Bug 195700 - Certain videos are causing a crash when used as WebGL texture
Summary: Certain videos are causing a crash when used as WebGL texture
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebGL (show other bugs)
Version: Other
Hardware: All Unspecified
: P2 Normal
Assignee: Jer Noble
Keywords: InRadar
Depends on:
Reported: 2019-03-13 14:27 PDT by Klaus Reinfeld
Modified: 2019-03-14 12:32 PDT (History)
5 users (show)

See Also:

Patch (1.61 KB, patch)
2019-03-14 10:23 PDT, Jer Noble
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Klaus Reinfeld 2019-03-13 14:27:25 PDT
When using some certain HTML5 videos as WebGL texture the browser-tab instantly crashes.
Tested on latest iOS and Mac Safari versions.

Here a very simple and reduced test-case / example:


Note - only SOME videos are crashing (provided by users), others are working fine... but I don't know what is special or different in that crashing videos...
Comment 1 Radar WebKit Bug Importer 2019-03-13 16:41:03 PDT
Comment 2 Klaus Reinfeld 2019-03-13 23:53:51 PDT
Btw - would it be possible to know the reason why only SOME videos are crashing? Is it related to some video-encoding setting?

That could help to allow the customers to change their video-encoding to produce non-crashing videos in the meantime.
Comment 3 Jer Noble 2019-03-14 07:48:40 PDT
I suspect this crash has been fixed in ToT but it would be hard to say without an actual crash log.
Comment 4 Klaus Reinfeld 2019-03-14 10:09:12 PDT
Sorry, but what is 'ToT'?

If you mean Safari Technology Preview - that is crashing too - here its crashlog:

Process:               com.apple.WebKit.WebContent [22358]
Version:               14608 (14608.1.7.3)
Build Info:            WebKit2-7608001007003000~4
Code Type:             X86-64 (Native)
Responsible:           Safari Technology Preview [22270]
Date/Time:             2019-03-14 17:58:45.692 +0100
OS Version:            Mac OS X 10.14.3 (18D109)

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes:       0x0000000000000001, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Illegal instruction: 4
Termination Reason:    Namespace SIGNAL, Code 0x4
Terminating Process:   exc handler [22358]

Application Specific Information:
*** CFEqual() called with NULL first argument ***

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.CoreFoundation      	0x00007fff300af33f CFEqual + 671
1   com.apple.WebCore             	0x000000010c59bb53 WebCore::VideoTextureCopierCV::copyImageToPlatformTexture(__CVBuffer*, unsigned long, unsigned long, unsigned int, unsigned int, int, unsigned int, unsigned int, unsigned int, bool, bool) + 2563
2   com.apple.WebCore             	0x000000010b48ed1c WebCore::MediaPlayerPrivateAVFoundationObjC::copyVideoTextureToPlatformTexture(WebCore::GraphicsContext3D*, unsigned int, unsigned int, int, unsigned int, unsigned int, unsigned int, bool, bool) + 252
3   com.apple.WebCore             	0x000000010c230c69 WebCore::HTMLVideoElement::copyVideoTextureToPlatformTexture(WebCore::GraphicsContext3D*, unsigned int, unsigned int, int, unsigned int, unsigned int, unsigned int, bool, bool) + 169
Comment 5 Klaus Reinfeld 2019-03-14 10:12:48 PDT
According to this file (not sure if that's the current version):


the bug looks like an unhandled/unsupported color transferFunction case...

CVBufferGetAttachment for kCVImageBufferYCbCrMatrixKey seems to return null and the following function doesn't check for that case...
Comment 6 Jer Noble 2019-03-14 10:14:06 PDT
ToT == "tip-of-tree".

Thanks for the crash log; this looks like a different issue, but one that we're already tracking. It seems to be the case where the media being displayed isn't tagged with a particular YUV color matrix.
Comment 7 Jer Noble 2019-03-14 10:19:07 PDT
Comment 8 Jer Noble 2019-03-14 10:23:25 PDT
Created attachment 364664 [details]
Comment 9 WebKit Commit Bot 2019-03-14 11:22:10 PDT
Comment on attachment 364664 [details]

Clearing flags on attachment: 364664

Committed r242946: <https://trac.webkit.org/changeset/242946>
Comment 10 WebKit Commit Bot 2019-03-14 11:22:11 PDT
All reviewed patches have been landed.  Closing bug.
Comment 11 Klaus Reinfeld 2019-03-14 12:32:48 PDT
If all bugs would be that easy to find and fix ;-).

Btw - a note in the CFEqual documentation that it can't handle NULL might be also a good idea: