[Webkit-unassigned] [Bug 272844] [GTK] WebKitWebProcess SIGSEGV when rendering an MJPEG stream
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 17 15:04:36 PDT 2024
https://bugs.webkit.org/show_bug.cgi?id=272844
--- Comment #2 from Campbell Cole <cmcoleco at gmail.com> ---
I've determined how this bug is triggered. I have a custom MJPEG server and there are two modes. One is a very low level TCP stream that I write bytes to directly, and the other is an implementation using the `hyper` crate for Rust.
The hyper crate uses HTTP 1.1 chunked streams. The raw implementation uses HTTP 1.0 normal streams.
This bug is triggered when a chunked stream sends the boundary before any data has been received. If the raw implementation sends a boundary before sending any data, the program does not crash.
The workaround I came up with was to move the code that sends the boundary after the code that sends the JPEG. I had initially been sending the boundary first because in 4.42.x, I had to do this to get MJPEG to work at all with chunked encoding.
Sending the boundary first has always worked with the raw implementation, before and after this bug was introduced.
This bug was introduced by fixing https://bugs.webkit.org/show_bug.cgi?id=263423 . I don't quite understand the implementation details but it seems that chunked encoding creates a FragmentSharedBuffer that appears to contain data but segfaults when copied.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240417/63f13a1a/attachment-0001.htm>
More information about the webkit-unassigned
mailing list