[Webkit-unassigned] [Bug 196902] New: [GStreamer] Invalid free in MediaPlayerPrivateGStreamerMSE::sourceSetup
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Apr 13 16:27:37 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=196902
Bug ID: 196902
Summary: [GStreamer] Invalid free in
MediaPlayerPrivateGStreamerMSE::sourceSetup
Product: WebKit
Version: WebKit Nightly Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: WebKitGTK
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at igalia.com
CC: bugs-noreply at webkitgtk.org
Created attachment 367397
--> https://bugs.webkit.org/attachment.cgi?id=367397&action=review
Full backtrace
Core was generated by `/usr/libexec/webkit2gtk-4.0/WebKitWebProcess 22 51'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fb47ef6725f in webKitMediaSrcFreeStream (
source=source at entry=0x5570753b4140, stream=0x5570752d0cf0)
at ../Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:512
512 if (GST_IS_APP_SRC(stream->appsrc)) {
Reproducer: visit https://www.reddit.com/r/WTF/comments/bcqcar/engine_cold_start_turkish_style/, wait for the video to finish. It will crash a little more than half the time.
Due to a bug in the GNOME runtime, it seems there's no debuginfo for GStreamer so some possibly-important frames are missing, but I hope the attached backtrace should suffice. Note: this is with 2.24.0 since we don't have 2.24.1 in the runtime yet.
Truncated backtrace is:
#0 0x00007fb47ef6725f in webKitMediaSrcFreeStream (source=source at entry=0x5570753b4140, stream=0x5570752d0cf0)
at ../Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:512
#1 0x00007fb47ef67a07 in webKitMediaSrcFinalize (object=0x5570753b4140)
at ../Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:278
#2 0x00007fb47d526f1d in g_object_unref (_object=<optimized out>) at ../gobject/gobject.c:3345
#3 g_object_unref (_object=0x5570753b4140) at ../gobject/gobject.c:3237
#4 0x00007fb480348ebc in WebCore::MediaPlayerPrivateGStreamerMSE::sourceSetup (this=0x7fb31dc76780,
sourceElement=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/DumbPtrTraits.h:41
#5 0x00007fb47a5c4bae in ffi_call_unix64 () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#6 0x00007fb47a5c456f in ffi_call () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#7 0x00007fb47d522245 in g_cclosure_marshal_generic (closure=<optimized out>, return_gvalue=<optimized out>,
n_param_values=<optimized out>, param_values=<optimized out>, invocation_hint=<optimized out>,
marshal_data=<optimized out>) at ../gobject/gclosure.c:1500
#8 0x00007fb47d52177d in g_closure_invoke (closure=0x55707526ff70, return_value=0x0, n_param_values=2,
param_values=0x7ffd0f543d40, invocation_hint=0x7ffd0f543cc0) at ../gobject/gclosure.c:810
#9 0x00007fb47d535865 in signal_emit_unlocked_R (node=node at entry=0x557075233ed0, detail=detail at entry=0,
instance=instance at entry=0x557075238890, emission_return=emission_return at entry=0x0,
instance_and_params=instance_and_params at entry=0x7ffd0f543d40) at ../gobject/gsignal.c:3635
#10 0x00007fb47d53eb7e in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>,
detail=<optimized out>, var_args=var_args at entry=0x7ffd0f543f10) at ../gobject/gsignal.c:3391
#11 0x00007fb47d53f233 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>)
at ../gobject/gsignal.c:3447
#12 0x00007fb3fc5ae19f in ?? () from /usr/lib/x86_64-linux-gnu/gstreamer-1.0/libgstplayback.so
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190413/74a32dda/attachment-0001.html>
More information about the webkit-unassigned
mailing list