Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 4ed00073e6733fe3ca073eeea651bbebaf8e43c1
https://github.com/WebKit/WebKit/commit/4ed00073e6733fe3ca073eeea651bbebaf8e43c1
Author: Jean-Yves Avenard <[email protected]>
Date: 2026-05-06 (Wed, 06 May 2026)
Changed paths:
A
LayoutTests/media/media-source/media-source-append-media-before-init-expected.txt
A LayoutTests/media/media-source/media-source-append-media-before-init.html
M LayoutTests/platform/glib/TestExpectations
M Source/WebCore/SourcesCocoa.txt
M Source/WebCore/WebCore.xcodeproj/project.pbxproj
M
Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferParserAVFObjC.h
M
Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferParserAVFObjC.mm
A Source/WebCore/platform/graphics/cocoa/ISOBMFFPreParser.cpp
A Source/WebCore/platform/graphics/cocoa/ISOBMFFPreParser.h
M Source/WebCore/platform/graphics/cocoa/SourceBufferParser.cpp
Log Message:
-----------
[cocoa] AVStreamDataParser accepts media segments not preceded by an init
segment
https://bugs.webkit.org/show_bug.cgi?id=314045
rdar://176242479
Reviewed by Jer Noble.
With Twitch, following a transition from an ad back to streaming content,
the player creates a new MediaSource and begins appending content that
does not always start with an initialization segment. This exposed two
issues in AVStreamDataParser's handling of the MSE Segment Parser Loop:
- It accepts media segments appended before any initialization segment,
producing CMSampleBuffers with no valid CMFormatDescription that later
may fail to decode.
- When a new initialization segment of a different format is appended
without a preceding abort() or changeType(), its internal MoofManifold
reports a "Second ftyp atom" error (-16046) that is CoreMedia-internal
and never surfaces via didFailToParseStreamDataWithError:. The error is
not fatal, but the new init segment was not applied cleanly because the
parser is never told the stream is discontinuous and invalid sample's pts
were sometimes observed (which caused them to be dropped and lead to a stall).
AVStreamDataParser already exposes AVStreamDataParserStreamDataDiscontinuity
for the second case, but no caller was ever setting it outside of
resetParserState() (abort()/changeType()). The AppendFlags::Discontinuity
plumbing in SourceBufferParser was effectively dead code for the
mid-stream re-initialization path.
Fix: We add an ISO-BMFF pre-parser upstream of AVStreamDataParser. It walks
box headers across appendData() boundaries (without parsing box contents)
and tracks Segment Parser Loop state. It does two things:
- If a media segment arrives before any initialization segment, the
append is rejected with a parsing error. This matches the MSE spec and
aligns WebKit with Firefox and Chrome.
- When a new `ftyp` is detected after an init segment has already been
received, the append is split: anything before the ftyp is forwarded
with the existing flags, and the ftyp-onward portion is forwarded with
AppendFlags::Discontinuity, which SourceBufferParserAVFObjC translates
into AVStreamDataParserStreamDataDiscontinuity.
The pre-parser uses BitReader rather than ISOBox::peekBox because the
latter requires JSC::DataView and routes through Gigacage; accessing
non-Gigacaged memory (e.g. SharedBuffer contents) causes EXC_BAD_ACCESS
(rdar://171573373).
Box header parsing handles the 32-bit, 64-bit extended (size==1), and
open-ended (size==0) encodings, and carries partial headers across
appendData() calls via m_pendingHeaderBytes so a header spanning two
appends parses correctly.
*
LayoutTests/media/media-source/media-source-append-media-before-init-expected.txt:
Added.
* LayoutTests/media/media-source/media-source-append-media-before-init.html:
Added.
* Source/WebCore/SourcesCocoa.txt:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
(WebCore::ISOBMFFPreParser::ISOBMFFPreParser):
(WebCore::ISOBMFFPreParser::parseBoxHeader):
(WebCore::ISOBMFFPreParser::isInitSegmentStartBox):
(WebCore::ISOBMFFPreParser::isMediaSegmentStartBox):
(WebCore::ISOBMFFPreParser::reset):
(WebCore::ISOBMFFPreParser::setPendingInitializationSegmentForChangeType):
(WebCore::ISOBMFFPreParser::appendData):
* Source/WebCore/platform/graphics/cocoa/ISOBMFFPreParser.cpp: Added.
* Source/WebCore/platform/graphics/cocoa/ISOBMFFPreParser.h: Added.
*
Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferParserAVFObjC.h:
*
Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferParserAVFObjC.mm:
(WebCore::SourceBufferParserAVFObjC::SourceBufferParserAVFObjC):
(WebCore::SourceBufferParserAVFObjC::appendData):
(WebCore::SourceBufferParserAVFObjC::resetParserState):
Canonical link: https://commits.webkit.org/312761@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
