Null pointer access in WebKit HTMLMediaElement.cpp
Reported by
pa...@yandex-team.ru,
Apr 6 2016
|
|||
Issue descriptionChrome Version : 50.0.2661.18 URLs (if applicable) : http://tvzvezda.ru/news/vstrane_i_mire/content/201603252134-zx23.htm OS version : Android 5.1.1 Network (such as Cable/DSL/Dial up etc): 3G Audio/Video format (if applicable): embedded video from youtube.com Special chrome flags (if applicable): Video issue, Audio issue, both, neither? Probably both Flash or HTML5? HTML5 We observe mildly frequent crash reports with null pointer access in HTMLMediaElement.cpp on line: double mediaTime = webMediaPlayer()->mediaTimeForTimeValue(time); Stack trace: 0 blink::HTMLMediaElement::seek src/out/Release/../../third_party/WebKit/Source/core/html/HTMLMediaElement.cpp:1808 1 blink::HTMLMediaElement::setCurrentTime src/out/Release/../../third_party/WebKit/Source/core/html/HTMLMediaElement.cpp:1933 2 blink::HTMLMediaElementV8Internal::currentTimeAttributeSetterCallback src/out/Release/gen/blink/bindings/core/v8/V8HTMLMediaElement.cpp:269 3 v8::internal::FunctionCallbackArguments::Call src/out/Release/../../v8/src/arguments.cc:33 4 v8::internal::HandleApiCallHelper<false> src/out/Release/../../v8/src/builtins.cc:1575 5 v8::internal::Builtins::InvokeApiFunction src/out/Release/../../v8/src/builtins.cc:1657 6 v8::internal::Execution::Call src/out/Release/../../v8/src/execution.cc:156 7 v8::internal::Object::SetPropertyWithDefinedSetter src/out/Release/../../v8/src/objects.cc:956 8 v8::internal::Object::SetPropertyWithAccessor src/out/Release/../../v8/src/objects.cc:904 9 v8::internal::Object::SetPropertyInternal src/out/Release/../../v8/src/objects.cc:3637 10 v8::internal::Object::SetProperty src/out/Release/../../v8/src/objects.cc:3681 11 v8::internal::StoreIC::Store src/out/Release/../../v8/src/ic/ic.cc:1612 12 v8::internal::Runtime_StoreIC_Miss src/out/Release/../../v8/src/ic/ic.cc:2483 It seems like the problem // FIXME: remove m_webMediaPlayer check once we figure out how // m_webMediaPlayer is going out of sync with readystate. // m_webMediaPlayer is cleared but readystate is not set to HAVE_NOTHING. still exists
,
Apr 25 2016
Do you have some ideas on how often it happens?
,
Apr 25 2016
According to our statistics at yandex last week it was about 1.51% of top native crashes.
,
May 26 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e0dc013c18f0cd16f9cd72004043900152a324eb commit e0dc013c18f0cd16f9cd72004043900152a324eb Author: pavor <pavor@yandex-team.ru> Date: Thu May 26 03:22:26 2016 Fix potential null pointer access in HTMLMediaElement::seek Additional check of m_webMediaPlayer for nullptr in case of a situation when ready state goes out of sync with m_webMediaPlayer. The real call sequence that results in error is unkown. BUG= 600958 R=liberato@chromium.org,mlamouri@chromium.org Review-Url: https://codereview.chromium.org/1856373004 Cr-Commit-Position: refs/heads/master@{#396098} [modify] https://crrev.com/e0dc013c18f0cd16f9cd72004043900152a324eb/third_party/WebKit/Source/core/html/HTMLMediaElement.cpp
,
May 26 2016
|
|||
►
Sign in to add a comment |
|||
Comment 1 by yini...@chromium.org
, Apr 7 2016