RESOLVED FIXED 195700
Certain videos are causing a crash when used as WebGL texture 
https://bugs.webkit.org/show_bug.cgi?id=195700
Summary Certain videos are causing a crash when used as WebGL texture
Klaus Reinfeld
Reported 2019-03-13 14:27:25 PDT
When using some certain HTML5 videos as WebGL texture the browser-tab instantly crashes. Tested on latest iOS and Mac Safari versions. Here a very simple and reduced test-case / example: https://krpano.com/ios/bugs/webgl-video-texture-crash/ Note - only SOME videos are crashing (provided by users), others are working fine... but I don't know what is special or different in that crashing videos...
Attachments
Patch (1.61 KB, patch)
2019-03-14 10:23 PDT, Jer Noble 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2019-03-13 16:41:03 PDT
<rdar://problem/48869347>
Klaus Reinfeld
Comment 2 2019-03-13 23:53:51 PDT
Btw - would it be possible to know the reason why only SOME videos are crashing? Is it related to some video-encoding setting? That could help to allow the customers to change their video-encoding to produce non-crashing videos in the meantime.
Jer Noble
Comment 3 2019-03-14 07:48:40 PDT
I suspect this crash has been fixed in ToT but it would be hard to say without an actual crash log.
Klaus Reinfeld
Comment 4 2019-03-14 10:09:12 PDT
Sorry, but what is 'ToT'? If you mean Safari Technology Preview - that is crashing too - here its crashlog: Process: com.apple.WebKit.WebContent [22358] Version: 14608 (14608.1.7.3) Build Info: WebKit2-7608001007003000~4 Code Type: X86-64 (Native) Responsible: Safari Technology Preview [22270] Date/Time: 2019-03-14 17:58:45.692 +0100 OS Version: Mac OS X 10.14.3 (18D109) Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_INSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Illegal instruction: 4 Termination Reason: Namespace SIGNAL, Code 0x4 Terminating Process: exc handler [22358] Application Specific Information: *** CFEqual() called with NULL first argument *** Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.CoreFoundation 0x00007fff300af33f CFEqual + 671 1 com.apple.WebCore 0x000000010c59bb53 WebCore::VideoTextureCopierCV::copyImageToPlatformTexture(__CVBuffer*, unsigned long, unsigned long, unsigned int, unsigned int, int, unsigned int, unsigned int, unsigned int, bool, bool) + 2563 2 com.apple.WebCore 0x000000010b48ed1c WebCore::MediaPlayerPrivateAVFoundationObjC::copyVideoTextureToPlatformTexture(WebCore::GraphicsContext3D*, unsigned int, unsigned int, int, unsigned int, unsigned int, unsigned int, bool, bool) + 252 3 com.apple.WebCore 0x000000010c230c69 WebCore::HTMLVideoElement::copyVideoTextureToPlatformTexture(WebCore::GraphicsContext3D*, unsigned int, unsigned int, int, unsigned int, unsigned int, unsigned int, bool, bool) + 169 ...
Klaus Reinfeld
Comment 5 2019-03-14 10:12:48 PDT
According to this file (not sure if that's the current version): https://github.com/WebKit/webkit/blob/master/Source/WebCore/platform/graphics/cv/VideoTextureCopierCV.cpp the bug looks like an unhandled/unsupported color transferFunction case... CVBufferGetAttachment for kCVImageBufferYCbCrMatrixKey seems to return null and the following function doesn't check for that case...
Jer Noble
Comment 6 2019-03-14 10:14:06 PDT
ToT == "tip-of-tree". Thanks for the crash log; this looks like a different issue, but one that we're already tracking. It seems to be the case where the media being displayed isn't tagged with a particular YUV color matrix.
Jer Noble
Comment 7 2019-03-14 10:19:07 PDT
<rdar://48605849>
Jer Noble
Comment 8 2019-03-14 10:23:25 PDT
Created attachment 364664 [details] Patch
WebKit Commit Bot
Comment 9 2019-03-14 11:22:10 PDT
Comment on attachment 364664 [details] Patch Clearing flags on attachment: 364664 Committed r242946: <https://trac.webkit.org/changeset/242946>
WebKit Commit Bot
Comment 10 2019-03-14 11:22:11 PDT
All reviewed patches have been landed. Closing bug.
Klaus Reinfeld
Comment 11 2019-03-14 12:32:48 PDT
Thanks! If all bugs would be that easy to find and fix ;-). Btw - a note in the CFEqual documentation that it can't handle NULL might be also a good idea: https://developer.apple.com/documentation/corefoundation/1521287-cfequal?language=objc
Note You need to log in before you can comment on or make changes to this bug.