[Webkit-unassigned] [Bug 184292] New: [GTK]? Undefined Behavior / crash in WebRtcVideoChannel::WebRtcVideoChannel() with null encoder_factory

Wed Apr 4 01:05:19 PDT 2018

https://bugs.webkit.org/show_bug.cgi?id=184292

            Bug ID: 184292
           Summary: [GTK]? Undefined Behavior / crash in
                    WebRtcVideoChannel::WebRtcVideoChannel() with null
                    encoder_factory
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebRTC
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Ms2ger at igalia.com
                CC: alex at igalia.com, bugs-noreply at webkitgtk.org,
                    youennf at gmail.com

If encoder_factory_ is null, AssignPayloadTypesAndDefaultCodecs() returns an empty vector, MapCodecs takes the empty vector, asserts in debug builds, and returns a new empty vector in release builds, and then we call front() unconditionally, which is Undefined Behavior for an empty vector.

This appears to cause a crash in fast/mediastream/RTCPeerConnection-addIceCandidate.html.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180404/5dfc3633/attachment-0002.html>