168662 – [GStreamer] Crash in MediaPlayerPrivateGStreamerMSE::buffered() when MEDIA_STREAM is disabled

Bug 168662 - [GStreamer] Crash in MediaPlayerPrivateGStreamerMSE::buffered() when MEDIA_STREAM is disabled

Summary: [GStreamer] Crash in MediaPlayerPrivateGStreamerMSE::buffered() when MEDIA_ST...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Platform (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-02-21 10:04 PST by Carlos Garcia Campos
Modified:	2017-02-22 00:33 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Patch (2.10 KB, patch) 2017-02-21 10:07 PST, Carlos Garcia Campos	mcatanzaro: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carlos Garcia Campos 2017-02-21 10:04:58 PST

When MEDIA_STREAM is disable, if MediaPlayer::loadWithNextMediaEngine is called with a current engine, and there's no type specified, the next media engine that is used is the MSE one. Since there's no actually a media stream, the engine is created but never loaded. When buffered is called it tries to use its media source that is nullptr. It doesn't happen when MEDIA_STREAM is enabled, because the next media engine returned is Owr that doesn't implement buffered and always returns an empty PlatformTimeRanges.

#0  0x00007f9a7db0b61b in WebCore::MediaPlayerPrivateGStreamerMSE::buffered() const [clone .localalias.94] ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#1  0x00007f9a7d5d3681 in WebCore::MediaPlayer::buffered() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#2  0x00007f9a7d1c11db in WebCore::HTMLMediaElement::buffered() const () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007f9a7dbe2968 in WebCore::RenderThemeGtk::paintMediaSliderTrack(WebCore::RenderObject const&, WebCore::PaintInfo const&, WebCore::IntRect const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f9a7d846a0d in WebCore::RenderTheme::paint(WebCore::RenderBox const&, WebCore::ControlStates&, WebCore::PaintInfo const&, WebCore::LayoutRect const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007f9a7d705f03 in WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::LayoutPoint const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

Comment 1 Carlos Garcia Campos 2017-02-21 10:07:11 PST

Created attachment 302275 [details]
Patch

Comment 2 Michael Catanzaro 2017-02-21 11:19:27 PST

Hold up. Why is a MediaPlayerPrivateGStreamerMSE ever created if MEDIA_STREAM is disabled? It sounds like we should address that design issue instead of papering over this.

Comment 3 Michael Catanzaro 2017-02-21 11:20:06 PST

Comment on attachment 302275 [details]
Patch

Sorry, I mixed up MEDIA_SOURCE and MEDIA_STREAM.

Comment 4 Carlos Garcia Campos 2017-02-22 00:33:49 PST

Committed r212815: <http://trac.webkit.org/changeset/212815>