Bug 309739

Summary: [GStreamer] AddressSanitizer SEGV in WebCore::configureVideoDecoderForHarnessing
Product: WebKit Reporter: Felipe Erias <felipeerias>
Component: WPE WebKitAssignee: Philippe Normand <philn>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, felipeerias, fujii, philn
Priority: P2    
Version: WebKit Local Build   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Command output
none
Test file
none
gst log GST_DEBUG="3,webkit*:9" none

Felipe Erias
Reported 2026-03-11 18:30:58 PDT
Created attachment 478642 [details] Command output Version: WPE WebKit version 2.50.5. Setup: git checkout wpewebkit-2.50.5 Tools/Scripts/set-webkit-configuration --wpe --asan --release Tools/Scripts/build-webkit --wpe --release Test file: <!DOCTYPE html> <html> <body> <script> var decoder = new VideoDecoder({ output: function(frame) { frame.close(); }, error: function(e) {}, }); decoder.configure({codec: 'vp8', codedWidth: 320, codedHeight: 240}); </script> </body> </html> Command: WebKitBuild/WPE/Release/bin/MiniBrowser --headless test_webcodecs_videodecoder.html Result: > ... > SUMMARY: AddressSanitizer: SEGV (/home/felipe/WebKit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1+0x1ecac395) (BuildId: 291eb88f6c779b00) in WebCore::configureVideoDecoderForHarnessing(WTF::GRefPtr<_GstElement, WTF::GRefPtrDefaultRefDerefTraits<_GstElement> > const&)
Attachments
Command output (4.50 KB, text/plain)
2026-03-11 18:30 PDT, Felipe Erias 		no flags
Details
Test file (267 bytes, text/html)
2026-03-11 18:57 PDT, Felipe Erias 		no flags
Details
gst log GST_DEBUG="3,webkit*:9" (42.20 KB, text/plain)
2026-03-13 05:45 PDT, Felipe Erias 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Felipe Erias
Comment 1 2026-03-11 18:57:38 PDT
Created attachment 478645 [details] Test file
Felipe Erias
Comment 2 2026-03-11 19:25:20 PDT
As far as I could see, the crash seems to come from WebCore::GStreamerVideoDecoder::create(). The code validates that a VP8 decoder is available but instantiating that decoder fails and returns NULL, which is not checked. In VideoDecoderGStreamer.cpp, around line 111: if (!lookupResult) { GST_WARNING("No decoder found for codec %s", codecName.utf8().data()); callback(makeUnexpected(makeString("No decoder found for codec "_s, codecName))); return; } GRefPtr<GstElement> element = gst_element_factory_create(lookupResult.factory.get(), nullptr); I don't know the real-world impact of this bug, as it might only happen in this particular test environment (ASan, headless, etc.). Nevertheless, if gst_element_factory_create() may return NULL then the code should check for that.
Philippe Normand
Comment 3 2026-03-12 01:32:56 PDT
Can you provide a gst log please? GST_DEBUG="3,webkit*:9"
Philippe Normand
Comment 4 2026-03-12 02:27:12 PDT
> Nevertheless, if gst_element_factory_create() may return NULL then the code should check for that. Sure, but if you reached this code it means GStreamerRegistryScanner::isCodecSupported() should have found an element factory for vp8, so there's something odd going on.
Philippe Normand
Comment 5 2026-03-12 02:31:41 PDT
Here I have this: 0:00:01.629353038 4164095 4164095 LOG webkitregistryscanner GStreamerRegistryScanner.cpp:371:hasElementForCaps: Lookup result for video decoder matching caps video/x-vp8 : isSupported=true, isUsingHardware=false, factory=<vp8dec> 0:00:01.631498689 4164095 4164095 LOG webkitregistryscanner GStreamerRegistryScanner.cpp:371:hasElementForCaps: Lookup result for video encoder matching caps video/x-vp8 : isSupported=true, isUsingHardware=false, factory=<vp8enc> 0:00:01.632150484 4164095 4164095 DEBUG webkitregistryscanner GStreamerRegistryScanner.cpp:407:refresh: Hardware decoder codec pattern registered: vp8 0:00:01.632210716 4164095 4164095 DEBUG webkitregistryscanner GStreamerRegistryScanner.cpp:407:refresh: Hardware decoder codec pattern registered: vp8.0 0:00:01.632377819 4164095 4164095 DEBUG webkitregistryscanner GStreamerRegistryScanner.cpp:407:refresh: Hardware decoder codec pattern registered: x-vp8 0:00:01.632489620 4164095 4164095 DEBUG webkitregistryscanner GStreamerRegistryScanner.cpp:411:refresh: Hardware encoder codec pattern registered: vp8.0 0:00:01.632578636 4164095 4164095 DEBUG webkitregistryscanner GStreamerRegistryScanner.cpp:411:refresh: Hardware encoder codec pattern registered: x-vp8 0:00:01.632594398 4164095 4164095 DEBUG webkitregistryscanner GStreamerRegistryScanner.cpp:411:refresh: Hardware encoder codec pattern registered: vp8 0:00:01.632697874 4164095 4164095 LOG webkitregistryscanner GStreamerRegistryScanner.cpp:819:isCodecSupported: Checked hardware decoding codec "vp8" supported false 0:00:01.632707669 4164095 4164095 DEBUG webkitvideodecoder VideoDecoderGStreamer.cpp:106:create: No hardware decoder found for codec vp8, falling back to software 0:00:01.632715709 4164095 4164095 LOG webkitregistryscanner GStreamerRegistryScanner.cpp:819:isCodecSupported: Checked software decoding codec "vp8" supported true 0:00:01.634216139 4164095 4164095 DEBUG webkitvideodecoder VideoDecoderGStreamer.cpp:170:GStreamerInternalVideoDecoder:<vp8dec0> Configuring decoder for codec vp8 0:00:01.635793443 4164095 4164095 DEBUG webkitelementharness GStreamerElementHarness.cpp:147:GStreamerElementHarness:<vp8dec0> Expecting output buffers on static src pad. 0:00:01.636536919 4164095 4164095 TRACE webkitelementharness GStreamerElementHarness.cpp:454:srcEvent:<vp8dec0> Got event on src pad: reconfigure event: 0x36bcab90, time 99:99:99.999999999, seq-num 4, (NULL) 0:00:01.637021904 4164095 4164224 DEBUG webkitvideodecoder VideoDecoderGStreamer.cpp:127:operator():<vp8dec0> Video decoder created 0:00:05.114015783 4164095 4164095 DEBUG webkitvideodecoder VideoDecoderGStreamer.cpp:67:~GStreamerInternalVideoDecoder:<vp8dec0> Disposing video decoder 0:00:05.114063760 4164095 4164095 DEBUG webkitelementharness GStreamerElementHarness.cpp:174:~GStreamerElementHarness:<vp8dec0> Stopping harness 0:00:05.114126789 4164095 4164095 TRACE webkitelementharness GStreamerElementHarness.cpp:285:pushEvent:<vp8dec0> Pushing eos event: 0x3640f270, time 99:99:99.999999999, seq-num 5, (NULL) 0:00:05.114161385 4164095 4164095 TRACE webkitelementharness GStreamerElementHarness.cpp:287:pushEvent:<vp8dec0> Result: false
Philippe Normand
Comment 6 2026-03-12 02:34:36 PDT
With GST_PLUGIN_FEATURE_RANK=vp8dec:0,avdec_vp8:0 : 0:00:01.633608370 4167019 4167019 LOG webkitregistryscanner GStreamerRegistryScanner.cpp:371:hasElementForCaps: Lookup result for video decoder matching caps video/x-vp8 : isSupported=false, isUsingHardware=false, factory=(NULL) 0:00:01.635629908 4167019 4167019 LOG webkitregistryscanner GStreamerRegistryScanner.cpp:371:hasElementForCaps: Lookup result for video encoder matching caps video/x-vp8 : isSupported=true, isUsingHardware=false, factory=<vp8enc> 0:00:01.636577119 4167019 4167019 DEBUG webkitregistryscanner GStreamerRegistryScanner.cpp:411:refresh: Hardware encoder codec pattern registered: vp8.0 0:00:01.636666315 4167019 4167019 DEBUG webkitregistryscanner GStreamerRegistryScanner.cpp:411:refresh: Hardware encoder codec pattern registered: x-vp8 0:00:01.636682242 4167019 4167019 DEBUG webkitregistryscanner GStreamerRegistryScanner.cpp:411:refresh: Hardware encoder codec pattern registered: vp8 0:00:01.636781946 4167019 4167019 LOG webkitregistryscanner GStreamerRegistryScanner.cpp:819:isCodecSupported: Checked hardware decoding codec "vp8" supported false 0:00:01.636790939 4167019 4167019 DEBUG webkitvideodecoder VideoDecoderGStreamer.cpp:106:create: No hardware decoder found for codec vp8, falling back to software 0:00:01.636812051 4167019 4167019 LOG webkitregistryscanner GStreamerRegistryScanner.cpp:819:isCodecSupported: Checked software decoding codec "vp8" supported false 0:00:01.636817981 4167019 4167019 WARN webkitvideodecoder VideoDecoderGStreamer.cpp:111:create: No decoder found for codec vp8
Felipe Erias
Comment 7 2026-03-13 05:45:46 PDT
Created attachment 478665 [details] gst log GST_DEBUG="3,webkit*:9"
Felipe Erias
Comment 8 2026-03-13 05:48:48 PDT
GStreamer log attached. This seems to be the key point, right before the crash: > LOG webkitregistryscanner GStreamerRegistryScanner.cpp:788:isCodecSupported: Checked hardware decoding codec "vp8" supported true > ERROR nvcodec plugin.c:171:plugin_init: Failed to init cuda, cuInit ret: 0x2: CUDA_ERROR_OUT_OF_MEMORY: out of memory > WARN nvcodec plugin.c:175:plugin_init: CUDA call failed: CUDA_ERROR_NO_DEVICE, no CUDA-capable device is detected > WARN GST_ELEMENT_FACTORY gstelementfactory.c:531:gst_element_factory_create_with_properties:<nvvp8dec> loading plugin returned NULL! > DEBUG webkitvideodecoder VideoDecoderGStreamer.cpp:165:GStreamerInternalVideoDecoder: Configuring decoder for codec vp8 > AddressSanitizer:DEADLYSIGNAL
Philippe Normand
Comment 9 2026-03-13 05:55:16 PDT
Pull request: https://github.com/WebKit/WebKit/pull/60555
EWS
Comment 10 2026-03-13 07:28:54 PDT
Committed 309207@main (edcaf48cc49a): <https://commits.webkit.org/309207@main> Reviewed commits have been landed. Closing PR #60555 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.