[Webkit-unassigned] [Bug 157979] New: Crash in WebKit::WebPage::didEndRequestInstallMissingMediaPlugins on vox.com

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun May 22 12:24:53 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=157979

            Bug ID: 157979
           Summary: Crash in
                    WebKit::WebPage::didEndRequestInstallMissingMediaPlugi
                    ns on vox.com
    Classification: Unclassified
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media Elements
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com

Visit http://www.vox.com/2016/4/26/11510874/oklahoma-abortion-outlaw-felony-doctors with WebKitGTK+ 2.12.2 and wait a couple seconds; it crashes 100% of the time. (You might need to uninstall extra gstreamer codecs to reproduce). It's a regression from 2.10.

Thread 1 (Thread 0x7fc63d965ac0 (LWP 3611)):
#0  0x00007fc63c7fb914 in std::_Function_handler<void(unsigned int), WebCore::MediaPlayerPrivateGStreamer::handleMessage(GstMessage*)::<lambda(uint32_t)> >::_M_invoke(const std::_Any_data &, <unknown type in /var/cache/abrt-di/usr/lib/debug/usr/lib64/libwebkit2gtk-4.0.so.37.13.8.debug, CU 0x444c7356, DIE 0x445347b6>) (this=0x32660000000e3c2f) at /usr/src/debug/webkitgtk-2.12.2/Source/WTF/wtf/RefCounted.h:100
#1  0x00007fc63c7fb914 in std::_Function_handler<void(unsigned int), WebCore::MediaPlayerPrivateGStreamer::handleMessage(GstMessage*)::<lambda(uint32_t)> >::_M_invoke(const std::_Any_data &, <unknown type in /var/cache/abrt-di/usr/lib/debug/usr/lib64/libwebkit2gtk-4.0.so.37.13.8.debug, CU 0x444c7356, DIE 0x445347b6>) (this=0x32660000000e3c2f) at /usr/src/debug/webkitgtk-2.12.2/Source/WTF/wtf/RefCounted.h:145
        this = 0x7fc585a1b240
#2  0x00007fc63c7fb914 in std::_Function_handler<void(unsigned int), WebCore::MediaPlayerPrivateGStreamer::handleMessage(GstMessage*)::<lambda(uint32_t)> >::_M_invoke(const std::_Any_data &, <unknown type in /var/cache/abrt-di/usr/lib/debug/usr/lib64/libwebkit2gtk-4.0.so.37.13.8.debug, CU 0x444c7356, DIE 0x445347b6>) (ptr=<optimized out>) at /usr/src/debug/webkitgtk-2.12.2/Source/WTF/wtf/PassRefPtr.h:42
        this = 0x7fc585a1b240
#3  0x00007fc63c7fb914 in std::_Function_handler<void(unsigned int), WebCore::MediaPlayerPrivateGStreamer::handleMessage(GstMessage*)::<lambda(uint32_t)> >::_M_invoke(const std::_Any_data &, <unknown type in /var/cache/abrt-di/usr/lib/debug/usr/lib64/libwebkit2gtk-4.0.so.37.13.8.debug, CU 0x444c7356, DIE 0x445347b6>) (this=0x7fc585a1b420) at /usr/src/debug/webkitgtk-2.12.2/Source/WTF/wtf/RefPtr.h:141
        this = 0x7fc585a1b240
#4  0x00007fc63c7fb914 in std::_Function_handler<void(unsigned int), WebCore::MediaPlayerPrivateGStreamer::handleMessage(GstMessage*)::<lambda(uint32_t)> >::_M_invoke(const std::_Any_data &, <unknown type in /var/cache/abrt-di/usr/lib/debug/usr/lib64/libwebkit2gtk-4.0.so.37.13.8.debug, CU 0x444c7356, DIE 0x445347b6>) (result=4, __closure=0x7fc57cdc7918) at /usr/src/debug/webkitgtk-2.12.2/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:997
        this = 0x7fc585a1b240
#5  0x00007fc63c7fb914 in std::_Function_handler<void(unsigned int), WebCore::MediaPlayerPrivateGStreamer::handleMessage(GstMessage*)::<lambda(uint32_t)> >::_M_invoke(const std::_Any_data &, <unknown type in /var/cache/abrt-di/usr/lib/debug/usr/lib64/libwebkit2gtk-4.0.so.37.13.8.debug, CU 0x444c7356, DIE 0x445347b6>) (__functor=..., __args#0=<unknown type in /var/cache/abrt-di/usr/lib/debug/usr/lib64/libwebkit2gtk-4.0.so.37.13.8.debug, CU 0x444c7356, DIE 0x445347b6>) at /usr/include/c++/6.0.0/functional:1740
#6  0x00007fc63bab071c in WebKit::WebPage::didEndRequestInstallMissingMediaPlugins(unsigned int) (__args#0=<optimized out>, this=0x7fc57cdc7918) at /usr/include/c++/6.0.0/functional:2136
#7  0x00007fc63bab071c in WebKit::WebPage::didEndRequestInstallMissingMediaPlugins(unsigned int) (result=<optimized out>, this=0x7fc57cdc7910) at /usr/src/debug/webkitgtk-2.12.2/Source/WebCore/platform/graphics/gstreamer/MediaPlayerRequestInstallMissingPluginsCallback.h:45
#8  0x00007fc63bab071c in WebKit::WebPage::didEndRequestInstallMissingMediaPlugins(unsigned int) (this=0x7fc627fcb000, result=<optimized out>) at /usr/src/debug/webkitgtk-2.12.2/Source/WebKit2/WebProcess/WebPage/gstreamer/WebPageGStreamer.cpp:53
#9  0x00007fc63baecafe in IPC::handleMessage<Messages::WebPage::DidEndRequestInstallMissingMediaPlugins, WebKit::WebPage, void (WebKit::WebPage::*)(unsigned int)>(IPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned int)) (args=<optimized out>, function=<optimized out>, object=0x7fc627fcb000) at /usr/src/debug/webkitgtk-2.12.2/Source/WebKit2/Platform/IPC/HandleMessage.h:16
        arguments = std::tuple containing = {[1] = 4}
#10 0x00007fc63baecafe in IPC::handleMessage<Messages::WebPage::DidEndRequestInstallMissingMediaPlugins, WebKit::WebPage, void (WebKit::WebPage::*)(unsigned int)>(IPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned int)) (function=<optimized out>, object=0x7fc627fcb000, args=<unknown type in /var/cache/abrt-di/usr/lib/debug/usr/lib64/libwebkit2gtk-4.0.so.37.13.8.debug, CU 0xe3fc0e6, DIE 0xe476999>) at /usr/src/debug/webkitgtk-2.12.2/Source/WebKit2/Platform/IPC/HandleMessage.h:22
        arguments = std::tuple containing = {[1] = 4}
#11 0x00007fc63baecafe in IPC::handleMessage<Messages::WebPage::DidEndRequestInstallMissingMediaPlugins, WebKit::WebPage, void (WebKit::WebPage::*)(unsigned int)>(IPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned int)) (decoder=..., object=object at entry=0x7fc627fcb000, function=(void (WebKit::WebPage::*)(WebKit::WebPage * const, unsigned int)) 0x7fc63bab06d0 <WebKit::WebPage::didEndRequestInstallMissingMediaPlugins(unsigned int)>) at /usr/src/debug/webkitgtk-2.12.2/Source/WebKit2/Platform/IPC/HandleMessage.h:92
        arguments = std::tuple containing = {[1] = 4}
#12 0x00007fc63baeb41c in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::MessageDecoder&) (this=0x7fc627fcb000, connection=..., decoder=...) at /usr/src/debug/webkitgtk-2.12.2/x86_64-redhat-linux-gnu/DerivedSources/WebKit2/WebPageMessageReceiver.cpp:1254
#13 0x00007fc63b83f86c in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::MessageDecoder&) (this=this at entry=0x56432a8fc2e8, connection=..., decoder=...) at /usr/src/debug/webkitgtk-2.12.2/Source/WebKit2/Platform/IPC/MessageReceiverMap.cpp:102
#14 0x00007fc63b953f86 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) (this=0x56432a8fc280, connection=..., decoder=...) at /usr/src/debug/webkitgtk-2.12.2/Source/WebKit2/WebProcess/WebProcess.cpp:580
#15 0x00007fc63b83bbb6 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) (this=this at entry=0x7fc627fe9000, message=std::unique_ptr<IPC::MessageDecoder> containing 0x7fc58722f5a0) at /usr/src/debug/webkitgtk-2.12.2/Source/WebKit2/Platform/IPC/Connection.cpp:922
        oldDidReceiveInvalidMessage = false
#16 0x00007fc63b83c3e6 in IPC::Connection::dispatchOneMessage() (this=0x7fc627fe9000) at /usr/src/debug/webkitgtk-2.12.2/Source/WebKit2/Platform/IPC/Connection.cpp:953
        message = std::unique_ptr<IPC::MessageDecoder> containing 0x0
#17 0x00007fc63af6c8bd in WTF::RunLoop::performWork() (this=0x7ffc61aecb60) at /usr/include/c++/6.0.0/functional:2136
        function = {<std::_Maybe_unary_or_binary_function<void>> = {<No data fields>}, <std::_Function_base> = {static _M_max_size = 16, static _M_max_align = 8, _M_functor = {_M_unused = {_M_object = 0x7fc5c00014a0, _M_const_object = 0x7fc5c00014a0, _M_function_pointer = 0x7fc5c00014a0, _M_member_pointer = (void (std::_Undefined_class::*)(std::_Undefined_class * const)) 0x7fc5c00014a0, this adjustment 140489051218176}, _M_pod_data = "\240\024\000\300\305\177\000\000\000!\376'\306\177\000"}, _M_manager = 0x7fc63b839810 <std::_Function_base::_Base_manager<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::MessageDecoder>)::<lambda()> >::_M_manager(std::_Any_data &, const std::_Any_data &, std::_Manager_operation)>}, _M_invoker = 0x7fc63b83c450 <std::_Function_handler<void(), IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::MessageDecoder>)::<lambda()> >::_M_invoke(const std::_Any_data &)>}
        functionsToHandle = <optimized out>
#18 0x00007fc63af6c8bd in WTF::RunLoop::performWork() (this=0x7fc627ff8000) at /usr/src/debug/webkitgtk-2.12.2/Source/WTF/wtf/RunLoop.cpp:105
        function = {<std::_Maybe_unary_or_binary_function<void>> = {<No data fields>}, <std::_Function_base> = {static _M_max_size = 16, static _M_max_align = 8, _M_functor = {_M_unused = {_M_object = 0x7fc5c00014a0, _M_const_object = 0x7fc5c00014a0, _M_function_pointer = 0x7fc5c00014a0, _M_member_pointer = (void (std::_Undefined_class::*)(std::_Undefined_class * const)) 0x7fc5c00014a0, this adjustment 140489051218176}, _M_pod_data = "\240\024\000\300\305\177\000\000\000!\376'\306\177\000"}, _M_manager = 0x7fc63b839810 <std::_Function_base::_Base_manager<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::MessageDecoder>)::<lambda()> >::_M_manager(std::_Any_data &, const std::_Any_data &, std::_Manager_operation)>}, _M_invoker = 0x7fc63b83c450 <std::_Function_handler<void(), IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::MessageDecoder>)::<lambda()> >::_M_invoke(const std::_Any_data &)>}
        functionsToHandle = <optimized out>
#19 0x00007fc63af8fda9 in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) (__closure=0x0, userData=<optimized out>) at /usr/src/debug/webkitgtk-2.12.2/Source/WTF/wtf/glib/RunLoopGLib.cpp:66
#20 0x00007fc63af8fda9 in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) () at /usr/src/debug/webkitgtk-2.12.2/Source/WTF/wtf/glib/RunLoopGLib.cpp:68
#21 0x00007fc636221703 in g_main_context_dispatch (context=0x56432a1c72f0) at gmain.c:3154
        dispatch = 0x7fc63af8fdc0 <WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer)>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x7fc627ff8000
        callback = 0x7fc63af8fda0 <WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer)>
        cb_funcs = 0x7fc6364e5280 <g_source_callback_funcs>
        cb_data = 0x56432abb49c0
        need_destroy = <optimized out>
        source = 0x56432ac24980
        current = 0x56432a1fd6a0
        i = 0
#22 0x00007fc636221703 in g_main_context_dispatch (context=context at entry=0x56432a1c72f0) at gmain.c:3769
#23 0x00007fc636221ab0 in g_main_context_iterate (context=0x56432a1c72f0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3840
        max_priority = 0
        timeout = 0
        some_ready = 1
        nfds = 3
        allocated_nfds = 3
        fds = <optimized out>
#24 0x00007fc636221dd2 in g_main_loop_run (loop=0x56432a849370) at gmain.c:4034
        __func__ = "g_main_loop_run"
#25 0x00007fc63af905c0 in WTF::RunLoop::run() () at /usr/src/debug/webkitgtk-2.12.2/Source/WTF/wtf/glib/RunLoopGLib.cpp:94
        runLoop = @0x7fc627ff8000: {<WTF::FunctionDispatcher> = {<WTF::ThreadSafeRefCounted<WTF::FunctionDispatcher>> = {<WTF::ThreadSafeRefCountedBase> = {m_refCount = {<std::__atomic_base<int>> = {static _S_alignment = 4, _M_i = 1}, <No data fields>}}, <No data fields>}, _vptr.FunctionDispatcher = 0x7fc63b11eab8 <vtable for WTF::RunLoop+16>}, m_functionQueueLock = {m_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 512, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 17 times>, "\002", '\000' <repeats 21 times>, __align = 0}}, m_functionQueue = {m_start = 56, m_end = 60, m_buffer = {<WTF::VectorBufferBase<std::function<void()> >> = {m_buffer = 0x7fc5ca1ea200, m_capacity = 68, m_size = 0}, <No data fields>}}, m_mainContext = {m_ptr = 0x56432a1c72f0}, m_mainLoops = {<WTF::VectorBuffer<WTF::GRefPtr<_GMainLoop>, 0ul>> = {<WTF::VectorBufferBase<WTF::GRefPtr<_GMainLoop> >> = {m_buffer = 0x7fc627ffb180, m_capacity
        nestedMainLoop = <optimized out>
#26 0x00007fc63bab42e9 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=<optimized out>, argv=0x7ffc61aeced8) at /usr/src/debug/webkitgtk-2.12.2/Source/WebKit2/Shared/unix/ChildProcessMain.h:61
        childMain = {<WebKit::ChildProcessMainBase> = {_vptr.ChildProcessMainBase = 0x7fc63d675518 <vtable for WebKit::WebProcessMain+16>, m_parameters = {uiProcessName = {m_impl = {m_ptr = 0x0}}, clientIdentifier = {m_impl = {m_ptr = 0x0}}, connectionIdentifier = 58, extraInitializationData = {m_impl = {static m_maxLoad = 2, static m_minLoad = 6, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0, m_keyCount = 0, m_deletedCount = 0}}}}, <No data fields>}
#27 0x00007fc631725731 in __libc_start_main (main=0x564328853c20 <main(int, char**)>, argc=2, argv=0x7ffc61aeced8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc61aecec8) at ../csu/libc-start.c:289
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -6987612296341754901, 94846442617936, 140721947332304, 0, 0, -3712775938092176405, -3743282605207327765}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7ffc61aecef0, 0x7fc63da46128}, data = {prev = 0x0, cleanup = 0x0, canceltype = 1638846192}}}
        not_first_call = <optimized out>
#28 0x0000564328853c79 in _start ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160522/e5518d9b/attachment-0001.html>

More information about the webkit-unassigned mailing list