Bug 303365
| Summary: | REGRESSION(303317@main): [GStreamer] Crash in VideoFrame::copyTo() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Claudio Saavedra <csaavedra> |
| Component: | WPE WebKit | Assignee: | Philippe Normand <philn> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | bugs-noreply, philn |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Claudio Saavedra
Thread 1 (Thread 0x7fc46ffff6c0 (LWP 623839)):
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3 0x00007fc75f43327e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007fc75f4168ff in __GI_abort () at ./stdlib/abort.c:79
#5 0x00007fc75bf8590d in std::__glibcxx_assert_fail(char const*, int, char const*, char const*) () at /lib/x86_64-linux-gnu/libstdc++.so.6
#6 0x00007fc766334d0f in WebCore::copyPlane(std::span<unsigned char, 18446744073709551615ul>&, std::span<unsigned char, 18446744073709551615ul> const&, unsigned long, WebCore::ComputedPlaneLayout const&) () at /home/buildbot-worker/WPE-Linux-64-bit-Release-Build/build/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#7 0x00007fc766346503 in WebCore::VideoFrame::copyTo(std::span<unsigned char, 18446744073709551615ul>, WebCore::VideoPixelFormat, WTF::Vector<WebCore::ComputedPlaneLayout, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::CompletionHandler<void (std::optional<WTF::Vector<WebCore::PlaneLayout, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >&&)>&&) () at /home/buildbot-worker/WPE-Linux-64-bit-Release-Build/build/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#8 0x00007fc764f97f2d in WebCore::WebCodecsVideoFrame::copyTo(WebCore::BufferSource&&, WebCore::WebCodecsVideoFrame::CopyToOptions&&, WebCore::DOMPromiseDeferred<WebCore::IDLSequence<WebCore::IDLDictionary<WebCore::PlaneLayout> > >&&) () at /home/buildbot-worker/WPE-Linux-64-bit-Release-Build/build/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#9 0x00007fc764937cf2 in WebCore::jsWebCodecsVideoFramePrototypeFunction_copyTo(JSC::JSGlobalObject*, JSC::CallFrame*) () at /home/buildbot-worker/WPE-Linux-64-bit-Release-Build/build/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#10 0x00007fc70b20d778 in ??? ()
#11 0x00007fc46fffdfc0 in ??? ()
#12 0x00007fc70b314abb in ??? ()
#13 0x0000000000000000 in ??? ()
This started happening after https://commits.webkit.org/303317@main
Tests reproducing this:
imported/w3c/web-platform-tests/webcodecs/video-encoder-rescaling.https.any.html?h264_annexb
imported/w3c/web-platform-tests/webcodecs/video-encoder-rescaling.https.any.html?h264_avc
imported/w3c/web-platform-tests/webcodecs/video-encoder-rescaling.https.any.worker.html?h264_annexb
imported/w3c/web-platform-tests/webcodecs/video-encoder-rescaling.https.any.worker.html?h264_avc
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Claudio Saavedra
Gardened in https://commits.webkit.org/303742@main
Philippe Normand
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007f51666dc493 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:89
#2 0x00007f516668218e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007f51666696d0 in __GI_abort () at abort.c:77
#4 0x00007f5166987084 in std::__glibcxx_assert_fail (file=<optimized out>, line=<optimized out>, function=<optimized out>, condition=<optimized out>) at ../../../../../libstdc++-v3/src/c++11/assert_fail.cc:41
#5 0x00007f51785bd184 in std::span<unsigned char, 18446744073709551615ul>::subspan (this=0x7ffd66846ab8, __offset=8192, __count=64)
at /usr/bin/../lib/gcc/x86_64-redhat-linux/15/../../../../include/c++/15/span:456
#6 0x00007f5180ebffb0 in WebCore::copyPlane (destination=std::span of length 9216 = {...}, source=std::span of length 8192 = {...}, sourceStride=128, spanPlaneLayout=...)
at ./Source/WebCore/platform/graphics/gstreamer/VideoFrameGStreamer.cpp:521
#7 0x00007f5180ebf927 in WebCore::VideoFrame::copyTo (this=0x7f51580a3700, destination=std::span of length 9216 = {...}, pixelFormat=WebCore::VideoPixelFormat::I420, computedPlaneLayout=..., callback=...)
at ./Source/WebCore/platform/graphics/gstreamer/VideoFrameGStreamer.cpp:576
#8 0x00007f517e110129 in WebCore::WebCodecsVideoFrame::copyTo (this=0x7f51582639c0, source=..., options=..., promise=...) at ./Source/WebCore/Modules/webcodecs/WebCodecsVideoFrame.cpp:514
#9 0x00007f517cf9c8bf in WebCore::jsWebCodecsVideoFramePrototypeFunction_copyToBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebCodecsVideoFrame*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise>, WTF::DefaultRefDerefTraits<WebCore::DeferredPromise> >&&)::{lambda()#1}::operator()() const (this=0x7ffd66847258)
at ./WebKitBuild/GTK/Debug/WebCore/DerivedSources/JSWebCodecsVideoFrame.cpp:836
#10 0x00007f517cf9c831 in WebCore::toJS<WebCore::IDLPromise<WebCore::IDLSequence<WebCore::IDLDictionary<WebCore::PlaneLayout> > >, WebCore::jsWebCodecsVideoFramePrototypeFunction_copyToBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebCodecsVideoFrame*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise>, WTF::DefaultRefDerefTraits<WebCore::DeferredPromise> >&&)::{lambda()#1}>(JSC::JSGlobalObject&, WebCore::JSDOMGlobalObject&, JSC::ThrowScope&, WebCore::jsWebCodecsVideoFramePrototypeFunction_copyToBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebCodecsVideoFrame*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise>, WTF::DefaultRefDerefTraits<WebCore::DeferredPromise> >&&)::{lambda()#1}&&)
(lexicalGlobalObject=..., globalObject=..., throwScope=..., valueOrFunctor=...) at ./WebKitBuild/GTK/Debug/WebCore/PrivateHeaders/WebCore/JSDOMConvertBase.h:220
#11 0x00007f517cf9c4c5 in WebCore::jsWebCodecsVideoFramePrototypeFunction_copyToBody (lexicalGlobalObject=0x7f5156166088, callFrame=0x7ffd66847590, castedThis=0x7f51566d8460, promise=...)
at ./WebKitBuild/GTK/Debug/WebCore/DerivedSources/JSWebCodecsVideoFrame.cpp:836
#12 0x00007f517cf9cb41 in WebCore::IDLOperationReturningPromise<WebCore::JSWebCodecsVideoFrame>::call<&WebCore::jsWebCodecsVideoFramePrototypeFunction_copyToBody, (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::{lambda(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise>, WTF::DefaultRefDerefTraits<WebCore::DeferredPromise> >&&)#1}::operator()(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise>, WTF::DefaultRefDerefTraits<WebCore::DeferredPromise> >&&) const
(this=0x7ffd66847510, lexicalGlobalObject=..., callFrame=..., promise=...) at ./Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h:54
#13 0x00007f517cf9c6b0 in WebCore::callPromiseFunction<WebCore::IDLOperationReturningPromise<WebCore::JSWebCodecsVideoFrame>::call<&WebCore::jsWebCodecsVideoFramePrototypeFunction_copyToBody, (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::{lambda(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise>, WTF::DefaultRefDerefTraits<WebCore::DeferredPromise> >&&)#1}>(JSC::JSGlobalObject&, JSC::CallFrame&, WebCore::IDLOperationReturningPromise<WebCore::JSWebCodecsVideoFrame>::call<&WebCore::jsWebCodecsVideoFramePrototypeFunction_copyToBody, (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::{lambda(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise>, WTF::DefaultRefDerefTraits<WebCore::DeferredPromise> >&&)#1}) (lexicalGlobalObject=..., callFrame=..., functor=...)
at ./WebKitBuild/GTK/Debug/WebCore/PrivateHeaders/WebCore/JSDOMPromiseDeferred.h:392
#14 0x00007f517cf9c22d in WebCore::IDLOperationReturningPromise<WebCore::JSWebCodecsVideoFrame>::call<&WebCore::jsWebCodecsVideoFramePrototypeFunction_copyToBody, (WebCore::CastedThisErrorBehavior)2>
(lexicalGlobalObject=..., callFrame=..., operationName=0x7f51761cfc7d <.L__FUNCTION__._ZN7WebCore20PlatformRawAudioData6copyToESt4spanIhLm18446744073709551615EENS_17AudioSampleFormatEmSt8optionalImES5_m> "copyTo") at ./Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h:41
#15 0x00007f517cf9aa74 in WebCore::jsWebCodecsVideoFramePrototypeFunction_copyTo (lexicalGlobalObject=0x7f5156166088, callFrame=0x7ffd66847590)
at ./WebKitBuild/GTK/Debug/WebCore/DerivedSources/JSWebCodecsVideoFrame.cpp:841
#16 0x00007f5115e0c038 in ??? ()
#17 0x00007ffd66847650 in ??? ()
#18 0x00007f5115e92f28 in ??? ()
#19 0x0000000000000000 in ??? ()
(gdb) f 6
#6 0x00007f5180ebffb0 in WebCore::copyPlane (destination=std::span of length 9216 = {...}, source=std::span of length 8192 = {...}, sourceStride=128, spanPlaneLayout=...)
at ./Source/WebCore/platform/graphics/gstreamer/VideoFrameGStreamer.cpp:521
521 memcpySpan(destination.subspan(destinationOffset, rowBytes), source.subspan(sourceOffset, rowBytes));
(gdb) p sourceOffset
$1 = 8192
(gdb) p rowBytes
$2 = 64
Philippe Normand
Pull request: https://github.com/WebKit/WebKit/pull/54703
EWS
Committed 303818@main (27ef0d75f0e4): <https://commits.webkit.org/303818@main>
Reviewed commits have been landed. Closing PR #54703 and removing active labels.