Closed Bug 1005366 Opened 6 years ago Closed 6 years ago

crash with MSE in mozilla::dom::SourceBuffer::AppendData(unsigned char const*, unsigned int, mozilla::ErrorResult&)

Categories

(Core :: Audio/Video, defect)

All
macOS
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla32
Tracking Status
firefox32 --- verified

People

(Reporter: asqueella, Assigned: kinetik)

References

Details

(Keywords: crash, regression, testcase)

Crash Data

Attachments

(4 files)

1. set media.mediasource.enabled=true
2. go to http://dash-mse-test.appspot.com/dash-player.html
3. select feelings_vp9
4. play
5. click on the video's slider to fast forward

crashes https://crash-stats.mozilla.com/report/index/343ddd64-d8eb-4325-8e4e-e4dc02140502 @  mozilla::dom::SourceBuffer::AppendData(unsigned char const*, unsigned int, mozilla::ErrorResult&) 

appears to be a simple typo, attempting to call a method on a NULL mDecoder:
http://mxr.mozilla.org/mozilla-central/source/content/media/mediasource/SourceBuffer.cpp
428     if (!mDecoder || mDecoderInit) {
429       MSE_DEBUG("%p AppendBuffer: New initialization segment, creating decoder.", this);
430       mDecoder->GetResource()->Ended();
Looks like bug 1002404 changed the if from (mDecoder) to (!mDecoder || ...). Was the negation intended?

https://hg.mozilla.org/mozilla-central/rev/b7be54db9ede#l1.40
Blocks: 1002404
Keywords: regression, testcase
Attached file jesse's fuzz testcase
Attached file jesse's stack
Assignee: nobody → kinetik
Status: NEW → ASSIGNED
p2 also adds Jesse's fuzz test, and moves the one existing MSE crash test into the (new) mediasource crashtest dir.
Attachment #8418586 - Flags: review?(cajbir.bugzilla) → review+
Attachment #8418587 - Flags: review?(cajbir.bugzilla) → review+
https://hg.mozilla.org/mozilla-central/rev/82ad7813f515
https://hg.mozilla.org/mozilla-central/rev/3c695f32262b
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
Reproduced in Nightly 2014-05-05.
Verified fixed FF 32.0a1 (2014-05-26), Win 7 x64
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.