195700 2019-03-13 14:27:25 -0700 Certain videos are causing a crash when used as WebGL texture 2019-03-14 12:32:48 -0700 1 1 1 Unclassified WebKit WebGL Other All Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 mail jer.noble commit-queue dino eric.carlson jer.noble webkit-bug-importer oldest_to_newest 1516159 0 mail 2019-03-13 14:27:25 -0700 When using some certain HTML5 videos as WebGL texture the browser-tab instantly crashes. Tested on latest iOS and Mac Safari versions. Here a very simple and reduced test-case / example: https://krpano.com/ios/bugs/webgl-video-texture-crash/ Note - only SOME videos are crashing (provided by users), others are working fine... but I don't know what is special or different in that crashing videos... 1516250 1 webkit-bug-importer 2019-03-13 16:41:03 -0700 <rdar://problem/48869347> 1516418 2 mail 2019-03-13 23:53:51 -0700 Btw - would it be possible to know the reason why only SOME videos are crashing? Is it related to some video-encoding setting? That could help to allow the customers to change their video-encoding to produce non-crashing videos in the meantime. 1516497 3 jer.noble 2019-03-14 07:48:40 -0700 I suspect this crash has been fixed in ToT but it would be hard to say without an actual crash log. 1516520 4 mail 2019-03-14 10:09:12 -0700 Sorry, but what is 'ToT'? If you mean Safari Technology Preview - that is crashing too - here its crashlog: Process: com.apple.WebKit.WebContent [22358] Version: 14608 (14608.1.7.3) Build Info: WebKit2-7608001007003000~4 Code Type: X86-64 (Native) Responsible: Safari Technology Preview [22270] Date/Time: 2019-03-14 17:58:45.692 +0100 OS Version: Mac OS X 10.14.3 (18D109) Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_INSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Illegal instruction: 4 Termination Reason: Namespace SIGNAL, Code 0x4 Terminating Process: exc handler [22358] Application Specific Information: *** CFEqual() called with NULL first argument *** Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.CoreFoundation 0x00007fff300af33f CFEqual + 671 1 com.apple.WebCore 0x000000010c59bb53 WebCore::VideoTextureCopierCV::copyImageToPlatformTexture(__CVBuffer*, unsigned long, unsigned long, unsigned int, unsigned int, int, unsigned int, unsigned int, unsigned int, bool, bool) + 2563 2 com.apple.WebCore 0x000000010b48ed1c WebCore::MediaPlayerPrivateAVFoundationObjC::copyVideoTextureToPlatformTexture(WebCore::GraphicsContext3D*, unsigned int, unsigned int, int, unsigned int, unsigned int, unsigned int, bool, bool) + 252 3 com.apple.WebCore 0x000000010c230c69 WebCore::HTMLVideoElement::copyVideoTextureToPlatformTexture(WebCore::GraphicsContext3D*, unsigned int, unsigned int, int, unsigned int, unsigned int, unsigned int, bool, bool) + 169 ... 1516521 5 mail 2019-03-14 10:12:48 -0700 According to this file (not sure if that's the current version): https://github.com/WebKit/webkit/blob/master/Source/WebCore/platform/graphics/cv/VideoTextureCopierCV.cpp the bug looks like an unhandled/unsupported color transferFunction case... CVBufferGetAttachment for kCVImageBufferYCbCrMatrixKey seems to return null and the following function doesn't check for that case... 1516522 6 jer.noble 2019-03-14 10:14:06 -0700 ToT == "tip-of-tree". Thanks for the crash log; this looks like a different issue, but one that we're already tracking. It seems to be the case where the media being displayed isn't tagged with a particular YUV color matrix. 1516525 7 jer.noble 2019-03-14 10:19:07 -0700 <rdar://48605849> 1516526 8 364664 jer.noble 2019-03-14 10:23:25 -0700 Created attachment 364664 Patch 1516541 9 364664 commit-queue 2019-03-14 11:22:10 -0700 Comment on attachment 364664 Patch Clearing flags on attachment: 364664 Committed r242946: <https://trac.webkit.org/changeset/242946> 1516542 10 commit-queue 2019-03-14 11:22:11 -0700 All reviewed patches have been landed. Closing bug. 1516589 11 mail 2019-03-14 12:32:48 -0700 Thanks! If all bugs would be that easy to find and fix ;-). Btw - a note in the CFEqual documentation that it can't handle NULL might be also a good idea: https://developer.apple.com/documentation/corefoundation/1521287-cfequal?language=objc 364664 2019-03-14 10:23:25 -0700 2019-03-14 11:22:10 -0700 Patch bug-195700-20190314102324.patch text/plain 1650 jer.noble U3VidmVyc2lvbiBSZXZpc2lvbjogMjQyOTE1CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNmIyMjA1ZGUyYzY3NzE1 ZjlkOTY5MTkzODFjOTgwMTViOWUxYWM2ZS4uMzEyNjY1ZDVhY2YwZGI0ZjNhNThmMzQ2Mjc1MzEx ZTZkYmQxN2FiYiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE2IEBACisyMDE5LTAzLTE0ICBKZXIg Tm9ibGUgIDxqZXIubm9ibGVAYXBwbGUuY29tPgorCisgICAgICAgIENlcnRhaW4gdmlkZW9zIGFy ZSBjYXVzaW5nIGEgY3Jhc2ggd2hlbiB1c2VkIGFzIFdlYkdMIHRleHR1cmUKKyAgICAgICAgaHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5NTcwMAorICAgICAgICA8cmRh cjovL3Byb2JsZW0vNDg4NjkzNDc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BT ISkuCisKKyAgICAgICAgQ0ZFcXVhbCBpcyBub3QgbnVsbC1zYWZlLCBzbyBwZXJmb3JtIGEgbnVs bCBhbmQgdHlwZSBjaGVjayBiZWZvcmUgY29tcGFyaW5nLgorCisgICAgICAgICogcGxhdGZvcm0v Z3JhcGhpY3MvY3YvVmlkZW9UZXh0dXJlQ29waWVyQ1YuY3BwOgorICAgICAgICAoV2ViQ29yZTo6 dHJhbnNmZXJGdW5jdGlvbkZyb21TdHJpbmcpOgorCiAyMDE5LTAzLTEyICBKZXIgTm9ibGUgIDxq ZXIubm9ibGVAYXBwbGUuY29tPgogCiAgICAgICAgIFJFR1JFU1NJT04ocjIzNjI4MSk6IFlvdVR1 YmUgTW92aWVzIGZhaWwgd2l0aCAidmlkZW8gZm9ybWF0IiBlcnJvcgpkaWZmIC0tZ2l0IGEvU291 cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ3JhcGhpY3MvY3YvVmlkZW9UZXh0dXJlQ29waWVyQ1YuY3Bw IGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ3JhcGhpY3MvY3YvVmlkZW9UZXh0dXJlQ29waWVy Q1YuY3BwCmluZGV4IDMxY2Y2YjFkYTZhZGYzMDJkZGFmZTNmNjE2YWRmY2FiYzU2NGMwMWYuLmFi NTljMDhiOTgzNTI1ZmQ1NDVlMGQ5NzJmZjBkZDY2MjQ3NjUzNzUgMTAwNjQ0Ci0tLSBhL1NvdXJj ZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL2N2L1ZpZGVvVGV4dHVyZUNvcGllckNWLmNwcAor KysgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ncmFwaGljcy9jdi9WaWRlb1RleHR1cmVDb3Bp ZXJDVi5jcHAKQEAgLTk5LDYgKzk5LDggQEAgc3RhdGljIFBpeGVsUmFuZ2UgcGl4ZWxSYW5nZUZy b21QaXhlbEZvcm1hdChPU1R5cGUgcGl4ZWxGb3JtYXQpCiAKIHN0YXRpYyBUcmFuc2ZlckZ1bmN0 aW9uIHRyYW5zZmVyRnVuY3Rpb25Gcm9tU3RyaW5nKENGU3RyaW5nUmVmIHN0cmluZykKIHsKKyAg ICBpZiAoIXN0cmluZyB8fCBDRkdldFR5cGVJRChzdHJpbmcpICE9IENGU3RyaW5nR2V0VHlwZUlE KCkpCisgICAgICAgIHJldHVybiBUcmFuc2ZlckZ1bmN0aW9uOjpVbmtub3duOwogICAgIGlmIChD RkVxdWFsKHN0cmluZywga0NWSW1hZ2VCdWZmZXJZQ2JDck1hdHJpeF9JVFVfUl83MDlfMikpCiAg ICAgICAgIHJldHVybiBUcmFuc2ZlckZ1bmN0aW9uOjprSVRVX1JfNzA5XzI7CiAgICAgaWYgKENG RXF1YWwoc3RyaW5nLCBrQ1ZJbWFnZUJ1ZmZlcllDYkNyTWF0cml4X0lUVV9SXzYwMV80KSkK