Bug 303383

Crash in RTCEncodedStreamProducer::writeFrame, m_transformBackend nullptr https://build.webkit.org/results/Apple-Tahoe-Debug-WK2-Tests/303542@main%20(290)/impo[…]oded-transform/script-metadata-transform.https-crash-log.txt https://build.webkit.org/results/Apple-Tahoe-Debug-WK2-Tests/303542@main%20(290)/results.html I'm pretty sure it can be fixed by diff --git a/Source/WebCore/Modules/mediastream/RTCEncodedStreamProducer.cpp b/Source/WebCore/Modules/mediastream/RTCEncodedStreamProducer.cpp index fc452c545d17..183e89eada5d 100644 --- a/Source/WebCore/Modules/mediastream/RTCEncodedStreamProducer.cpp +++ b/Source/WebCore/Modules/mediastream/RTCEncodedStreamProducer.cpp @@ -142,6 +142,9 @@ ExceptionOr<void> RTCEncodedStreamProducer::writeFrame(ScriptExecutionContext& c auto* globalObject = context.globalObject(); if (!globalObject) return { }; + RefPtr backend = m_transformBackend; + if (!backend) + return { }; // should we return exception if clear()'ed Ref vm = globalObject->vm(); auto scope = DECLARE_THROW_SCOPE(vm); @@ -156,10 +159,9 @@ ExceptionOr<void> RTCEncodedStreamProducer::writeFrame(ScriptExecutionContext& c }, [&](RefPtr<RTCEncodedVideoFrame>& value) { return value->rtcFrame(vm); }); - // If no data, skip the frame since there is nothing to packetize or decode. if (rtcFrame->data().data()) - Ref { *m_transformBackend }->processTransformedFrame(rtcFrame.get()); + backend->processTransformedFrame(rtcFrame.get()); return { };