[Webkit-unassigned] [Bug 260455] [GStreamer][MSE] Crash in webKitMediaSrcStreamFlush
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 20 06:46:59 PDT 2024
https://bugs.webkit.org/show_bug.cgi?id=260455
--- Comment #32 from Carlos Bentzen <cadubentzen at gmail.com> ---
Created attachment 470445
--> https://bugs.webkit.org/attachment.cgi?id=470445&action=review
region in the page where the crash happens
I can reproduce the crash when scrolling down on https://apple.com/apple-watch-ultra-2 until it hits this area where the watch side view is a video element that is played and seeked as you scroll through it (you may need to scroll past it and return).
Bisected it down to https://commits.webkit.org/265206@main.
Before the user agent quirk, the video element played this MP4 file, without MSE: https://www.apple.com/105/media/us/apple-watch-ultra-2/2023/4d9e62e1-fe94-4bb9-abbe-0b8c9626a304/anim/schematic_rotation-2/large.mp4
After the user agent quirk, it now plays this WebM file instead, that has alpha channel signaled in the WebM container, and it's played via MSE: https://www.apple.com/105/media/us/apple-watch-ultra-2/2023/4d9e62e1-fe94-4bb9-abbe-0b8c9626a304/anim/schematic_rotation-2/large.webm
(In reply to Michael Catanzaro from comment #25)
> Created attachment 469550 [details]
> Debug log
>
> BTW, since streamByName may return nullptr, I suggest webKitMediaSrcFlush
> should either handle that case or assert that it returns non-null.
Indeed. Though checking for a null Stream pointer and bailing early doesn't seem sufficient, as it does fixes the crash in webKitMediaSrcFlush, but then then video element is broken, not displaying anything.
I'm investing this further.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240320/08102afa/attachment.htm>
More information about the webkit-unassigned
mailing list