Closed
Bug 1121757
Opened 9 years ago
Closed 9 years ago
Firefox crash in mp4_demuxer::AnnexB::ConvertSampleToAnnexB(mp4_demuxer::MP4Sample*)
Categories
(Core :: Audio/Video, defect)
Tracking
()
VERIFIED
FIXED
mozilla38
People
(Reporter: marcia, Assigned: jya)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
1.72 KB,
patch
|
kinetik
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-5f8671c4-c908-42b6-b741-5d4232150114. ============================================================= Seen while looking at crash stats. Small volume crash which affects 38 and 36. Link to all reports: https://crash-stats.mozilla.com/report/list?productFirefox&signature=mp4_demuxer::AnnexB::ConvertSampleToAnnexB%28mp4_demuxer::MP4Sample*%29 Almost all URLs are youtube.com Frame Module Signature Source 0 xul.dll mp4_demuxer::AnnexB::ConvertSampleToAnnexB(mp4_demuxer::MP4Sample*) media/libstagefright/binding/AnnexB.cpp 1 xul.dll mozilla::WMFVideoMFTManager::Input(mp4_demuxer::MP4Sample*) dom/media/fmp4/wmf/WMFVideoMFTManager.cpp 2 xul.dll mozilla::WMFMediaDataDecoder::ProcessDecode(mp4_demuxer::MP4Sample*) dom/media/fmp4/wmf/WMFMediaDataDecoder.cpp 3 xul.dll nsRunnableMethodImpl<void ( mozilla::DataStorage::*)(char const*), char const*, 1>::Run() xpcom/glue/nsThreadUtils.h 4 xul.dll mozilla::MediaTaskQueue::Runner::Run() dom/media/MediaTaskQueue.cpp 5 xul.dll nsThreadPool::Run() xpcom/threads/nsThreadPool.cpp 6 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 7 xul.dll NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 8 xul.dll mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 9 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc 10 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 11 xul.dll nsThread::ThreadFunc(void*) xpcom/threads/nsThread.cpp 12 nss3.dll _PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c 13 nss3.dll pr_root nsprpub/pr/src/md/windows/w95thred.c 14 msvcr120.dll _callthreadstartex f:\dd\vctools\crt\crtw32\startup\threadex.c:376 15 msvcr120.dll msvcr120.dll@0x2c000 16 kernel32.dll BaseThreadInitThunk 17 ntdll.dll __RtlUserThreadStart 18
|
Assignee | |
Comment 1•9 years ago
|
||
Marcia, is there a way to see which video they were watching ?
Flags: needinfo?(mozillamarcia.knous)
|
Reporter | |
Comment 2•9 years ago
|
||
Sure, here are the youtube ones: 1 http://www.youtube.com/watch?v=8to4Gczfg6M 1 http://www.youtube.com/watch?v=9Ip-zXjxB5c 1 http://www.youtube.com/watch?v=ebFlbh23EUU 1 http://www.youtube.com/watch?v=k1sCVOG9BF8&feature=youtu.be 1 http://www.youtube.com/watch?v=xLzIkAQuaEI&list=PL6oxDxxkSpoq0IX4JVHQfYnqxOh0gn2Cq
Flags: needinfo?(mozillamarcia.knous)
|
|
Reporter | |
Comment 3•9 years ago
|
||
(In reply to Marcia Knous [:marcia - use needinfo] from comment #2) > Sure, here are the youtube ones: > > 1 http://www.youtube.com/watch?v=8to4Gczfg6M > 1 http://www.youtube.com/watch?v=9Ip-zXjxB5c > 1 http://www.youtube.com/watch?v=ebFlbh23EUU > 1 http://www.youtube.com/watch?v=k1sCVOG9BF8&feature=youtu.be > 1 > http://www.youtube.com/ > watch?v=xLzIkAQuaEI&list=PL6oxDxxkSpoq0IX4JVHQfYnqxOh0gn2Cq I tried the videos a few different windows boxes and so far have not crashed.
|
|
Assignee | |
Comment 4•9 years ago
|
||
Rewrite AnnexB conversion using ByteReader, prevent out of bound memory access
Attachment #8550067 -
Flags: review?(kinetik)
|
|
Assignee | |
Updated•9 years ago
|
Assignee: nobody → jyavenard
Status: NEW → ASSIGNED
|
||
Updated•9 years ago
|
Attachment #8550067 -
Flags: review?(kinetik) → review+
|
|
Assignee | |
Comment 5•9 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/47b586de5661
|
||
Comment 6•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/47b586de5661
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
|
||
Comment 7•9 years ago
|
||
Comment on attachment 8550067 [details] [diff] [review] Prevent out of bound memory access should AVC data be invalid Approval Request Comment [Feature/regressing bug #]: MSE [User impact if declined]: Crashes playing mp4 video. [Describe test coverage new/current, TBPL]: Landed on m-c. [Risks and why]: This affects non-MSE playback, but is a straightforward and isolated fix to the error. I'd say risk is low. [String/UUID change made/needed]: None.
Attachment #8550067 -
Flags: approval-mozilla-beta?
Attachment #8550067 -
Flags: approval-mozilla-aurora?
|
|
||
Updated•9 years ago
|
|
||
Updated•9 years ago
|
Attachment #8550067 -
Flags: approval-mozilla-beta?
Attachment #8550067 -
Flags: approval-mozilla-beta+
Attachment #8550067 -
Flags: approval-mozilla-aurora?
Attachment #8550067 -
Flags: approval-mozilla-aurora+
|
||
Comment 10•9 years ago
|
||
Was unable to reproduce the crash on both Windows 7 and 8 32-bit and based on Socorro there are no crashes on builds after Firefox 36 beta 3. https://crash-stats.mozilla.com/report/list?productFirefox&signature=mp4_demuxer::AnnexB::ConvertSampleToAnnexB%28mp4_demuxer::MP4Sample*%29#tab-reports
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•