[Webkit-unassigned] [Bug 172395] New: WebAVStreamDataParserListener String leak

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri May 19 15:37:25 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=172395

            Bug ID: 172395
           Summary: WebAVStreamDataParserListener String leak
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media Elements
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: joepeck at webkit.org
                CC: cdumez at apple.com, ddkilzer at webkit.org,
                    eric.carlson at apple.com, jer.noble at apple.com,
                    joepeck at webkit.org

Summary:
WebAVStreamDataParserListener String leak seen after some browsing:

Leak: 0x7fa13af36e10  size=32  zone: WebKit Using System Malloc_0x1017e1000
        0x00000002 0x00000004 0x3af36e24 0x00007fa1     ........$n.:....
        0x00000008 0x31637661 0x20666f20 0x00023a33     ....avc1 of 3:..
        Call stack: [thread 0x70000784a000]:
    |  start_wqthread
    |  _pthread_wqthread
    |  _dispatch_worker_thread4
    |  _dispatch_root_queue_drain
    |  _dispatch_async_redirect_invoke
    |  _dispatch_continuation_pop
    |  _dispatch_client_callout
    |  _dispatch_call_block_and_release
    |  ___ZN7WebCore26SourceBufferPrivateAVFObjC6appendEPKhj_block_invoke
    |  -[AVStreamDataParser appendStreamData:withFlags:]
    |  -[AVStreamDataParser _appendStreamData:withFlags:]
    |  0x7fff89f705dc
    |  0x7fff89f723ae
    |  0x7fff89f7588e
    |  -[AVStreamDataParser(AVStreamDataParser_FigManifold) _figManifold:pushedSampleBuffer:trackID:flags:]
    |  -[WebAVStreamDataParserListener streamDataParser:didProvideMediaData:forTrackID:mediaType:flags:]
    |  WTF::String::String(NSString*)
    |  WTF::StringImpl::create(unsigned char const*, unsigned int)
    |  WTF::fastMalloc(unsigned long)
    |  bmalloc::DebugHeap::malloc(unsigned long) 

There seem to be a few places doing:

    String mediaType = ...;
    callOnMainThread([..., mediaType, flags] {
        ...
    });

String is not thread safe, so if this is cross thread (which the backtrace above appears to indicate) then we need to have an isolated copy for the lambda. A race condition may have caused the leak to happen here, and there could be worse issues.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170519/9b300a19/attachment.html>

More information about the webkit-unassigned mailing list