Bug 304102

IIUC there is a CheckedPtr for CDMProxyDecryptionClient that gets dereferenced in a thread different than where the object was created. CanMakeCheckedPtrBase is not thread-safe, you either need to move uses of the checked pointer to the thread where it was created or use CanMakeThreadSafeCheckedPtr instead. #0 WTFCrash () at ../../../Source/WTF/wtf/Assertions.cpp:380 #1 0x00007f81844a5680 in WTFCrashWithInfo () at WTF/Headers/wtf/Assertions.h:985 #2 0x00007f818505c4d6 in WTF::SingleThreadIntegralWrapper<unsigned int>::assertThread (this=0x7f815d3bc1d8) at WTF/Headers/wtf/SingleThreadIntegralWrapper.h:54 #3 0x00007f8185696df2 in WTF::SingleThreadIntegralWrapper<unsigned int>::operator++ (this=0x7f815d3bc1d8) at WTF/Headers/wtf/SingleThreadIntegralWrapper.h:98 #4 0x00007f818568cc14 in WTF::CanMakeCheckedPtrBase<WTF::SingleThreadIntegralWrapper<unsigned int>, unsigned int, bool, (WTF::CheckedPtrDeleteCheckException)0>::incrementCheckedPtrCount (this=0x7f815d3bc1d8) at WTF/Headers/wtf/CheckedRef.h:296 #5 0x00007f818d5e862f in WTF::CheckedPtr<WebCore::CDMProxyDecryptionClient, WTF::RawPtrTraits<WebCore::CDMProxyDecryptionClient> >::refIfNotNull (this=0x7f8068ff7d40) at WTF/Headers/wtf/CheckedPtr.h:181 #6 0x00007f818d5e19b5 in WTF::CheckedPtr<WebCore::CDMProxyDecryptionClient, WTF::RawPtrTraits<WebCore::CDMProxyDecryptionClient> >::CheckedPtr (this=0x7f8068ff7d40, ptr=0x7f815d3bc1c0) at WTF/Headers/wtf/CheckedPtr.h:57 #7 0x00007f818d5dd76b in operator() (__closure=0x7f8068ff7e80) at ../../../Source/WebCore/platform/encryptedmedia/CDMProxy.cpp:224 #8 0x00007f818d5eb6fe in WTF::Condition::waitUntilUnchecked<WTF::Lock, WebCore::CDMProxy::tryWaitForKeyHandle(const WebCore::KeyIDType&, WTF::WeakPtr<WebCore::CDMProxyDecryptionClient>&&) const::<lambda()> >(WTF::Lock &, const WTF::TimeWithDynamicClockType &, const struct {...} &) (this=0x7f815d3159a1, lock=..., timeout=..., predicate=...) at WTF/Headers/wtf/Condition.h:212 #9 0x00007f818d5e86d0 in WTF::Condition::waitUntil<WebCore::CDMProxy::tryWaitForKeyHandle(const WebCore::KeyIDType&, WTF::WeakPtr<WebCore::CDMProxyDecryptionClient>&&) const::<lambda()> >(WTF::Lock &, const WTF::TimeWithDynamicClockType &, const struct {...} &) (this=0x7f815d3159a1, lock=..., timeout=..., predicate=...) at WTF/Headers/wtf/Condition.h:91 #10 0x00007f818d5e1aee in WTF::Condition::waitFor<WebCore::CDMProxy::tryWaitForKeyHandle(const WebCore::KeyIDType&, WTF::WeakPtr<WebCore::CDMProxyDecryptionClient>&&) const::<lambda()> >(WTF::Lock &, WTF::Seconds, const struct {...} &) (this=0x7f815d3159a1, lock=..., relativeTimeout=..., predicate=...) at WTF/Headers/wtf/Condition.h:105 #11 0x00007f818d5ddaad in WebCore::CDMProxy::tryWaitForKeyHandle (this=0x7f815d315980, keyID=..., client=...) at ../../../Source/WebCore/platform/encryptedmedia/CDMProxy.cpp:222 #12 0x00007f818d5dde01 in WebCore::CDMProxy::getOrWaitForKeyHandle (this=0x7f815d315980, keyID=..., client=...) at ../../../Source/WebCore/platform/encryptedmedia/CDMProxy.cpp:257 #13 0x00007f818dab4679 in WebCore::CDMProxyThunder::getDecryptionSession (this=0x7f815d315980, in=...) at ../../../Source/WebCore/platform/graphics/gstreamer/eme/CDMProxyThunder.cpp:57 #14 0x00007f818dab4a47 in WebCore::CDMProxyThunder::decrypt (this=0x7f815d315980, input=..., inputCaps=...) at ../../../Source/WebCore/platform/graphics/gstreamer/eme/CDMProxyThunder.cpp:85 #15 0x00007f818dabf6d9 in decrypt (decryptor=0x7f804c01ff10, ivBuffer=0x7f804c000b70, keyIDBuffer=0x7f804c002430, buffer=0x7f804c06c2c0, subsampleCount=2, subsamplesBuffer=0x7f804c0039b0) at ../../../Source/WebCore/platform/graphics/gstreamer/eme/WebKitThunderDecryptorGStreamer.cpp:174 #16 0x00007f818dabd966 in transformInPlace (base=0x7f804c01ff10, buffer=0x7f804c06c2c0) at ../../../Source/WebCore/platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:361 #17 0x00007f816e857f93 in default_generate_output (trans=0x7f804c01ff10, outbuf=0x7f8068ff83c0) at ../../../../../jhbuild/checkout/gstreamer/subprojects/gstreamer/libs/gst/base/gstbasetransform.c:2197 #18 0x00007f816e8578be in gst_base_transform_chain (pad=<optimized out>, parent=0x7f804c01ff10, buffer=<optimized out>) at ../../../../../jhbuild/checkout/gstreamer/subprojects/gstreamer/libs/gst/base/gstbasetransform.c:2355 #19 0x00007f816e72e33e in gst_pad_chain_data_unchecked (pad=pad@entry=0x7f804c01c600, type=type@entry=4112, data=data@entry=0x7f804c06c2c0) at ../../../../../jhbuild/checkout/gstreamer/subprojects/gstreamer/gst/gstpad.c:4559 #20 0x00007f816e730e59 in gst_pad_push_data (pad=pad@entry=0x7f804c0262f0, type=type@entry=4112, data=data@entry=0x7f804c06c2c0) at ../../../../../jhbuild/checkout/gstreamer/subprojects/gstreamer/gst/gstpad.c:4852 #21 0x00007f816e73867c in gst_pad_push (pad=pad@entry=0x7f804c0262f0, buffer=buffer@entry=0x7f804c06c2c0) at ../../../../../jhbuild/checkout/gstreamer/subprojects/gstreamer/gst/gstpad.c:4971 #22 0x00007f811c04f2c0 in gst_single_queue_push_one (allow_drop=<synthetic pointer>, object=0x7f804c06c2c0, sq=0x7f804c020e10, mq=<optimized out>) at ../../../../../jhbuild/checkout/gstreamer/subprojects/gstreamer/plugins/elements/gstmultiqueue.c:2014 #23 gst_multi_queue_loop (pad=<optimized out>) at ../../../../../jhbuild/checkout/gstreamer/subprojects/gstreamer/plugins/elements/gstmultiqueue.c:2349 #24 0x00007f816e76cf22 in gst_task_func (task=0x7f804c01f250) at ../../../../../jhbuild/checkout/gstreamer/subprojects/gstreamer/gst/gsttask.c:399 #25 0x00007f816f097532 in ??? () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #26 0x00007f816f091d92 in ??? () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #27 0x00007f817628aaa4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:447 #28 0x00007f8176317c6c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78