Bug 233174
| Summary: | Safari 15.1 regression: RTCRtpSender.replaceTrack with a disabled track crashes safari | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Arjun Vade <avade> |
| Component: | WebRTC | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED CONFIGURATION CHANGED | ||
| Severity: | Major | CC: | youennf |
| Priority: | P2 | ||
| Version: | Safari 15 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Arjun Vade
Steps to reproduce:
1.Visit https://webrtc.github.io/samples/src/content/peerconnection/pc1/
2. Click on Start and Call buttons. Note that this app/demo exposes `pc1` on console which is a RTCPeerConnection object
3. Invoke the following code from the dev tools console:
black = ({ width = 640, height = 480 } = {}) => {
const canvas = Object.assign(document.createElement('canvas'), { width, height });
canvas.getContext('2d').fillRect(0, 0, width, height);
const stream = canvas.captureStream();
return Object.assign(stream.getVideoTracks()[0], { enabled: false }); // Note: changing enabled to true doesn't crash safari
};
dummyTrack = black();
pc1.getSenders()[0].replaceTrack(dummyTrack)
4. Notice that safari crashes.
Happens only on Safari 15.1, earlier versions were fine, so this is a regression. Happens both on BigSur and Monterey
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
youenn fablet
Thanks for the report Arjun.
This should be fixed in latest iOS 15.2 beta.