When using some certain HTML5 videos as WebGL texture the browser-tab instantly crashes. Tested on latest iOS and Mac Safari versions. Here a very simple and reduced test-case / example: https://krpano.com/ios/bugs/webgl-video-texture-crash/ Note - only SOME videos are crashing (provided by users), others are working fine... but I don't know what is special or different in that crashing videos...
<rdar://problem/48869347>
Btw - would it be possible to know the reason why only SOME videos are crashing? Is it related to some video-encoding setting? That could help to allow the customers to change their video-encoding to produce non-crashing videos in the meantime.
I suspect this crash has been fixed in ToT but it would be hard to say without an actual crash log.
Sorry, but what is 'ToT'? If you mean Safari Technology Preview - that is crashing too - here its crashlog: Process: com.apple.WebKit.WebContent [22358] Version: 14608 (14608.1.7.3) Build Info: WebKit2-7608001007003000~4 Code Type: X86-64 (Native) Responsible: Safari Technology Preview [22270] Date/Time: 2019-03-14 17:58:45.692 +0100 OS Version: Mac OS X 10.14.3 (18D109) Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_INSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Illegal instruction: 4 Termination Reason: Namespace SIGNAL, Code 0x4 Terminating Process: exc handler [22358] Application Specific Information: *** CFEqual() called with NULL first argument *** Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.CoreFoundation 0x00007fff300af33f CFEqual + 671 1 com.apple.WebCore 0x000000010c59bb53 WebCore::VideoTextureCopierCV::copyImageToPlatformTexture(__CVBuffer*, unsigned long, unsigned long, unsigned int, unsigned int, int, unsigned int, unsigned int, unsigned int, bool, bool) + 2563 2 com.apple.WebCore 0x000000010b48ed1c WebCore::MediaPlayerPrivateAVFoundationObjC::copyVideoTextureToPlatformTexture(WebCore::GraphicsContext3D*, unsigned int, unsigned int, int, unsigned int, unsigned int, unsigned int, bool, bool) + 252 3 com.apple.WebCore 0x000000010c230c69 WebCore::HTMLVideoElement::copyVideoTextureToPlatformTexture(WebCore::GraphicsContext3D*, unsigned int, unsigned int, int, unsigned int, unsigned int, unsigned int, bool, bool) + 169 ...
According to this file (not sure if that's the current version): https://github.com/WebKit/webkit/blob/master/Source/WebCore/platform/graphics/cv/VideoTextureCopierCV.cpp the bug looks like an unhandled/unsupported color transferFunction case... CVBufferGetAttachment for kCVImageBufferYCbCrMatrixKey seems to return null and the following function doesn't check for that case...
ToT == "tip-of-tree". Thanks for the crash log; this looks like a different issue, but one that we're already tracking. It seems to be the case where the media being displayed isn't tagged with a particular YUV color matrix.
<rdar://48605849>
Created attachment 364664 [details] Patch
Comment on attachment 364664 [details] Patch Clearing flags on attachment: 364664 Committed r242946: <https://trac.webkit.org/changeset/242946>
All reviewed patches have been landed. Closing bug.
Thanks! If all bugs would be that easy to find and fix ;-). Btw - a note in the CFEqual documentation that it can't handle NULL might be also a good idea: https://developer.apple.com/documentation/corefoundation/1521287-cfequal?language=objc