[Webkit-unassigned] [Bug 203378] New: [GStreamer][MSE] Crash in PlaybackPipeline::removeSourceBuffer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 24 11:54:18 PDT 2019


https://bugs.webkit.org/show_bug.cgi?id=203378

            Bug ID: 203378
           Summary: [GStreamer][MSE] Crash in
                    PlaybackPipeline::removeSourceBuffer
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at gnome.org
                CC: bugs-noreply at webkitgtk.org

This is 100% reproducible in today's Tech Preview (which is still using 2.26.1; beware as we have an update to 2.27.2 pending that could affect this). Just visit https://fortintam.com/blog/significance-of-rotschild-vs-gnome/ and click on the YouTube embed. WebKit will crash with SIGSEGV:

#0  0x00007eff01ca82d8 in WebCore::PlaybackPipeline::removeSourceBuffer(WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::DumbPtrTraits<WebCore::SourceBufferPrivateGStreamer> >) (this=0x0, sourceBufferPrivate=...)
    at ../Source/WebCore/platform/graphics/gstreamer/mse/PlaybackPipeline.cpp:150
        __FUNCTION__ = "removeSourceBuffer"
        priv = <optimized out>
        stream = <optimized out>
#1  0x00007eff01ca68e3 in WebCore::MediaSourceClientGStreamerMSE::removedFromMediaSource(WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::DumbPtrTraits<WebCore::SourceBufferPrivateGStreamer> >)
    (this=0x7efd34210cf8, sourceBufferPrivate=...) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:49
#2  0x00007eff01caad62 in WebCore::SourceBufferPrivateGStreamer::removedFromMediaSource() (this=0x7efd344dc680)
    at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:49
#3  0x00007eff00c2104f in WebCore::SourceBuffer::removedFromMediaSource() (this=0x7efe38440390)
    at DerivedSources/ForwardingHeaders/wtf/DumbPtrTraits.h:43
#4  0x00007eff00c2104f in WebCore::SourceBuffer::removedFromMediaSource() (this=0x7efe38440390)
    at ../Source/WebCore/Modules/mediasource/SourceBuffer.cpp:464
#5  0x00007eff00c2c3a3 in WebCore::MediaSource::removeSourceBuffer(WebCore::SourceBuffer&)
    (this=this at entry=0x7efe78723d90, buffer=...) at ../Source/WebCore/Modules/mediasource/MediaSource.cpp:867
#6  0x00007eff00c2c716 in WebCore::MediaSource::detachFromElement(WebCore::HTMLMediaElement&)
    (this=0x7efe78723d90, element=...) at DerivedSources/ForwardingHeaders/wtf/DumbPtrTraits.h:43
#7  0x00007eff011f5cac in WebCore::HTMLMediaElement::detachMediaSource() (this=this at entry=0x7efe7814dc50)
    at ../Source/WebCore/html/HTMLMediaElement.cpp:3693
#8  0x00007eff0120d7c0 in WebCore::HTMLMediaElement::noneSupported() (this=0x7efe7814dc50)
    at ../Source/WebCore/html/HTMLMediaElement.cpp:2171
#9  0x00007eff0120d7c0 in WebCore::HTMLMediaElement::noneSupported() (this=0x7efe7814dc50)
    at ../Source/WebCore/html/HTMLMediaElement.cpp:2140
#10 0x00007eff0120d953 in WebCore::HTMLMediaElement::mediaLoadingFailed(WebCore::MediaPlayerEnums::NetworkState)
    (this=0x7efe7814dc50, error=WebCore::MediaPlayerEnums::FormatError)
    at ../Source/WebCore/html/HTMLMediaElement.cpp:2311
#11 0x00007eff01687975 in WebCore::MediaPlayer::loadWithNextMediaEngine(WebCore::MediaPlayerFactory const*)
    (this=0x7efd3428e958, current=<optimized out>) at ../Source/WebCore/platform/graphics/MediaPlayer.h:419
        engine = <optimized out>
#12 0x00007eff01604db4 in WebCore::ThreadTimers::sharedTimerFiredInternal() (this=0x7efef369beb0)
    at ../Source/WebCore/platform/ThreadTimers.h:101
        item = 
          {static isRef = <error reading variable: Missing ELF symbol "WTF::Ref<WebCore::ThreadTimerHeapItem, WTF::DumbPtrTraits<WebCore::ThreadTimerHeapItem> >::isRef".>, m_ptr = 0x7efd1ca81570}
        timer = <optimized out>
        interval = <optimized out>
        timeToQuit = {static clockType = WTF::ClockType::Monotonic, m_value = 1052.4927740000001}
#13 0x00007eff01604db4 in WebCore::ThreadTimers::sharedTimerFiredInternal() (this=0x7efef369beb0)
    at ../Source/WebCore/platform/ThreadTimers.cpp:101
#14 0x00007efefe129368 in WTF::RunLoop::TimerBase::<lambda(gpointer)>::operator()
    (__closure=0x0, userData=0x7eff029cef70 <WebCore::MainThreadSharedTimer::singleton()::instance+16>)
    at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:171
        timer = 0x7eff029cef70 <WebCore::MainThreadSharedTimer::singleton()::instance+16>
        source = 0x5598a62f4290
#15 0x00007efefe129368 in WTF::RunLoop::TimerBase::<lambda(gpointer)>::_FUN(gpointer) ()
    at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:177
#16 0x00007efefe77f58e in g_main_dispatch (context=0x5598a4d5cad0) at ../glib/gmain.c:3178
        dispatch = 
    0x7efefe128d70 <WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer)>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x7eff029cef70 <WebCore::MainThreadSharedTimer::singleton()::instance+16>
        callback = 0x7efefe129350 <WTF::RunLoop::TimerBase::<lambda(gpointer)>::_FUN(gpointer)>
        cb_funcs = 0x7efefe854280 <g_source_callback_funcs>
        cb_data = 0x5598a62f1660
        need_destroy = <optimized out>
        source = 0x5598a62f4290
        current = 0x5598a4d65ac0
        i = 0
        __func__ = "g_main_dispatch"
#17 0x00007efefe77f58e in g_main_context_dispatch (context=context at entry=0x5598a4d5cad0) at ../glib/gmain.c:3843
#18 0x00007efefe77f940 in g_main_context_iterate (context=0x5598a4d5cad0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:3916
        max_priority = 100
        timeout = 0
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = <optimized out>
        fds = 0x5598a672fe00
#19 0x00007efefe77fc33 in g_main_loop_run (loop=0x5598a4dfbf30) at ../glib/gmain.c:4110
        __func__ = "g_main_loop_run"
#20 0x00007efefe1297d0 in WTF::RunLoop::run() () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:96
        runLoop = @0x7efef36f9000: {<WTF::FunctionDispatcher> = {<WTF::ThreadSafeRefCounted<WTF::FunctionDispatcher, (WTF::DestructionThread)0>> = {<WTF::ThreadSafeRefCountedBase> = {m_refCount = {<std::__atomic_base<unsigned int>> = {static _S_alignment = 4, _M_i = 52}, static is_always_lock_free = true}}, <No data fields>}, _vptr.FunctionDispatcher = 0x7efefe3fd4c8 <vtable for WTF::RunLoop+16>}, m_functionQueueLock = {static isHeldBit = 1 '\001', static hasParkedBit = 2 '\002', m_byte = {value = {<std::__atomic_base<unsigned char>> = {static _S_alignment = 1, _M_i = 0 '\000'}, static is_always_lock_free = true}}}, m_functionQueue = {m_start = 37, m_end = 37, m_buffer = {<WTF::VectorBufferBase<WTF::Function<void()> >> = {m_buffer = 0x7efe706e8000, m_capacity = 68, m_size = 0}, <No data fields>}}, m_mainContext = {m_ptr = 0x5598a4d5cad0}, m_mainLoops = {<WTF::VectorBuffer<WTF::GRefPtr<_GMainLoop>, 0>> = {<WTF::VectorBufferBase<WTF::GRefPtr<_GMainLoop> >> = {m_buffer = 0x7efef36fc100, m_capacity = 16, m_size = 1}, <No data fields>}, <No data fields>}, m_source = {m_ptr = 0x5598a4e6cae0}}
        mainContext = 0x5598a4d5cad0
        innermostLoop = 0x5598a4dfbf30
        nestedMainLoop = <optimized out>
#21 0x00007eff0056ecaa in WebKit::AuxiliaryProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=3, argv=<optimized out>) at ../Source/WebKit/Shared/unix/AuxiliaryProcessMain.h:47
        auxiliaryMain = {<WebKit::AuxiliaryProcessMainBase> = {_vptr.AuxiliaryProcessMainBase = 0x7eff027deca8 <vtable for WebKit::WebProcessMain+16>, m_parameters = {uiProcessName = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x0}}, clientIdentifier = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x0}}, processIdentifier = {<WTF::constexpr_Optional_base<WTF::ObjectIdentifier<WebCore::ProcessIdentifierType> >> = {init_ = true, storage_ = {dummy_ = 36 '$', value_ = {<WTF::ObjectIdentifierBase> = {<No data fields>}, m_identifier = 36}}}, <No data fields>}, connectionIdentifier = 77, extraInitializationData = {m_impl = {static m_maxLoad = 2, static m_minLoad = 6, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0, m_keyCount = 0, m_deletedCount = 0}}, processType = WebKit::AuxiliaryProcess::ProcessType::WebContent}}, <No data fields>}
#22 0x00007efeff6ce173 in __libc_start_main (main=0x5598a47a3780 <main(int, char**)>, argc=3, argv=0x7fffa90aeac8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffa90aeab8) at ../csu/libc-start.c:308
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 1868289502364029906, 94114082863056, 140736029452992, 0, 0, 5558397995539485650, 5702059926884570066}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fffa90aeae8, 0x7eff02a16130}, data = {prev = 0x0, cleanup = 0x0, canceltype = -1458902296}}}
        not_first_call = <optimized out>
#23 0x00005598a47a37fe in _start () at ../sysdeps/x86_64/start.S:120

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191024/6419525b/attachment.htm>


More information about the webkit-unassigned mailing list