[Webkit-unassigned] [Bug 266973] New: [GStreamer] Crash in CachedResourceStreamingClient::dataReceived

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 1 11:25:15 PST 2024 

https://bugs.webkit.org/show_bug.cgi?id=266973

            Bug ID: 266973
           Summary: [GStreamer] Crash in
                    CachedResourceStreamingClient::dataReceived
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at redhat.com

Created attachment 469255

  --> https://bugs.webkit.org/attachment.cgi?id=469255&action=review

Full backtrace

Using Epiphany Tech Preview with WebKitGTK 2.43.3, visit https://www.amazon.com/gp/video/storefront/ and scroll up and down the page for about 20 seconds or thereabouts. The page will always crash:

#0  0x00007f2d1e7367af in std::__atomic_base<unsigned char>::compare_exchange_weak(unsigned char&, unsigned char, std::memory_order, std::memory_order)
    (this=0xaaaaaaaaaaaaaada, __i2=1 '\001', __m1=std::memory_order::acquire, __m2=std::memory_order::acquire, __i1=<optimized out>)
    at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.2.0/../../../../include/c++/13.2.0/bits/atomic_base.h:540
#1  std::__atomic_base<unsigned char>::compare_exchange_weak(unsigned char&, unsigned char, std::memory_order)
    (this=0xaaaaaaaaaaaaaada, __i2=1 '\001', __m=std::memory_order::acquire, __i1=<optimized out>)
    at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.2.0/../../../../include/c++/13.2.0/bits/atomic_base.h:559
#2  WTF::Atomic<unsigned char>::compareExchangeWeak(unsigned char, unsigned char, std::memory_order)
    (this=0xaaaaaaaaaaaaaada, expected=0 '\000', desired=1 '\001', order=std::memory_order::acquire)
    at WTF/Headers/wtf/Atomics.h:89
#3  WTF::LockAlgorithm<unsigned char, (unsigned char)1, (unsigned char)2, WTF::EmptyLockHooks<unsigned char> >::lockFastAssumingZero(WTF::Atomic<unsigned char>&) (lock=...) at WTF/Headers/wtf/LockAlgorithm.h:53
#4  WTF::Lock::lock() (this=0xaaaaaaaaaaaaaada) at WTF/Headers/wtf/Lock.h:65
#5  WTF::DataMutexLocker<WebKitWebSrcPrivate::StreamingMembers>::lock() (this=<optimized out>)
    at WTF/Headers/wtf/DataMutex.h:126
#6  WTF::DataMutexLocker<WebKitWebSrcPrivate::StreamingMembers>::DataMutexLocker(WTF::DataMutex<WebKitWebSrcPrivate::StreamingMembers>&) (dataMutex=..., this=<optimized out>) at WTF/Headers/wtf/DataMutex.h:71
#7  CachedResourceStreamingClient::dataReceived(WebCore::PlatformMediaResource&, WebCore::SharedBuffer const&)
    (this=0x7f2d026e3400, data=...)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:1117
#8  0x00007f2d1e3234f8 in WebCore::MediaResource::dataReceived(WebCore::CachedResource&, WebCore::SharedBuffer const&) (this=0x7f2c45492fc0, resource=<optimized out>, buffer=<optimized out>)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/loader/MediaResourceLoader.cpp:241
#9  0x00007f2d1e3234f8 in non-virtual thunk to WebCore::MediaResource::dataReceived(WebCore::CachedResource&, WebCore::SharedBuffer const&) () at /usr/lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4
#10 0x00007f2d1e38246c in WebCore::CachedRawResource::notifyClientsDataWasReceived(WebCore::SharedBuffer const&)
    (this=0x7f2a7a94a620, buffer=...)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/loader/cache/CachedRawResource.cpp:144
#11 0x00007f2d1e34bb68 in WebCore::SubresourceLoader::didReceiveBuffer(WebCore::FragmentedSharedBuffer const&, long long, WebCore::DataPayloadType)
    (this=0x7f2c3dfe97c0, buffer=..., encodedDataLength=16384, dataPayloadType=<optimized out>)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/loader/SubresourceLoader.cpp:573
#12 0x00007f2d1cbd5c07 in WebKit::WebResourceLoader::didReceiveData(IPC::SharedBufferReference&&, unsigned long)
    (this=<optimized out>, data=<optimized out>, encodedDataLength=16384)

I'll attach the full backtrace. This crash is happening on other websites too, but the amazon page is a reliable reproducer.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240101/9ffc2ee9/attachment.htm>

More information about the webkit-unassigned mailing list