Bug 223674

Summary: REGRESSION(r274870) fast/canvas/webgl/texImage2D-mse-flipY-true.html and fast/canvas/webgl/texImage2D-mse-flipY-false.html are crashing
Product: WebKit Reporter: Lauro Moura <lmoura>
Component: WebGLAssignee: Philippe Normand <pnormand>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, calvaris, cgarcia, dino, eric.carlson, ews-watchlist, glenn, gustavo, jer.noble, kbr, kkinnunen, menard, philipj, pnormand, sergio, vjaquez, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=220091
https://bugs.webkit.org/show_bug.cgi?id=179258
Bug Depends on: 220091    
Bug Blocks:    
Attachments:
Description Flags
Debug crash
none
Patch none

Description Lauro Moura 2021-03-23 23:11:46 PDT 
Created attachment 424099 [details]
Debug crash

fast/canvas/webgl/texImage2D-mse-flipY-false.html
fast/canvas/webgl/texImage2D-mse-flipY-true.html

Results dashboard: https://results.webkit.org/?suite=layout-tests&test=fast%2Fcanvas%2Fwebgl%2FtexImage2D-mse-flipY-true.html

Trace from debug test:

Thread 1 (Thread 0x7fb4ba1509c0 (LWP 22835)):
#0  WebCore::PlaybackPipeline::addSourceBuffer(WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> >) (this=0x7fb470461000, sourceBufferPrivate=...) at ../../Source/WebCore/platform/graphics/gstreamer/mse/PlaybackPipeline.cpp:106
#1  0x00007fb4c85dbb90 in WebCore::MediaSourcePrivateGStreamer::addSourceBuffer(WebCore::ContentType const&, bool, WTF::RefPtr<WebCore::SourceBufferPrivate, WTF::RawPtrTraits<WebCore::SourceBufferPrivate>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivate> >&) (this=0x7fb4704bcc60, contentType=..., sourceBufferPrivate=...) at ../../Source/WebCore/platform/graphics/gstreamer/mse/MediaSourcePrivateGStreamer.cpp:85
#2  0x00007fb4c61397dd in WebCore::MediaSource::createSourceBufferPrivate(WebCore::ContentType const&) (this=0x7fb47950d6f0, incomingType=...) at ../../Source/WebCore/Modules/mediasource/MediaSource.cpp:1094
#3  0x00007fb4c6138231 in WebCore::MediaSource::addSourceBuffer(WTF::String const&) (this=0x7fb47950d6f0, type=...) at ../../Source/WebCore/Modules/mediasource/MediaSource.cpp:734
#4  0x00007fb4c5703721 in WebCore::jsMediaSourcePrototypeFunction_addSourceBufferBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::IDLOperation<WebCore::JSMediaSource>::ClassParameter) (lexicalGlobalObject=0x7fb4780d5668, callFrame=0x7ffcdcaf43c0, castedThis=0x7fb4704793c8) at DerivedSources/WebCore/JSMediaSource.cpp:467
#5  0x00007fb4c570a5db in WebCore::IDLOperation<WebCore::JSMediaSource>::call<WebCore::jsMediaSourcePrototypeFunction_addSourceBufferBody>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) (lexicalGlobalObject=..., callFrame=..., operationName=0x7fb4ca76d36f "addSourceBuffer") at ../../Source/WebCore/bindings/js/JSDOMOperation.h:55
#6  0x00007fb4c57037d3 in WebCore::jsMediaSourcePrototypeFunction_addSourceBuffer(JSC::JSGlobalObject*, JSC::CallFrame*) (lexicalGlobalObject=0x7fb4780d5668, callFrame=0x7ffcdcaf43c0) at DerivedSources/WebCore/JSMediaSource.cpp:472
#7  0x00007fb4795331d8 in  ()
#8  0x00007ffcdcaf4450 in  ()
#9  0x00007fb4bec98ab3 in llint_op_call () at /app/webkit/Source/JavaScriptCore/llint/LowLevelInterpreter.asm:1093
#10 0x0000000000000000 in  ()
Comment 1 Philippe Normand 2021-03-24 03:16:26 PDT 
Created attachment 424118 [details]
Patch
Comment 2 Kenneth Russell 2021-03-24 14:14:38 PDT 
The link in the summary is hard to click, it's:
https://trac.webkit.org/changeset/274870/webkit
Comment 3 Kenneth Russell 2021-03-24 14:15:44 PDT 
Comment on attachment 424118 [details]
Patch

Seems fine. r+
Comment 4 EWS 2021-03-24 14:57:31 PDT 
Committed r274976: <https://commits.webkit.org/r274976>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 424118 [details].
Comment 5 Radar WebKit Bug Importer 2021-03-24 14:58:16 PDT 
<rdar://problem/75805874>