[Webkit-unassigned] [Bug 175575] [GStreamer] Memory corruption in GStreamerGL code

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 28 04:47:23 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=175575

--- Comment #2 from Michael Catanzaro <mcatanzaro at igalia.com> ---
Another variant:

Thread 1 (Thread 0x2b8468200700 (LWP 21392)):
#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00002b82c9e873fa in __GI_abort () at abort.c:89
#2  0x00002b82c9ec3bd0 in __libc_message (do_abort=do_abort at entry=2, fmt=fmt at entry=0x2b82c9fb8bd0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3  0x00002b82c9ec9f96 in malloc_printerr (action=3, str=0x2b82c9fb8d28 "double free or corruption (fasttop)", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5046
#4  0x00002b82c9eca78e in _int_free (av=0x2b8478000020, p=0x2b84781d6b90, have_lock=0) at malloc.c:3902
#5  0x00002b83a0366dcd in _mesa_clear_shader_program_data () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/main/shaderobj.c:304
#6  0x00002b83a0425921 in _mesa_glsl_link_shader () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/program/ir_to_mesa.cpp:2964
#7  0x00002b83a036205a in link_program () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/main/shaderapi.c:1042
#8  0x00002b82c4ba347c in gst_gl_shader_link () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglshader.c:686
#9  0x00002b82c4ba927e in _create_shader () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:1945
#10 _init_convert () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:2028
#11 _do_convert () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:2368
#12 0x00002b82c4bad683 in _run_message_sync () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:601
#13 0x00002b82c4bad622 in _run_message_async () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:668
#14 0x00002b82c59875ca in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3212
#15 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3865
#16 0x00002b82c5987948 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3938
#17 0x00002b82c5987c62 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:4134
#18 0x00002b82c4bad6f5 in gst_gl_window_default_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:527
#19 0x00002b82c4b9695c in gst_gl_context_create_thread () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcontext.c:1273
#20 0x00002b82c59ae315 in g_thread_proxy () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gthread.c:784
#21 0x00002b82c8d5f494 in start_thread (arg=0x2b8468200700) at pthread_create.c:333
#22 0x00002b82c9f3b93f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Adding crash expectation for imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/ready-states/autoplay-with-slow-text-tracks.html.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170828/ce8b6af9/attachment-0001.html>

More information about the webkit-unassigned mailing list