Closed
Bug 1109545
Opened 9 years ago
Closed 9 years ago
Conditional jump or move depends on uninitialised value(s) in mozilla::MediaStreamGraphImpl::UpdateStreamOrder
Categories
(Core :: Audio/Video, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1057274
People
(Reporter: mitchwharper, Unassigned)
Details
(Keywords: csectype-uninitialized, valgrind)
User Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Build ID: 20141126041045 Actual results: ==6262== Conditional jump or move depends on uninitialised value(s) ==6262== at 0x91DCE4D: mozilla::MediaStreamGraphImpl::UpdateStreamOrder() (MediaStreamGraph.cpp:558) ==6262== by 0x91E0CAD: mozilla::MediaStreamGraphImpl::UpdateGraph(long) (MediaStreamGraph.cpp:1269) ==6262== by 0x91E2EC3: mozilla::MediaStreamGraphImpl::OneIteration(long, long, long, long) (MediaStreamGraph.cpp:1413) ==6262== by 0x91BFB8E: mozilla::AudioCallbackDriver::DataCallback(float*, long) (GraphDriver.cpp:917) ==6262== by 0x91BFD05: mozilla::AudioCallbackDriver::DataCallback_s(cubeb_stream*, void*, void*, long) (GraphDriver.cpp:758) ==6262== by 0x9BF3722: stream_request_callback (cubeb_pulse.c:195) ==6262== by 0x40930A76: ??? (in /usr/lib/x86_64-linux-gnu/libpulse.so.0.16.2) ==6262== by 0x40D8D5FC: pa_pdispatch_run (in /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-4.0.so) ==6262== by 0x40915011: ??? (in /usr/lib/x86_64-linux-gnu/libpulse.so.0.16.2) ==6262== by 0x40D9144B: ??? (in /usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-4.0.so) ==6262== by 0x40928AEB: pa_mainloop_dispatch (in /usr/lib/x86_64-linux-gnu/libpulse.so.0.16.2) ==6262== by 0x40928ED9: pa_mainloop_iterate (in /usr/lib/x86_64-linux-gnu/libpulse.so.0.16.2) ==6262== Uninitialised value was created by a heap allocation ==6262== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==6262== by 0x40334E6: moz_xmalloc (mozalloc.cpp:52) ==6262== by 0x91DED47: mozilla::MediaStreamGraph::CreateSourceStream(mozilla::DOMMediaStream*) (mozalloc.h:201) ==6262== by 0x91BBA3A: mozilla::DOMMediaStream::InitSourceStream(nsIDOMWindow*, unsigned char) (DOMMediaStream.cpp:223) ==6262== by 0x91BBAD6: mozilla::DOMMediaStream::CreateSourceStream(nsIDOMWindow*, unsigned char) (DOMMediaStream.cpp:249) ==6262== by 0x8471C0F: sipcc::PeerConnectionImpl::MakeMediaStream(unsigned int) (PeerConnectionImpl.cpp:592) ==6262== by 0x847405D: sipcc::PeerConnectionImpl::CreateRemoteSourceStreamInfo(nsRefPtr<sipcc::RemoteSourceStreamInfo>*) (PeerConnectionImpl.cpp:628) ==6262== by 0x8459494: vcmCreateRemoteStream (VcmSIPCCBinding.cpp:823) ==6262== by 0x83B91D0: lsm_add_remote_stream (lsm.c:5230) ==6262== by 0x83B44E4: gsmsdp_negotiate_media_lines (gsm_sdp.c:5319) ==6262== by 0x839EE7E: fsmdef_ev_setremotedesc (fsmdef.c:3671) ==6262== by 0x83C04BF: sm_process_event (sm.c:48)
Reporter | ||
Updated•9 years ago
|
Group: core-security
Updated•9 years ago
|
Component: Untriaged → Video/Audio
Product: Firefox → Core
Updated•9 years ago
|
Keywords: csectype-uninitialized,
valgrind
Reporter | ||
Comment 1•9 years ago
|
||
Valgrind command: `G_SLICE=always-malloc valgrind --tool=memcheck --vex-iropt-register-updates=allregs-at-mem-access --smc-check=all-non-file --track-origins=yes ./firefox` on 34.0.5 release built for valgrind Steps taken: 1. Start the browser 2. Open a new tab 3. Visit https://www.webrtc-experiment.com/RTCMultiConnection/MultiRTC/ in two separate tabs 4. Input the same room ID for both instances 5. Enable video and audio on the second tab, and allow access 6. Share my microphone and camera 7. Switch to other tab 8. Enable video and audio on first tab 9. Share camera and microphone 10. Preview camera from second user (this is where the first jump on uninitialized memory occured) 11. Preview microphone from second user 12. Switch tabs 13. Preview camera and mic from first user 14. Exit browser
Comment 2•9 years ago
|
||
I think this is highly likely to be a dup of bug 1057274, although the stacks are not identical.
Reporter | ||
Comment 3•9 years ago
|
||
It looks like it's a different bug: http://mxr.mozilla.org/mozilla-release/source/content/media/MediaStreamGraph.cpp#561: 561} else if (!shouldAEC && mFarendObserverRef){ 562 if (mMixer.FindCallback(mFarendObserverRef)) { 563 mMixer.RemoveCallback(mFarendObserverRef); 564 mFarendObserverRef = nullptr; 565 } But in http://mxr.mozilla.org/mozilla-release/source/content/media/MediaStreamGraph.h mFarendObserverRef isn't ever initialized
Reporter | ||
Comment 4•9 years ago
|
||
Sorry, I was checking the wrong header file, here's the correct one: http://mxr.mozilla.org/mozilla-release/source/content/media/MediaStreamGraphImpl.h
Reporter | ||
Comment 5•9 years ago
|
||
I'll apologize again on commenting about a language I'm not really familiar with, the initialization is here: http://mxr.mozilla.org/mozilla-release/source/content/media/MediaStreamGraph.cpp#2733 2732 #ifdef MOZ_WEBRTC 2733 , mFarendObserverRef(nullptr) 2734 #endif
Reporter | ||
Comment 6•9 years ago
|
||
And it's definitely a duplicate of bug 1057274, the block 526 if (stream->AsSourceStream() && 527 stream->AsSourceStream()->NeedsMixing()) { 528 shouldAEC = true; 529 } causes shouldAEC to be undefined.
Updated•9 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•