Bug 220467

Summary:

REGRESSION (r271273): Crash in WebCore::HTMLMediaElement::setVideoFullscreenGravity

Product:

WebKit

Reporter:

Ryan Haddad <ryanhaddad>

Component:

Media

Assignee:

Peng Liu <peng.liu6>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

darin, eric.carlson, ews-watchlist, glenn, jer.noble, peng.liu6, philipj, sergio, webkit-bot-watchers-bugzilla, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=220435

Attachments:

Description	Flags
crash log	none
Patch	none

Description Ryan Haddad 2021-01-08 09:53:50 PST

Created attachment 417275 [details]
crash log

Seeing the following crash on macOS bots with media/controls/pip-placeholder-without-video-controls.html and media/element-containing-pip-video-going-into-fullscreen.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x00000007c1289004 WebCore::HTMLMediaElement::setVideoFullscreenGravity(WebCore::MediaPlayerEnums::VideoGravity) + 4 (HTMLMediaElement.cpp:6182)
1   com.apple.WebKit              	0x000000010df8c585 callMemberFunctionImpl<WebKit::VideoFullscreenManager, void (WebKit::VideoFullscreenManager::*)(WTF::ObjectIdentifier<WebKit::PlaybackSessionContextIdentifierType>, unsigned int), std::__1::tuple<WTF::ObjectIdentifier<WebKit::PlaybackSessionContextIdentifierType>, unsigned int>, 0, 1> + 15 (HandleMessage.h:42) [inlined]
2   com.apple.WebKit              	0x000000010df8c585 callMemberFunction<WebKit::VideoFullscreenManager, void (WebKit::VideoFullscreenManager::*)(WTF::ObjectIdentifier<WebKit::PlaybackSessionContextIdentifierType>, unsigned int), std::__1::tuple<WTF::ObjectIdentifier<WebKit::PlaybackSessionContextIdentifierType>, unsigned int>, std::__1::integer_sequence<unsigned long, 0, 1> > + 15 (HandleMessage.h:48) [inlined]
3   com.apple.WebKit              	0x000000010df8c585 handleMessage<Messages::VideoFullscreenManager::SetVideoLayerGravityEnum, WebKit::VideoFullscreenManager, void (WebKit::VideoFullscreenManager::*)(WTF::ObjectIdentifier<WebKit::PlaybackSessionContextIdentifierType>, unsigned int)> + 38 (HandleMessage.h:120) [inlined]
4   com.apple.WebKit              	0x000000010df8c585 WebKit::VideoFullscreenManager::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 755 (VideoFullscreenManagerMessageReceiver.cpp:130)
5   com.apple.WebKit              	0x000000010d9e1889 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 125 (MessageReceiverMap.cpp:123)
6   com.apple.WebKit              	0x000000010de8bbba WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 28 (WebProcess.cpp:788)
7   com.apple.WebKit              	0x000000010d9c52e9 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 151 (Connection.cpp:1138)
8   com.apple.WebKit              	0x000000010d9c5538 IPC::Connection::dispatchOneIncomingMessage() + 190 (Connection.cpp:1207)
9   com.apple.JavaScriptCore      	0x00000007c5c81421 operator() + 9 (Function.h:83) [inlined]
10  com.apple.JavaScriptCore      	0x00000007c5c81421 WTF::RunLoop::performWork() + 545 (RunLoop.cpp:128)
11  com.apple.JavaScriptCore      	0x00000007c5c81c22 WTF::RunLoop::performWork(void*) + 34 (RunLoopCF.cpp:46)
12  com.apple.CoreFoundation      	0x00007fff20450a0c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
13  com.apple.CoreFoundation      	0x00007fff20450974 __CFRunLoopDoSource0 + 180
14  com.apple.CoreFoundation      	0x00007fff204506ef __CFRunLoopDoSources0 + 248
15  com.apple.CoreFoundation      	0x00007fff2044f121 __CFRunLoopRun + 890
16  com.apple.CoreFoundation      	0x00007fff2044e6ce CFRunLoopRunSpecific + 563
17  com.apple.Foundation          	0x00007fff211dbfa1 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
18  com.apple.Foundation          	0x00007fff2126a384 -[NSRunLoop(NSRunLoop) run] + 76
19  libxpc.dylib                  	0x00007fff200a53dd _xpc_objc_main + 825
20  libxpc.dylib                  	0x00007fff200a4e65 xpc_main + 437
21  com.apple.WebKit              	0x000000010db7c2c4 WebKit::XPCServiceMain(int, char const**) + 310 (XPCServiceMain.mm:208)
22  libdyld.dylib                 	0x00007fff20373621 start + 1


https://results.webkit.org/?suite=layout-tests&suite=layout-tests&test=media%2Fcontrols%2Fpip-placeholder-without-video-controls.html&test=media%2Felement-containing-pip-video-going-into-fullscreen.html

Comment 1 Ryan Haddad 2021-01-08 09:54:49 PST

I think this started with https://trac.webkit.org/changeset/271273/webkit

Comment 2 Radar WebKit Bug Importer 2021-01-08 09:54:57 PST

<rdar://problem/72933994>

Comment 3 Peng Liu 2021-01-08 12:12:53 PST

Created attachment 417290 [details]
Patch

Comment 4 EWS 2021-01-08 14:18:30 PST

Committed r271321: <https://trac.webkit.org/changeset/271321>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 417290 [details].