[Webkit-unassigned] [Bug 270777] New: REGRESSION (Safari 17.4) GPU process crash when applying out of range zoom value on camera

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Mar 10 19:16:58 PDT 2024


https://bugs.webkit.org/show_bug.cgi?id=270777

            Bug ID: 270777
           Summary: REGRESSION (Safari 17.4) GPU process crash when
                    applying out of range zoom value on camera
           Product: WebKit
           Version: Safari 17
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebRTC
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: shawnlee at infotoo.com
                CC: youennf at gmail.com

Demo : 
https://tt47h6.csb.app/

Clicking on "Start camera with out of range zoom" and notice that the gpu process is crashed.
Testing on iphone 13 pro, 17.4

Stacktrace: 
Thread 0 name:   Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   WebCore                                  0x19d68aec8 WTFCrashWithInfo(int, char const*, char const*, int) + 20
1   WebCore                                  0x19f7ec834 WebCore::RealtimeMediaSource::supportsSizeFrameRateAndZoom(std::__1::optional<WebCore::IntConstraint>, std::__1::optional<WebCore::IntConstraint>, std::__1::optional<WebCore::DoubleConstraint>, std::__1::optional<WebCore::DoubleConstraint>, WTF::String&, double&) + 7363
2   WebCore                                  0x19f7ef114 WebCore::RealtimeMediaSource::selectSettings(WebCore::MediaConstraints const&, WebCore::FlattenedConstraint&, WTF::String&) + 1339
3   WebCore                                  0x19f7f07b8 WebCore::RealtimeMediaSource::applyConstraints(WebCore::MediaConstraints const&) + 159
4   WebCore                                  0x19f7f0894 WebCore::RealtimeMediaSource::applyConstraints(WebCore::MediaConstraints const&, WTF::CompletionHandler<void (std::__1::optional<WebCore::RealtimeMediaSource::ApplyConstraintsError>&&)>&&) + 31
5   WebKit                                   0x1a0aceb64 WTF::Detail::CallableWrapper<WebKit::UserMediaCaptureManagerProxy::SourceProxy::applyConstraints(WebCore::MediaConstraints&&, WTF::CompletionHandler<void (std::__1::optional<WebCore::RealtimeMediaSource::ApplyConstraintsError>&&)>)::'lambda'(), WTF::Ref<WTF::NativePromise<void, void, 0u>, WTF::RawPtrTraits<WTF::NativePromise<void, void, 0u>>>>::call() + 199
6   WebKit                                   0x1a0acca40 WebKit::UserMediaCaptureManagerProxy::SourceProxy::queueAndProcessSerialAction(WTF::Function<WTF::Ref<WTF::NativePromise<void, void, 0u>, WTF::RawPtrTraits<WTF::NativePromise<void, void, 0u>>> ()>&&) + 159
7   WebKit                                   0x1a0ac5d04 WebKit::UserMediaCaptureManagerProxy::SourceProxy::applyConstraints(WebCore::MediaConstraints&&, WTF::CompletionHandler<void (std::__1::optional<WebCore::RealtimeMediaSource::ApplyConstraintsError>&&)>) + 299
8   WebKit                                   0x1a0ac6088 WebKit::UserMediaCaptureManagerProxy::applyConstraints(WTF::ObjectIdentifierGeneric<WebCore::RealtimeMediaSourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits>, WebCore::MediaConstraints&&) + 159
9   WebKit                                   0x1a0d4f210 WebKit::UserMediaCaptureManagerProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 1843
10  WebKit                                   0x1a05e2d38 WebKit::GPUConnectionToWebProcess::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 195
11  WebKit                                   0x1a05c1bc0 WebKit::GPUConnectionToWebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 923
12  WebKit                                   0x1a0fc7a70 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder>>) + 323
13  WebKit                                   0x1a0fca838 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder>>)::$_15, void>::call() + 151
14  JavaScriptCore                           0x1a1214d44 WTF::RunLoop::performWork() + 203
15  JavaScriptCore                           0x1a1215c6c WTF::RunLoop::performWork(void*) + 35
16  CoreFoundation                           0x18b18962c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 27
17  CoreFoundation                           0x18b1888a8 __CFRunLoopDoSource0 + 175
18  CoreFoundation                           0x18b187058 __CFRunLoopDoSources0 + 243

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240311/fe387cf7/attachment-0001.htm>


More information about the webkit-unassigned mailing list