crash with MSE in mozilla::dom::SourceBuffer::AppendData(unsigned char const*, unsigned int, mozilla::ErrorResult&)

VERIFIED FIXED in Firefox 32

Status

()

--
critical
VERIFIED FIXED
5 years ago
5 years ago

People

(Reporter: asqueella, Assigned: kinetik)

Tracking

({crash, regression, testcase})

Trunk
mozilla32
All
macOS
crash, regression, testcase
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox32 verified)

Details

(crash signature)

Attachments

(4 attachments)

(Reporter)

Description

5 years ago
1. set media.mediasource.enabled=true
2. go to http://dash-mse-test.appspot.com/dash-player.html
3. select feelings_vp9
4. play
5. click on the video's slider to fast forward

crashes https://crash-stats.mozilla.com/report/index/343ddd64-d8eb-4325-8e4e-e4dc02140502 @  mozilla::dom::SourceBuffer::AppendData(unsigned char const*, unsigned int, mozilla::ErrorResult&) 

appears to be a simple typo, attempting to call a method on a NULL mDecoder:
http://mxr.mozilla.org/mozilla-central/source/content/media/mediasource/SourceBuffer.cpp
428     if (!mDecoder || mDecoderInit) {
429       MSE_DEBUG("%p AppendBuffer: New initialization segment, creating decoder.", this);
430       mDecoder->GetResource()->Ended();

Comment 1

5 years ago
Looks like bug 1002404 changed the if from (mDecoder) to (!mDecoder || ...). Was the negation intended?

https://hg.mozilla.org/mozilla-central/rev/b7be54db9ede#l1.40
Blocks: 1002404
Keywords: regression, testcase

Comment 3

5 years ago
Posted file jesse's stack
(Assignee)

Updated

5 years ago
Assignee: nobody → kinetik
Status: NEW → ASSIGNED
(Assignee)

Comment 6

5 years ago
p2 also adds Jesse's fuzz test, and moves the one existing MSE crash test into the (new) mediasource crashtest dir.

Updated

5 years ago
Attachment #8418586 - Flags: review?(cajbir.bugzilla) → review+

Updated

5 years ago
Attachment #8418587 - Flags: review?(cajbir.bugzilla) → review+
https://hg.mozilla.org/mozilla-central/rev/82ad7813f515
https://hg.mozilla.org/mozilla-central/rev/3c695f32262b
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
Reproduced in Nightly 2014-05-05.
Verified fixed FF 32.0a1 (2014-05-26), Win 7 x64
Status: RESOLVED → VERIFIED
status-firefox32: --- → verified
You need to log in before you can comment on or make changes to this bug.