RESOLVED FIXED 223674
REGRESSION(r274870) fast/canvas/webgl/texImage2D-mse-flipY-true.html and fast/canvas/webgl/texImage2D-mse-flipY-false.html are crashing 
https://bugs.webkit.org/show_bug.cgi?id=223674
Summary REGRESSION(r274870) fast/canvas/webgl/texImage2D-mse-flipY-true.html and fast...
Lauro Moura
Reported 2021-03-23 23:11:46 PDT
Created attachment 424099 [details] Debug crash fast/canvas/webgl/texImage2D-mse-flipY-false.html fast/canvas/webgl/texImage2D-mse-flipY-true.html Results dashboard: https://results.webkit.org/?suite=layout-tests&test=fast%2Fcanvas%2Fwebgl%2FtexImage2D-mse-flipY-true.html Trace from debug test: Thread 1 (Thread 0x7fb4ba1509c0 (LWP 22835)): #0 WebCore::PlaybackPipeline::addSourceBuffer(WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> >) (this=0x7fb470461000, sourceBufferPrivate=...) at ../../Source/WebCore/platform/graphics/gstreamer/mse/PlaybackPipeline.cpp:106 #1 0x00007fb4c85dbb90 in WebCore::MediaSourcePrivateGStreamer::addSourceBuffer(WebCore::ContentType const&, bool, WTF::RefPtr<WebCore::SourceBufferPrivate, WTF::RawPtrTraits<WebCore::SourceBufferPrivate>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivate> >&) (this=0x7fb4704bcc60, contentType=..., sourceBufferPrivate=...) at ../../Source/WebCore/platform/graphics/gstreamer/mse/MediaSourcePrivateGStreamer.cpp:85 #2 0x00007fb4c61397dd in WebCore::MediaSource::createSourceBufferPrivate(WebCore::ContentType const&) (this=0x7fb47950d6f0, incomingType=...) at ../../Source/WebCore/Modules/mediasource/MediaSource.cpp:1094 #3 0x00007fb4c6138231 in WebCore::MediaSource::addSourceBuffer(WTF::String const&) (this=0x7fb47950d6f0, type=...) at ../../Source/WebCore/Modules/mediasource/MediaSource.cpp:734 #4 0x00007fb4c5703721 in WebCore::jsMediaSourcePrototypeFunction_addSourceBufferBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::IDLOperation<WebCore::JSMediaSource>::ClassParameter) (lexicalGlobalObject=0x7fb4780d5668, callFrame=0x7ffcdcaf43c0, castedThis=0x7fb4704793c8) at DerivedSources/WebCore/JSMediaSource.cpp:467 #5 0x00007fb4c570a5db in WebCore::IDLOperation<WebCore::JSMediaSource>::call<WebCore::jsMediaSourcePrototypeFunction_addSourceBufferBody>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) (lexicalGlobalObject=..., callFrame=..., operationName=0x7fb4ca76d36f "addSourceBuffer") at ../../Source/WebCore/bindings/js/JSDOMOperation.h:55 #6 0x00007fb4c57037d3 in WebCore::jsMediaSourcePrototypeFunction_addSourceBuffer(JSC::JSGlobalObject*, JSC::CallFrame*) (lexicalGlobalObject=0x7fb4780d5668, callFrame=0x7ffcdcaf43c0) at DerivedSources/WebCore/JSMediaSource.cpp:472 #7 0x00007fb4795331d8 in () #8 0x00007ffcdcaf4450 in () #9 0x00007fb4bec98ab3 in llint_op_call () at /app/webkit/Source/JavaScriptCore/llint/LowLevelInterpreter.asm:1093 #10 0x0000000000000000 in ()
Attachments
Debug crash (55.13 KB, text/plain)
2021-03-23 23:11 PDT, Lauro Moura 		no flags
Details
Patch (3.97 KB, patch)
2021-03-24 03:16 PDT, Philippe Normand 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Philippe Normand
Comment 1 2021-03-24 03:16:26 PDT
Created attachment 424118 [details] Patch
Kenneth Russell
Comment 2 2021-03-24 14:14:38 PDT
The link in the summary is hard to click, it's: https://trac.webkit.org/changeset/274870/webkit
Kenneth Russell
Comment 3 2021-03-24 14:15:44 PDT
Comment on attachment 424118 [details] Patch Seems fine. r+
EWS
Comment 4 2021-03-24 14:57:31 PDT
Committed r274976: <https://commits.webkit.org/r274976> All reviewed patches have been landed. Closing bug and clearing flags on attachment 424118 [details].
Radar WebKit Bug Importer
Comment 5 2021-03-24 14:58:16 PDT
<rdar://problem/75805874>
Note You need to log in before you can comment on or make changes to this bug.