crash in abort | abort | __android_log_assert | stagefright::SampleTable::setSampleToChunkParams(__int64, unsigned int)

RESOLVED FIXED in Firefox 36

Status

()

Core
Audio/Video
--
critical
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: dmajor, Assigned: eflores)

Tracking

({crash})

unspecified
mozilla38
x86
Windows NT
crash
Points:
---

Firefox Tracking Flags

(firefox36+ verified, firefox37 fixed, firefox38 fixed)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
[Tracking Requested - why for this release]: This is a top crash on 36 beta.

This bug was filed from the Socorro interface and is 
report bp-4d62b602-1604-41ee-83b0-c0dfd2150121.
=============================================================

CHECK(U32_AT(buffer) >= 1)
http://hg.mozilla.org/releases/mozilla-beta/annotate/521859f9eae2/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp#l260

The top URL by far is http://www.microsoft.com/en-us/outlook-com/ which currently contains a video.
(Reporter)

Comment 1

3 years ago
Forgot to mention: This happens almost exclusively on Win7
Top crash, tracking!
tracking-firefox36: ? → +
Created attachment 8556771 [details] [diff] [review]
1127115.patch

I can't reproduce this anywhere. I suspect a malformed MP4 that has now been fixed.

We should at least make the assertion non-fatal. It is trivial to construct an MP4 that would kill the browser.
Attachment #8556771 - Flags: review?(ajones)
Attachment #8556771 - Flags: review?(ajones) → review+
Comment on attachment 8556771 [details] [diff] [review]
1127115.patch

Approval Request Comment
[Feature/regressing bug #]: MP4 playback
[User impact if declined]: crashing on some (possibly malformed) MP4s
[Describe test coverage new/current, TreeHerder]: Nope
[Risks and why]: None
[String/UUID change made/needed]: None
Attachment #8556771 - Flags: approval-mozilla-beta?
Attachment #8556771 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/ae4c8ecf7145
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
status-firefox37: --- → affected
status-firefox38: --- → fixed
Attachment #8556771 - Flags: approval-mozilla-beta?
Attachment #8556771 - Flags: approval-mozilla-beta+
Attachment #8556771 - Flags: approval-mozilla-aurora?
Attachment #8556771 - Flags: approval-mozilla-aurora+
https://hg.mozilla.org/releases/mozilla-aurora/rev/cad51d6a9b41
https://hg.mozilla.org/releases/mozilla-beta/rev/c76f32421541
Assignee: nobody → edwin
status-firefox36: affected → fixed
status-firefox37: affected → fixed

Comment 8

3 years ago
I can confirm this is gone from 36.0b6.
status-firefox36: fixed → verified
Adding the Mac specific signature to the crash field.
Crash Signature: [@ abort | abort | __android_log_assert | stagefright::SampleTable::setSampleToChunkParams(__int64, unsigned int)] → [@ abort | abort | __android_log_assert | stagefright::SampleTable::setSampleToChunkParams(__int64, unsigned int)] [@ __android_log_assert | stagefright::SampleTable::setSampleToChunkParams(long long, unsigned long)]
You need to log in before you can comment on or make changes to this bug.