Closed
Bug 1121757
Opened 10 years ago
Closed 10 years ago
Firefox crash in mp4_demuxer::AnnexB::ConvertSampleToAnnexB(mp4_demuxer::MP4Sample*)
Categories
(Core :: Audio/Video, defect)
Tracking
()
VERIFIED
FIXED
mozilla38
People
(Reporter: marcia, Assigned: jya)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
1.72 KB,
patch
|
kinetik
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-5f8671c4-c908-42b6-b741-5d4232150114.
=============================================================
Seen while looking at crash stats. Small volume crash which affects 38 and 36. Link to all reports: https://crash-stats.mozilla.com/report/list?productFirefox&signature=mp4_demuxer::AnnexB::ConvertSampleToAnnexB%28mp4_demuxer::MP4Sample*%29
Almost all URLs are youtube.com
Frame Module Signature Source
0 xul.dll mp4_demuxer::AnnexB::ConvertSampleToAnnexB(mp4_demuxer::MP4Sample*) media/libstagefright/binding/AnnexB.cpp
1 xul.dll mozilla::WMFVideoMFTManager::Input(mp4_demuxer::MP4Sample*) dom/media/fmp4/wmf/WMFVideoMFTManager.cpp
2 xul.dll mozilla::WMFMediaDataDecoder::ProcessDecode(mp4_demuxer::MP4Sample*) dom/media/fmp4/wmf/WMFMediaDataDecoder.cpp
3 xul.dll nsRunnableMethodImpl<void ( mozilla::DataStorage::*)(char const*), char const*, 1>::Run() xpcom/glue/nsThreadUtils.h
4 xul.dll mozilla::MediaTaskQueue::Runner::Run() dom/media/MediaTaskQueue.cpp
5 xul.dll nsThreadPool::Run() xpcom/threads/nsThreadPool.cpp
6 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp
7 xul.dll NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp
8 xul.dll mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp
9 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc
10 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc
11 xul.dll nsThread::ThreadFunc(void*) xpcom/threads/nsThread.cpp
12 nss3.dll _PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c
13 nss3.dll pr_root nsprpub/pr/src/md/windows/w95thred.c
14 msvcr120.dll _callthreadstartex f:\dd\vctools\crt\crtw32\startup\threadex.c:376
15 msvcr120.dll msvcr120.dll@0x2c000
16 kernel32.dll BaseThreadInitThunk
17 ntdll.dll __RtlUserThreadStart
18
|
Assignee | |
Comment 1•10 years ago
|
||
Marcia, is there a way to see which video they were watching ?
Flags: needinfo?(mozillamarcia.knous)
|
Reporter | |
Comment 2•10 years ago
|
||
Sure, here are the youtube ones:
1 http://www.youtube.com/watch?v=8to4Gczfg6M
1 http://www.youtube.com/watch?v=9Ip-zXjxB5c
1 http://www.youtube.com/watch?v=ebFlbh23EUU
1 http://www.youtube.com/watch?v=k1sCVOG9BF8&feature=youtu.be
1 http://www.youtube.com/watch?v=xLzIkAQuaEI&list=PL6oxDxxkSpoq0IX4JVHQfYnqxOh0gn2Cq
Flags: needinfo?(mozillamarcia.knous)
|
|
Reporter | |
Comment 3•10 years ago
|
||
(In reply to Marcia Knous [:marcia - use needinfo] from comment #2)
> Sure, here are the youtube ones:
>
> 1 http://www.youtube.com/watch?v=8to4Gczfg6M
> 1 http://www.youtube.com/watch?v=9Ip-zXjxB5c
> 1 http://www.youtube.com/watch?v=ebFlbh23EUU
> 1 http://www.youtube.com/watch?v=k1sCVOG9BF8&feature=youtu.be
> 1
> http://www.youtube.com/
> watch?v=xLzIkAQuaEI&list=PL6oxDxxkSpoq0IX4JVHQfYnqxOh0gn2Cq
I tried the videos a few different windows boxes and so far have not crashed.
|
|
Assignee | |
Comment 4•10 years ago
|
||
Rewrite AnnexB conversion using ByteReader, prevent out of bound memory access
Attachment #8550067 -
Flags: review?(kinetik)
|
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → jyavenard
Status: NEW → ASSIGNED
|
||
Updated•10 years ago
|
Attachment #8550067 -
Flags: review?(kinetik) → review+
|
|
Assignee | |
Comment 5•10 years ago
|
||
|
||
Comment 6•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
|
||
Comment 7•10 years ago
|
||
Comment on attachment 8550067 [details] [diff] [review]
Prevent out of bound memory access should AVC data be invalid
Approval Request Comment
[Feature/regressing bug #]: MSE
[User impact if declined]: Crashes playing mp4 video.
[Describe test coverage new/current, TBPL]: Landed on m-c.
[Risks and why]: This affects non-MSE playback, but is a straightforward and isolated fix to the error. I'd say risk is low.
[String/UUID change made/needed]: None.
Attachment #8550067 -
Flags: approval-mozilla-beta?
Attachment #8550067 -
Flags: approval-mozilla-aurora?
|
|
||
Updated•10 years ago
|
|
||
Updated•10 years ago
|
Attachment #8550067 -
Flags: approval-mozilla-beta?
Attachment #8550067 -
Flags: approval-mozilla-beta+
Attachment #8550067 -
Flags: approval-mozilla-aurora?
Attachment #8550067 -
Flags: approval-mozilla-aurora+
|
|
||
Comment 8•10 years ago
|
||
|
|
||
Comment 9•10 years ago
|
||
|
||
Comment 10•10 years ago
|
||
Was unable to reproduce the crash on both Windows 7 and 8 32-bit and based on Socorro there are no crashes on builds after Firefox 36 beta 3.
https://crash-stats.mozilla.com/report/list?productFirefox&signature=mp4_demuxer::AnnexB::ConvertSampleToAnnexB%28mp4_demuxer::MP4Sample*%29#tab-reports
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•