[Webkit-unassigned] [Bug 181180] New: Safari WebKitWebRTCAudioModule crash during <video> tag update when audio track present in MediaStream

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Dec 28 05:09:09 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=181180

            Bug ID: 181180
           Summary: Safari WebKitWebRTCAudioModule crash during <video>
                    tag update when audio track present in MediaStream
           Product: WebKit
           Version: Safari 11
          Hardware: Macintosh
                OS: macOS 10.12
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebRTC
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: pmikolajczak at rtclaboratory.com
                CC: youennf at gmail.com

Created attachment 330233

  --> https://bugs.webkit.org/attachment.cgi?id=330233&action=review

Four crash logs

I use RTCPeerConnection to stream audio and video from Chrome (63.0.3239.84) to Safari (Version 11.0.2 (12604.4.7.1.4)). Connection is established, audio and video are present on both sides. Then after a while in Safari, in my HTML app I update <video> tag that contains remote MediaStream (in srcObject) received from Chrome. By update I mean that I add and remove that video tag from HTML few times in row. It is done by some template rendering engine. During that update process Safari crashes (not always, but eventually will after several tries).

Other few things:
 - video tag has autoplay, muted, playsinline attributes and couple of css rules.
 - updating video with only MediaStreamTrack kind "video" won't trigger crash. Audio track has to be present.
 - I am able to reproduce it locally by calling several times something like setInterval(updateVideo, 0), where updateVideo is:
   $parent.removeChild($video); $parent.appendChild($video); $video.srcObject = stream; Note: This is test case only, in my app updateVideo is not called that many times.
 - crash logs in attachments. One of them is from High Sierra, Safari Technology Preview. Other from Sierra 10.12.6. This can be found in logs:
   Crashed Thread: WebKitWebRTCAudioModule, abort() called, *** error for object 0x7fd6e61ac4d0: pointer being freed was not allocated

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171228/d128f8d3/attachment.html>

More information about the webkit-unassigned mailing list