Conditional jump or move depends on uninitialised value(s) at webrtc::VCMQmResolution::GoingDownResolution

RESOLVED DUPLICATE of bug 1058212

Status

()

Core
WebRTC
RESOLVED DUPLICATE of bug 1058212
3 years ago
2 years ago

People

(Reporter: mitchwharper, Unassigned)

Tracking

({csectype-uninitialized, valgrind})

34 Branch
x86_64
Windows 8
csectype-uninitialized, valgrind
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Build ID: 20141126041045



Actual results:

==6262== Conditional jump or move depends on uninitialised value(s)
==6262==    at 0x972303C: webrtc::VCMQmResolution::GoingDownResolution() (qm_select.cc:559)
==6262==    by 0x9723440: webrtc::VCMQmResolution::SelectResolution(webrtc::VCMResolutionScale**) (qm_select.cc:374)
==6262==    by 0x97213E4: webrtc::media_optimization::MediaOptimization::SelectQuality(webrtc::VCMQMSettingsCallback*) (media_optimization.cc:476)
==6262==    by 0x9721944: webrtc::media_optimization::MediaOptimization::SetTargetRates(unsigned int, unsigned char, unsigned int, webrtc::VCMProtectionCallback*, webrtc::VCMQMSettingsCallback*) (media_optimization.cc:319)
==6262==    by 0x97292C8: webrtc::vcm::VideoSender::SetChannelParameters(unsigned int, unsigned char, unsigned int) (video_sender.cc:260)
==6262==    by 0x9726B1D: webrtc::(anonymous namespace)::VideoCodingModuleImpl::SetChannelParameters(unsigned int, unsigned char, unsigned int) (video_coding_impl.cc:152)
==6262==    by 0x96D8C11: webrtc::ViEEncoder::OnNetworkChanged(unsigned int, unsigned char, unsigned int) (vie_encoder.cc:1078)
==6262==    by 0x96DA1D5: webrtc::ViEBitrateObserver::OnNetworkChanged(unsigned int, unsigned char, unsigned int) (vie_encoder.cc:110)
==6262==    by 0x972C9F2: webrtc::BitrateControllerImpl::OnNetworkChanged(unsigned int, unsigned char, unsigned int) (bitrate_controller_impl.cc:322)
==6262==    by 0x972CB0F: webrtc::BitrateControllerImpl::OnReceivedRtcpReceiverReport(unsigned char, unsigned int, int, unsigned int) (bitrate_controller_impl.cc:275)
==6262==    by 0x972D090: webrtc::RtcpBandwidthObserverImpl::OnReceivedRtcpReceiverReport(std::list<webrtc::RTCPReportBlock, std::allocator<webrtc::RTCPReportBlock> > const&, unsigned short, long) (bitrate_controller_impl.cc:71)
==6262==    by 0x96EE1AA: webrtc::RTCPReceiver::TriggerCallbacksFromRTCPPacket(webrtc::RTCPHelp::RTCPPacketInformation&) (rtcp_receiver.cc:1482)
==6262==  Uninitialised value was created by a heap allocation
==6262==    at 0x4C2B0E0: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6262==    by 0x9726EEB: webrtc::VideoCodingModule::Create(int) (video_coding_impl.cc:87)
==6262==    by 0x96D6F7E: webrtc::ViEEncoder::ViEEncoder(int, int, unsigned int, webrtc::Config const&, webrtc::ProcessThread&, webrtc::BitrateController*) (vie_encoder.cc:158)
==6262==    by 0x96D3A41: webrtc::ViEChannelManager::CreateChannel(int*, webrtc::Config const*) (vie_channel_manager.cc:112)
==6262==    by 0x96C68AD: webrtc::ViEBaseImpl::CreateChannel(int&, webrtc::Config const*) (vie_base_impl.cc:169)
==6262==    by 0x96C659D: webrtc::ViEBaseImpl::CreateChannel(int&) (vie_base_impl.cc:161)
==6262==    by 0x8453CA6: mozilla::WebrtcVideoConduit::Init(mozilla::WebrtcVideoConduit*) (VideoConduit.cpp:407)
==6262==    by 0x8454003: mozilla::VideoSessionConduit::Create(mozilla::VideoSessionConduit*) (VideoConduit.cpp:51)
==6262==    by 0x845B19A: vcmRxStartICE (VcmSIPCCBinding.cpp:1327)
==6262==    by 0x83BB967: lsm_rx_start (lsm.c:1018)
==6262==    by 0x83BC9B0: lsm_update_media (lsm.c:3804)
==6262==    by 0x83BE863: cc_call_state (lsm.c:3850)

Updated

3 years ago
Component: Untriaged → Video/Audio
Product: Firefox → Core

Updated

3 years ago
Component: Video/Audio → WebRTC
Keywords: csectype-uninitialized, valgrind
(Reporter)

Comment 1

3 years ago
Valgrind command: `G_SLICE=always-malloc valgrind --tool=memcheck --vex-iropt-register-updates=allregs-at-mem-access --smc-check=all-non-file ./firefox` on 34.0.5 release built for valgrind

Steps taken:
1. Start the browser
2. Open a new tab
3. Visit https://www.webrtc-experiment.com/RTCMultiConnection/MultiRTC/ in two separate tabs
4. Input the same room ID for both instances
5. Enable video and audio on the second tab, and allow access
6. Share my microphone and camera
7. Switch to other tab
8. Enable video and audio on first tab
9. Share camera and microphone
10. Preview camera from second user (this is where the first jump on uninitialized memory occured)
11. Preview microphone from second user
12. Switch tabs
13. Preview camera and mic from first user
14. Exit browser
(Reporter)

Comment 2

3 years ago
I actually did this run twice, and this trace is from the run with --track-changes=yes set, which is why you can see where the Encoder was initialized.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1058212

Updated

3 years ago
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.