystem_pthread.dylib + 0x0000146c )    _pthread_wqthread
0x000000019abc901c    (libsystem_pthread.dylib + 0x0000101c )    start_wqthread


Looking at the source:
https://github.com/WebKit/webkit/blob/master/Source/WebCore/platform/ios/WebVideoFullscreenInterfaceAVKit.mm#L617
it seems that self.fullscreenInterface is nil and calling the function on it is what crashes.

Seems that this class already had similar issues with its delegate, see https://bugs.webkit.org/show_bug.cgi?id=140893.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160219/2ebf5afa/attachment.html>

More information about the webkit-unassigned mailing list