Asan Log: (with optimize build) ==17540==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6140001cc618 at pc 0x7fc481964760 bp 0x7fc449db9530 sp 0x7fc449db9528 READ of size 8 at 0x6140001cc618 thread T43 (MediaStreamGrph) #0 0x7fc48196475f in IsNull /builds/slave/m-cen-l64-asan-ntly-0000000000/build/obj-firefox/content/media/../../dist/include/nsAutoPtr.h:1017 #1 0x7fc481965d88 in ProcessInput /builds/slave/m-cen-l64-asan-ntly-0000000000/build/content/media/AudioNodeStream.cpp:453 #2 0x7fc4819fddb6 in ProduceDataForStreamsBlockByBlock /builds/slave/m-cen-l64-asan-ntly-0000000000/build/content/media/MediaStreamGraph.cpp:1269 ... 0x6140001cc618 is located 24 bytes to the right of 448-byte region [0x6140001cc440,0x6140001cc600) allocated by thread T0 here: #0 0x471d71 in __interceptor_malloc _asan_rtl_ #1 0x7fc48a500bed in moz_xmalloc /builds/slave/m-cen-l64-asan-ntly-0000000000/build/memory/mozalloc/mozalloc.cpp:52 #2 0x7fc481a0d122 in operator new /builds/slave/m-cen-l64-asan-ntly-0000000000/build/obj-firefox/content/media/../../dist/include/mozilla/mozalloc.h:201 #3 0x7fc481aeb9d8 in ChannelSplitterNode /builds/slave/m-cen-l64-asan-ntly-0000000000/build/content/media/webaudio/ChannelSplitterNode.cpp:63 #4 0x7fc481ad5be8 in CreateChannelSplitter /builds/slave/m-cen-l64-asan-ntly-0000000000/build/content/media/webaudio/AudioContext.cpp:358 ...
I can reproduce this reliably in the 3b682051f3ad mozilla-central-linux64-asan build, thank you, but not in the f61a27b00e05 build, so I think this is fixed by the patch in bug 1041466. The asan logs are a bit different, but the testcases are similar, both producing graphs with 2 cycles.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1041466
Flags: in-testsuite? → in-testsuite+
Assignee: nobody → hofusec
You need to log in before you can comment on or make changes to this bug.