[Webkit-unassigned] [Bug 232695] New: nested run loops under MediaPlayerPrivateAVFoundationObjC::waitForVideoOutputMediaDataWillChange can cause hang when timeout fires

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 3 21:24:34 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=232695

            Bug ID: 232695
           Summary: nested run loops under
                    MediaPlayerPrivateAVFoundationObjC::waitForVideoOutput
                    MediaDataWillChange can cause hang when timeout fires
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: heycam at apple.com
            Blocks: 232565

It's possible for MediaPlayerPrivateAVFoundationObjC::waitForVideoOutputMediaDataWillChange to be called re-entrantly, if the RunLoop::run() call ends up processing an event that also wants to synchronously update the media image.  This can cause a hang:

1. Enter the outer waitForVideoOutputMediaDataWillChange() call.
2. Set up the outer timeout timer.
3. Call RunLoop::run().

    3.1. Enter the inner waitForVideoOutputMediaDataWillChange() call.
    3.2. Set up the inner timeout timer.
    3.3. Call RunLoop::run().

        3.3.1. Wait for new RunLoop events, and none arrive.
        3.3.2. The outer timeout timer fires, calling RunLoop::stop().

    3.4. Return from waitForVideoOutputMediaDataWillChange(), cancelling the inner timeout timer.
    3.5. Wait for more events on the run loop, forever.

I encountered this with my bug 232565 patch applied running webgl/1.0.x/conformance/textures/misc/texture-corner-case-videos.html.


Referenced Bugs:

https://bugs.webkit.org/show_bug.cgi?id=232565
[Bug 232565] Regression (r285055): [ macOS ] webgl/1.0.x/conformance/textures/misc/texture-corner-case-videos.html and webgl/2.0.y/conformance/textures/misc/texture-corner-case-videos.html are timing out.
-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211104/460c932e/attachment-0001.htm>

More information about the webkit-unassigned mailing list