[Webkit-unassigned] [Bug 168662] New: [GStreamer] Crash in MediaPlayerPrivateGStreamerMSE::buffered() when MEDIA_STREAM is disabled

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 21 10:04:58 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=168662

            Bug ID: 168662
           Summary: [GStreamer] Crash in
                    MediaPlayerPrivateGStreamerMSE::buffered() when
                    MEDIA_STREAM is disabled
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Platform
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: cgarcia at igalia.com

When MEDIA_STREAM is disable, if MediaPlayer::loadWithNextMediaEngine is called with a current engine, and there's no type specified, the next media engine that is used is the MSE one. Since there's no actually a media stream, the engine is created but never loaded. When buffered is called it tries to use its media source that is nullptr. It doesn't happen when MEDIA_STREAM is enabled, because the next media engine returned is Owr that doesn't implement buffered and always returns an empty PlatformTimeRanges.

#0  0x00007f9a7db0b61b in WebCore::MediaPlayerPrivateGStreamerMSE::buffered() const [clone .localalias.94] ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#1  0x00007f9a7d5d3681 in WebCore::MediaPlayer::buffered() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#2  0x00007f9a7d1c11db in WebCore::HTMLMediaElement::buffered() const () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007f9a7dbe2968 in WebCore::RenderThemeGtk::paintMediaSliderTrack(WebCore::RenderObject const&, WebCore::PaintInfo const&, WebCore::IntRect const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f9a7d846a0d in WebCore::RenderTheme::paint(WebCore::RenderBox const&, WebCore::ControlStates&, WebCore::PaintInfo const&, WebCore::LayoutRect const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007f9a7d705f03 in WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::LayoutPoint const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170221/de275ff7/attachment.html>

More information about the webkit-unassigned mailing list