[Webkit-unassigned] [Bug 232914] New: [GStreamer] Crash in gst_buffer_get_meta when playing reddit video

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 9 16:15:38 PST 2021 

https://bugs.webkit.org/show_bug.cgi?id=232914

            Bug ID: 232914
           Summary: [GStreamer] Crash in gst_buffer_get_meta when playing
                    reddit video
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at gnome.org

This is a recent regression:

 * Visit https://www.reddit.com/r/StLouis/comments/qqc4tk/explosions_rocked_a_home_in_belleville_this/ (probably any reddit video would suffice)
 * Try to play the video

Epiphany Tech Preview with WebKitGTK 2.34.1 and GStreamer 1.18.5 will crash 100% of the time with this backtrace:

#0  0x00007f88e136e94c in gst_buffer_get_meta
    (buffer=buffer at entry=0x557280d5c5a0 [None], api=0x7f86cc0459e0 [GstVideoTimeCodeMetaAPI])
    at ../gst/gstbuffer.c:2242
#1  0x00007f87e0346ed6 in gst_h264_parse_pre_push_frame (parse=0x7f87080804f0 [GstH264Parse], frame=0x5572809c0800)
    at ../gst/videoparsers/gsth264parse.c:3137
#2  0x00007f88e1493dc7 in gst_base_parse_push_frame
    (parse=parse at entry=0x7f87080804f0 [GstH264Parse], frame=frame at entry=0x5572809c0800)
    at ../libs/gst/base/gstbaseparse.c:2524
#3  0x00007f88e14973fc in gst_base_parse_handle_and_push_frame
    (frame=0x5572809c0800, parse=0x7f87080804f0 [GstH264Parse]) at ../libs/gst/base/gstbaseparse.c:2440
#4  0x00007f87e0344514 in gst_h264_parse_handle_frame_packetized
    (frame=0x5572809c0800, parse=0x7f87080804f0 [GstH264Parse]) at ../gst/videoparsers/gsth264parse.c:1282
#5  gst_h264_parse_handle_frame (parse=0x7f87080804f0 [GstH264Parse], frame=0x5572809c0800, skipsize=<optimized out>)
    at ../gst/videoparsers/gsth264parse.c:1326
#6  0x00007f88e148eee2 in gst_base_parse_handle_buffer
    (parse=parse at entry=0x7f87080804f0 [GstH264Parse], buffer=<optimized out>, skip=skip at entry=0x7f871dff9ee8, flushed=flushed at entry=0x7f871dff9eec) at ../libs/gst/base/gstbaseparse.c:2248
#7  0x00007f88e1494f82 in gst_base_parse_chain (pad=<optimized out>, parent=<optimized out>, buffer=<optimized out>)
    at ../libs/gst/base/gstbaseparse.c:3297
#8  0x00007f88e13aa5f7 in gst_pad_chain_data_unchecked
    (pad=pad at entry=0x7f87340352f0 [GstPad], type=type at entry=4112, data=data at entry=0x557280d4ca20)
    at ../gst/gstpad.c:4404
#9  0x00007f88e13acacc in gst_pad_push_data
    (pad=pad at entry=0x7f8734035540 [GstPad], type=type at entry=4112, data=data at entry=0x557280d4ca20)
    at ../gst/gstpad.c:4668
#10 0x00007f88e13b4551 in gst_pad_push (pad=0x7f8734035540 [GstPad], buffer=0x557280d4ca20 [GstBuffer])
    at ../gst/gstpad.c:4787
#11 0x00007f88e13aa5f7 in gst_pad_chain_data_unchecked
    (pad=pad at entry=0x7f8734035790 [GstPad], type=type at entry=4112, data=data at entry=0x557280d4ca20)
    at ../gst/gstpad.c:4404
#12 0x00007f88e13acacc in gst_pad_push_data
    (pad=pad at entry=0x7f8708036a80 [GstProxyPad], type=type at entry=4112, data=data at entry=0x557280d4ca20)
    at ../gst/gstpad.c:4668
#13 0x00007f88e13b4551 in gst_pad_push
    (pad=pad at entry=0x7f8708036a80 [GstProxyPad], buffer=buffer at entry=0x557280d4ca20 [GstBuffer])
    at ../gst/gstpad.c:4787
#14 0x00007f88e1396a43 in gst_proxy_pad_chain_default
    (pad=<optimized out>, parent=<optimized out>, buffer=0x557280d4ca20 [GstBuffer]) at ../gst/gstghostpad.c:127
#15 0x00007f88e13aa5f7 in gst_pad_chain_data_unchecked
    (pad=pad at entry=0x7f8734013b20 [GstGhostPad], type=type at entry=4112, data=data at entry=0x557280d4ca20)
    at ../gst/gstpad.c:4404
#16 0x00007f88e13acacc in gst_pad_push_data
    (pad=pad at entry=0x7f86e802a540 [GstProxyPad], type=type at entry=4112, data=data at entry=0x557280d4ca20)
    at ../gst/gstpad.c:4668
#17 0x00007f88e13b4551 in gst_pad_push
    (pad=pad at entry=0x7f86e802a540 [GstProxyPad], buffer=buffer at entry=0x557280d4ca20 [GstBuffer])
    at ../gst/gstpad.c:4787
#18 0x00007f88e1396a43 in gst_proxy_pad_chain_default
    (pad=<optimized out>, parent=<optimized out>, buffer=0x557280d4ca20 [GstBuffer]) at ../gst/gstghostpad.c:127
#19 0x00007f88e13aa5f7 in gst_pad_chain_data_unchecked
    (pad=pad at entry=0x7f86e4015640 [GstGhostPad], type=type at entry=4112, data=data at entry=0x557280d4ca20)
    at ../gst/gstpad.c:4404
#20 0x00007f88e13acacc in gst_pad_push_data
    (pad=pad at entry=0x7f86e40158b0 [GstGhostPad], type=type at entry=4112, data=data at entry=0x557280d4ca20)
    at ../gst/gstpad.c:4668
#21 0x00007f88e13b4551 in gst_pad_push (pad=pad at entry=0x7f86e40158b0 [GstGhostPad], buffer=buffer at entry=0x557280d4ca20 [GstBuffer]) at ../gst/gstpad.c:4787
#22 0x00007f88e1396a43 in gst_proxy_pad_chain_default (pad=<optimized out>, parent=<optimized out>, buffer=0x557280d4ca20 [GstBuffer]) at ../gst/gstghostpad.c:127
#23 0x00007f88e13aa5f7 in gst_pad_chain_data_unchecked (pad=pad at entry=0x7f86e802aec0 [GstProxyPad], type=type at entry=4112, data=data at entry=0x557280d4ca20) at ../gst/gstpad.c:4404
#24 0x00007f88e13acacc in gst_pad_push_data (pad=pad at entry=0x7f86b4020630 [GstPad], type=type at entry=4112, data=data at entry=0x557280d4ca20) at ../gst/gstpad.c:4668
#25 0x00007f88e13b4551 in gst_pad_push (pad=0x7f86b4020630 [GstPad], buffer=0x557280d4ca20 [GstBuffer]) at ../gst/gstpad.c:4787
#26 0x00007f88e13aa5f7 in gst_pad_chain_data_unchecked (pad=pad at entry=0x7f86b4020880 [GstPad], type=type at entry=4112, data=data at entry=0x557280d4ca20) at ../gst/gstpad.c:4404
#27 0x00007f88e13acacc in gst_pad_push_data (pad=pad at entry=0x7f86cc1d65b0 [WebKitMediaSrcPad], type=type at entry=4112, data=data at entry=0x557280d4ca20) at ../gst/gstpad.c:4668
#28 0x00007f88e13b4551 in gst_pad_push (pad=0x7f86cc1d65b0 [WebKitMediaSrcPad], buffer=0x557280d4ca20 [GstBuffer]) at ../gst/gstpad.c:4787
#29 0x00007f88e53eb5e7 in webKitMediaSrcLoop(void*) (userData=<optimized out>) at /usr/lib/debug/source/sdk/webkitgtk.bst/Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:523
#30 0x00007f88e13e5c2c in gst_task_func (task=0x557280d5f050 [GstTask]) at ../gst/gsttask.c:384
#31 0x00007f88e406b6c5 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:354
#32 0x00007f88e406acf9 in g_thread_proxy (data=0x5572806b40c0) at ../glib/gthread.c:827
#33 0x00007f88e06173ba in start_thread (arg=0x7f871dffb640) at pthread_create.c:481
#34 0x00007f88e4580b03 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

I'll attach a full backtrace and a GStreamer debug log.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211110/69b4418e/attachment-0001.htm>

More information about the webkit-unassigned mailing list