Bug 254079

Summary: [GPUP][MSE] Potential incorrect handling when multiple init segment are added during a single appendBuffer
Product: WebKit Reporter: Jean-Yves Avenard [:jya] <jean-yves.avenard>
Component: MediaAssignee: Jean-Yves Avenard [:jya] <jean-yves.avenard>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Jean-Yves Avenard [:jya] 2023-03-17 08:42:14 PDT 
As discussed in https://github.com/WebKit/WebKit/pull/11599

If wee append the following:
"init_segment | media_segment | init_segment

Our handling of such scenario is problematic and would result in an undefined behaviour, in particular in regards to track ID ; it is possible for track id to change in between run, even get swapped between audio and video (we even have a test about it: as it used to cause a crash).


We currently wait for the init segment to finish being processed by the SourceBuffer running in the content process; however if we immediately have a 2nd init segment, we will process the demuxed samples only after we've finished handling the 2nd init segment.

We should process the demuxed samples once the init segment they immediately follow has been processed and only start to check the 2nd init segment then.
Comment 1 Radar WebKit Bug Importer 2023-03-17 08:42:30 PDT 
<rdar://problem/106859839>
Comment 2 youenn fablet 2023-03-17 09:42:17 PDT 
Once done, we could add an ASSERT(!m_appendCompletedPending) in SourceBufferPrivate::appendCompleted() in the `if (processingInitializationSegment())` block.
Comment 3 Jean-Yves Avenard [:jya] 2023-03-28 00:59:05 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/12044
Comment 4 EWS 2023-03-29 16:23:44 PDT 
Committed 262300@main (f820f4ae8567): <https://commits.webkit.org/262300@main>

Reviewed commits have been landed. Closing PR #12044 and removing active labels.