Seen while browsing the SourceBufferPrivate::evictCodedFrames code. In SourceBufferPrivate::evictCodedFrames we have: ``` // NOTE: begin by removing data from the beginning of the buffered ranges, 30 seconds at // a time, up to 30 seconds before currentTime. MediaTime thirtySeconds = MediaTime(30, 1); MediaTime maximumRangeEnd = currentTime - thirtySeconds; #if !RELEASE_LOG_DISABLED uint64_t initialBufferedSize = totalTrackBufferSizeInBytes(); DEBUG_LOG(LOGIDENTIFIER, "currentTime = ", currentTime, ", require ", initialBufferedSize + newDataSize, " bytes, maximum buffer size is ", maximumBufferSize); #endif MediaTime rangeStart = MediaTime::zeroTime(); MediaTime rangeEnd = rangeStart + thirtySeconds; while (rangeStart < maximumRangeEnd) { // 4. For each range in removal ranges, run the coded frame removal algorithm with start and // end equal to the removal range start and end timestamp respectively. removeCodedFrames(rangeStart, std::min(rangeEnd, maximumRangeEnd), currentTime, isEnded); if (!isBufferFullFor(newDataSize, maximumBufferSize)) { break; } rangeStart += thirtySeconds; rangeEnd += thirtySeconds; } ``` removeCodedFrames will immediately assert that `ASSERT(start < end);` if we haven't started playback, or currentTime = 0 MediaTime maximumRangeEnd = currentTime - thirtySeconds = -30s MediaTime rangeStart = MediaTime::zeroTime() = 0s MediaTime rangeEnd = rangeStart + thirtySeconds = 30s so: removeCodedFrames(rangeStart, std::min(rangeEnd, maximumRangeEnd), currentTime, isEnded); is called with rangeState = 0 std::min(rangeEnd, maximumRangeEnd) = -30s which will assert.
This is a regression from bug 225800 It removes the check to determine if the buffer range index were valid. so we attempt to call removeCodedFrames with invalid values.
My analysis above was wrong, it does assert, but in a different spot. in the loop that check on what can be removed in the non-contiguous sections after currentTime
<rdar://problem/78943223>
Created attachment 430738 [details] Patch
Committed r278635 (238618@main): <https://commits.webkit.org/238618@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 430738 [details].