[Webkit-unassigned] [Bug 175575] New: [GStreamer] Memory corruption in GStreamerGL code
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 15 09:14:09 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=175575
Bug ID: 175575
Summary: [GStreamer] Memory corruption in GStreamerGL code
Product: WebKit
Version: Other
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: Media Elements
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at igalia.com
CC: bugs-noreply at webkitgtk.org
Unfortunately memory corruption is usually really hard to track down since the backtrace rarely points to the real problem, and I don't have a consistent reproducer. But here it is. It happens sometimes when running layout test compositing/video/video-object-position.html:
Thread 1 (Thread 0x2b6fc8320700 (LWP 11367)):
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00002b6b198ea3fa in __GI_abort () at abort.c:89
#2 0x00002b6b19926bd0 in __libc_message (do_abort=do_abort at entry=2, fmt=fmt at entry=0x2b6b19a1bbd0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3 0x00002b6b1992cf96 in malloc_printerr (action=3, str=0x2b6b19a1bd28 "double free or corruption (fasttop)", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5046
#4 0x00002b6b1992d78e in _int_free (av=av at entry=0x2b6ef0000020, p=p at entry=0x2b6ef02c6220, have_lock=have_lock at entry=1) at malloc.c:3902
#5 0x00002b6b1992fef8 in _int_realloc (av=av at entry=0x2b6ef0000020, oldp=oldp at entry=0x2b6ef02c6220, oldsize=oldsize at entry=64, nb=nb at entry=96) at malloc.c:4393
#6 0x00002b6b19931539 in __GI___libc_realloc (oldmem=0x2b6ef02c6230, bytes=84) at malloc.c:3080
#7 0x00002b6b9c2a5251 in resize () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/util/ralloc.c:147
#8 0x00002b6b9c2a588f in ralloc_vasprintf_rewrite_tail () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/util/ralloc.c:510
#9 0x00002b6b9c2a5936 in ralloc_vasprintf_append () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/util/ralloc.c:479
#10 0x00002b6b9c2aed4d in _Z12linker_errorP17gl_shader_programPKcz () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/glsl/linker.cpp:529
#11 0x00002b6b9c2b152c in link_intrastage_shaders () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/glsl/linker.cpp:2026
#12 _Z12link_shadersP10gl_contextP17gl_shader_program () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/glsl/linker.cpp:3539
#13 0x00002b6b9c22399b in _mesa_glsl_link_shader () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/program/ir_to_mesa.cpp:2975
#14 0x00002b6b9c16005a in link_program () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/main/shaderapi.c:1042
#15 0x00002b6b142fe47c in gst_gl_shader_link () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglshader.c:686
#16 0x00002b6b1430427e in _create_shader () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:1945
#17 _init_convert () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:2028
#18 _do_convert () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:2368
#19 0x00002b6b14308683 in _run_message_sync () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:601
#20 0x00002b6b14308622 in _run_message_async () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:668
#21 0x00002b6b150e25ca in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3212
#22 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3865
#23 0x00002b6b150e2948 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3938
#24 0x00002b6b150e2c62 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:4134
#25 0x00002b6b143086f5 in gst_gl_window_default_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:527
#26 0x00002b6b142f195c in gst_gl_context_create_thread () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcontext.c:1273
#27 0x00002b6b15109315 in g_thread_proxy () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gthread.c:784
#28 0x00002b6b187c2494 in start_thread (arg=0x2b6fc8320700) at pthread_create.c:333
#29 0x00002b6b1999e93f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170815/d4b42fc7/attachment.html>
More information about the webkit-unassigned
mailing list