269915 2024-02-22 06:31:14 -0800 [GStreamer][LibWebRTC] Conflict between two GStreamerVideoDecoder classes can lead to crash 2024-02-23 05:40:05 -0800 1 1 1 Unclassified WebKit WebKitGTK WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 olivier.blin webkit-unassigned bugs-noreply calvaris philn oldest_to_newest 2016063 0 olivier.blin 2024-02-22 06:31:14 -0800 In the GStreamer ports, there are two different implementations of the WebCore::GStreamerVideoDecoder class: - one in Source/WebCore/platform/mediastream/libwebrtc/gstreamer/GStreamerVideoDecoderFactory.cpp for WebRTC - one in Source/WebCore/platform/graphics/gstreamer/VideoDecoderGStreamer.cpp for WebCodecs This can lead to a crash in WebRTC usage, since the WebCore::GStreamerVideoDecoder destructor from the WebCodecs class can be mistakenly used instead of the one from the WebRTC class. Thread 21 "WebKitWebRTCSig" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f4d55ffb700 (LWP 80264)] WebCore::GStreamerInternalVideoDecoder::close (this=0x10000000000) at /app/webkit/Source/WebCore/platform/graphics/gstreamer/VideoDecoderGStreamer.cpp:66 66 void close() { m_isClosed = true; } (gdb) p m_internalDecoder $1 = {static isRef = <optimized out>, m_ptr = 0x10000000000} (gdb) bt #0 WebCore::GStreamerInternalVideoDecoder::close (this=0x10000000000) at /app/webkit/Source/WebCore/platform/graphics/gstreamer/VideoDecoderGStreamer.cpp:66 #1 0x00007f4dfdb617b1 in WebCore::GStreamerVideoDecoder::close (this=0x7f4d55ff7e10) at /app/webkit/Source/WebCore/platform/graphics/gstreamer/VideoDecoderGStreamer.cpp:154 #2 0x00007f4dfdb61767 in WebCore::GStreamerVideoDecoder::~GStreamerVideoDecoder (this=0x7f4d55ff7e10) at /app/webkit/Source/WebCore/platform/graphics/gstreamer/VideoDecoderGStreamer.cpp:130 #3 0x00007f4dfdd081e5 in WebCore::VP8Decoder::~VP8Decoder (this=0x7f4d55ff7e10) at /app/webkit/Source/WebCore/platform/mediastream/libwebrtc/gstreamer/GStreamerVideoDecoderFactory.cpp:361 #4 0x00007f4dfdd030dd in WebCore::GStreamerVideoDecoderFactory::GetSupportedFormats (this=0x7f4de6537d90) at /app/webkit/Source/WebCore/platform/mediastream/libwebrtc/gstreamer/GStreamerVideoDecoderFactory.cpp:444 #5 0x00007f4dff07ba88 in cricket::(anonymous namespace)::GetPayloadTypesAndDefaultCodecs<webrtc::VideoDecoderFactory> (factory=0x7f4de6537d90, is_decoder_factory=true, include_rtx=true, trials=...) at /app/webkit/Source/ThirdParty/libwebrtc/Source/webrtc/media/engine/webrtc_video_engine.cc:187 #6 0x00007f4dff07ba04 in cricket::WebRtcVideoEngine::recv_codecs (this=0x14c76b0, include_rtx=true) at /app/webkit/Source/ThirdParty/libwebrtc/Source/webrtc/media/engine/webrtc_video_engine.cc:806 #7 0x00007f4dff7ceddd in cricket::MediaSessionDescriptionFactory::MediaSessionDescriptionFactory (this=0x7f4d180728f0, media_engine=0x14cc800, rtx_enabled=true, ssrc_generator=0x7f4d18000bc8, transport_desc_factory=0x7f4d180728d8) at /app/webkit/Source/ThirdParty/libwebrtc/Source/webrtc/pc/media_session.cc:1573 #8 0x00007f4dff99c12a in webrtc::WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(webrtc::ConnectionContext*, webrtc::SdpStateProvider const*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, bool, std::__1::unique_ptr<rtc::RTCCertificateGeneratorInterface, std::__1::default_delete<rtc::RTCCertificateGeneratorInterface> >, rtc::scoped_refptr<rtc::RTCCertificate>, std::__1::function<void (rtc::scoped_refptr<rtc::RTCCertificate> const&)>, webrtc::FieldTrialsView const&) (this=0x7f4d180728a0, context=0x7f4d18000b80, sdp_info=0x7f4d18072560, session_id=..., dtls_enabled=true, cert_generator=..., certificate=..., on_certificate_ready=..., field_trials=...) at /app/webkit/Source/ThirdParty/libwebrtc/Source/webrtc/pc/webrtc_session_description_factory.cc:114 #9 0x00007f4dff905fcf in std::__1::make_unique<webrtc::WebRtcSessionDescriptionFactory, webrtc::ConnectionContext*&, webrtc::SdpOfferAnswerHandler*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, bool, std::__1::unique_ptr<rtc::RTCCertificateGeneratorInterface, std::__1::default_delete<rtc::RTCCertificateGeneratorInterface> >, rtc::scoped_refptr<rtc::RTCCertificate>, webrtc::SdpOfferAnswerHandler::Initialize(webrtc::PeerConnectionInterface::RTCConfiguration const&, webrtc::PeerConnectionDependencies&, webrtc::ConnectionContext*)::$_11, webrtc::FieldTrialsView const&>(webrtc::ConnectionContext*&, webrtc::SdpOfferAnswerHandler*&&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&&, bool&&, std::__1::unique_ptr<rtc::RTCCertificateGeneratorInterface, std::__1::default_delete<rtc::RTCCertificateGeneratorInterface> >&&, rtc::scoped_refptr<rtc::RTCCertificate>&&, webrtc::SdpOfferAnswerHandler::Initialize(webrtc::PeerConnectionInterface::RTCConfiguration const&, webrtc::PeerConnectionDependencies&, webrtc::ConnectionContext*)::$_11&&, webrtc::FieldTrialsView const&) (__args=..., __args=..., __args=..., __args=..., __args=..., __args=..., __args=..., __args=...) at /usr/lib/llvm-12/bin/../include/c++/v1/memory:2068 #10 0x00007f4dff905cf3 in webrtc::SdpOfferAnswerHandler::Initialize (this=0x7f4d18072560, configuration=..., dependencies=..., context=0x7f4d18000b80) at /app/webkit/Source/ThirdParty/libwebrtc/Source/webrtc/pc/sdp_offer_answer.cc:1408 #11 0x00007f4dff9058d3 in webrtc::SdpOfferAnswerHandler::Create (pc=0x7f4d180718e8, configuration=..., dependencies=..., context=0x7f4d18000b80) at /app/webkit/Source/ThirdParty/libwebrtc/Source/webrtc/pc/sdp_offer_answer.cc:1375 #12 0x00007f4dff7f76b2 in webrtc::PeerConnection::Initialize (this=0x7f4d180718e0, configuration=..., dependencies=...) at /app/webkit/Source/ThirdParty/libwebrtc/Source/webrtc/pc/peer_connection.cc:747 #13 0x00007f4dff7f6d2d in webrtc::PeerConnection::Create (context=..., options=..., event_log=..., call=..., configuration=..., dependencies=...) at /app/webkit/Source/ThirdParty/libwebrtc/Source/webrtc/pc/peer_connection.cc:610 #14 0x00007f4dff2662d2 in webrtc::PeerConnectionFactory::CreatePeerConnectionOrError (this=0x7f4d18063280, configuration=..., dependencies=...) at /app/webkit/Source/ThirdParty/libwebrtc/Source/webrtc/pc/peer_connection_factory.cc:245 2016064 1 olivier.blin 2024-02-22 06:33:15 -0800 Pull request: https://github.com/WebKit/WebKit/pull/24947 2016366 2 ews-feeder 2024-02-23 05:40:03 -0800 Committed 275235@main (91dc14fd908d): <https://commits.webkit.org/275235@main> Reviewed commits have been landed. Closing PR #24947 and removing active labels.