109211 2013-02-07 10:55:21 -0800 [V8] Binding Integrity crash in V8MediaStream::createWrapper 2013-02-07 14:03:36 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 tsepez webkit-unassigned abarth cevans eric.carlson feature-media-reviews hta jschuh ojan.autocc tommyw webkit.review.bot oldest_to_newest 827696 0 tsepez 2013-02-07 10:55:21 -0800 LocalMediaStream wrapped as a MediaStream despite having IDL that knows better. 0x01fca175 [Google Chrome Framework] + 0x01fa9175] WebCore::V8MediaStream::createWrapper(WTF::PassRefPtr<WebCore::MediaStream>, v8::Handle<v8::Object>, v8::Isolate*) 0x01eab664 [Google Chrome Framework] + 0x01e8a664] WebCore::MediaStreamAudioDestinationNodeV8Internal::streamAttrGetter(v8::Local<v8::String>, v8::AccessorInfo const&) 0x0142e86f [Google Chrome Framework] + 0x0140d86f] v8::internal::JSObject::GetPropertyWithCallback(v8::internal::Object*, v8::internal::Object*, v8::internal::String*) 0x0142e62c [Google Chrome Framework] + 0x0140d62c] v8::internal::Object::GetProperty(v8::internal::Object*, v8::internal::LookupResult*, v8::internal::String*, PropertyAttributes*) 0x013dcc8c [Google Chrome Framework] + 0x013bbc8c] v8::internal::LoadIC::Load(v8::internal::InlineCacheState, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::String>) 0x013e06e5 [Google Chrome Framework] + 0x013bf6e5] v8::internal::LoadIC_Miss(v8::internal::Arguments, v8::internal::Isolate*) Suppress check for now, but there's an underlying bug that the stop() method in LocalMediaStream.idl won't be available on a local media stream wrapped in this manner. Need a custom wrapper to check if islocal and wrap accordingly. 827744 1 abarth 2013-02-07 11:18:01 -0800 @tommyw: We need to make the toV8 function for MediaStream smarter so that it can create a LocalMediaStream wrapper when appropriate. 827775 2 187144 tsepez 2013-02-07 12:03:24 -0800 Created attachment 187144 A Patch. 827794 3 187144 abarth 2013-02-07 12:29:54 -0800 Comment on attachment 187144 A Patch. Do we have a LayoutTest for this case? Also, we should open a bug for fixing the custom wrapping dispatch. 827807 4 tsepez 2013-02-07 12:44:03 -0800 (In reply to comment #3) > (From update of attachment 187144 [details]) > Do we have a LayoutTest for this case? Also, we should open a bug for fixing the custom wrapping dispatch. No, I don't have a layouttest; the page in the wild which reproduced this was complex. Followup bug is https://bugs.webkit.org/show_bug.cgi?id=109219 827882 5 187144 webkit.review.bot 2013-02-07 14:03:30 -0800 Comment on attachment 187144 A Patch. Clearing flags on attachment: 187144 Committed r142177: <http://trac.webkit.org/changeset/142177> 827883 6 webkit.review.bot 2013-02-07 14:03:36 -0800 All reviewed patches have been landed. Closing bug. 187144 2013-02-07 12:03:24 -0800 2013-02-07 14:03:30 -0800 A Patch. patch_109211.txt text/plain 1150 tsepez SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE0MjE1OSkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE0IEBACisyMDEzLTAyLTA3ICBUb20gU2Vw ZXogIDx0c2VwZXpAY2hyb21pdW0ub3JnPgorCisgICAgICAgIFtWOF0gQmluZGluZyBJbnRlZ3Jp dHkgY3Jhc2ggaW4gVjhNZWRpYVN0cmVhbTo6Y3JlYXRlV3JhcHBlcgorICAgICAgICBodHRwczov L2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTA5MjExCisKKyAgICAgICAgUmV2aWV3 ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgUGF0Y2ggc3VwcHJlc3NlcyBhIGNocm9t ZSBjcmFzaGVyLgorCisgICAgICAgICogTW9kdWxlcy9tZWRpYXN0cmVhbS9NZWRpYVN0cmVhbS5p ZGw6CisKIDIwMTMtMDItMDcgIERhbiBDYXJuZXkgIDxkY2FybmV5QGdvb2dsZS5jb20+CiAKICAg ICAgICAgW3Y4XSBtb3ZlIHBlcnNpc3RlbnQ6Om5ldyBhbmQgOjpkaXNwb3NlIGludG8gc2FtZSBj bGFzcwpJbmRleDogU291cmNlL1dlYkNvcmUvTW9kdWxlcy9tZWRpYXN0cmVhbS9NZWRpYVN0cmVh bS5pZGwKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYkNvcmUvTW9kdWxlcy9tZWRpYXN0cmVhbS9N ZWRpYVN0cmVhbS5pZGwJKHJldmlzaW9uIDE0MjE1NSkKKysrIFNvdXJjZS9XZWJDb3JlL01vZHVs ZXMvbWVkaWFzdHJlYW0vTWVkaWFTdHJlYW0uaWRsCSh3b3JraW5nIGNvcHkpCkBAIC0zMCw2ICsz MCw3IEBACiAgICAgQ29uc3RydWN0b3IoaW4gTWVkaWFTdHJlYW1UcmFja1tdIHRyYWNrcyksCiAg ICAgQ29uc3RydWN0b3JQYXJhbWV0ZXJzPTAsCiAgICAgQ2FsbFdpdGg9U2NyaXB0RXhlY3V0aW9u Q29udGV4dCwKKyAgICBWOFNraXBWVGFibGVWYWxpZGF0aW9uCiBdIGludGVyZmFjZSBNZWRpYVN0 cmVhbSB7CiAgICAgLy8gREVQUkVDQVRFRAogICAgIHJlYWRvbmx5IGF0dHJpYnV0ZSBET01TdHJp bmcgbGFiZWw7Cg==