[Webkit-unassigned] [Bug 232416] New: In iOS 15.1, Safari and iOS Chrome tabs crash when starting a WebRTC video call with the H.264 format

Wed Oct 27 19:28:17 PDT 2021

https://bugs.webkit.org/show_bug.cgi?id=232416

            Bug ID: 232416
           Summary: In iOS 15.1, Safari and iOS Chrome tabs crash when
                    starting a WebRTC video call with the H.264 format
           Product: WebKit
           Version: Safari 15
          Hardware: iPhone / iPad
                OS: Unspecified
            Status: NEW
          Severity: Critical
          Priority: P2
         Component: WebRTC
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: simmkyu at amazon.com
                CC: youennf at gmail.com

Created attachment 442664

  --> https://bugs.webkit.org/attachment.cgi?id=442664&action=review

Crash report for iOS 15.1 + H264 issue

When starting a WebRTC video call with the H.264 video format in iOS 15.1, iOS Safari and iOS Chrome tab crash. A browser does not output any error message to the web console.

The bug occurs on any iOS 15.1 devices when the outbound video uses H.264. We confirmed using the following devices:
- iPad Pro 12.9 2015 (iOS 15.1)
- iPhone 13 Pro (iOS 15.1)

Stack trace (.ips file) from an iOS 15.1 device:

```
Thread 19 name: EncoderQueue
Thread 19 Crashed:
0 WebKit 0x19048bf18 void WebCore::RemoteVideoSample::encode<IPC::Encoder>(IPC::Encoder&) const + 36
1 WebKit 0x190a7ba04 WebKit::encodeVideoFrame(void, webrtc::VideoFrame const&, bool) + 708
2 WebKit 0x190a7ba04 WebKit::encodeVideoFrame(void, webrtc::VideoFrame const&, bool) + 708
3 libwebrtc.dylib 0x1ec63ee44 webrtc::VideoStreamEncoder::EncodeVideoFrame(webrtc::VideoFrame const&, long long) + 3336
4 libwebrtc.dylib 0x1ec6439f4 webrtc::webrtc_new_closure_impl::ClosureTask<webrtc::VideoStreamEncoder::OnFrame(webrtc::VideoFrame const&)::$_13>::Run() + 5376
5 libwebrtc.dylib 0x1ec5d9e94 std::__1::__function::__func<webrtc::(anonymous namespace)::TaskQueueStdlib::TaskQueueStdlib(std::__1::basic_string_view<char, std::__1::char_traits<char> >, rtc::ThreadPriority)::$_1, std::__1::allocator<webrtc::(anonymous namespace)::TaskQueueStdlib::TaskQueueStdlib(std::__1::basic_string_view<char, std::__1::char_traits<char> >, rtc::ThreadPriority)::$_1>, void ()>::operator()() + 920
6 libwebrtc.dylib 0x1ec478b38 std::__1::__function::__func<rtc::PlatformThread::SpawnThread(std::__1::function<void ()>, std::__1::basic_string_view<char, std::__1::char_traits<char> >, rtc::ThreadAttributes, bool)::$_1, std::__1::allocator<rtc::PlatformThread::SpawnThread(std::__1::function<void ()>, std::__1::basic_string_view<char, std::__1::char_traits<char> >, rtc::ThreadAttributes, bool)::$_1>, void ()>::operator()() + 260
7 libwebrtc.dylib 0x1ec478504 rtc::(anonymous namespace)::RunPlatformThread(void*) + 64
8 libsystem_pthread.dylib 0x1f28c29a4 _pthread_start + 148
9 libsystem_pthread.dylib 0x1f28c1ea0 thread_start + 8
```

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211028/ea22f926/attachment-0001.htm>