crash in abort | abort | __android_log_assert | stagefright::SampleTable::setSampleToChunkParams(__int64, unsigned int)

RESOLVED FIXED in Firefox 36

Status

()

defect
--
critical
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: dmajor, Assigned: eflores)

Tracking

({crash})

unspecified
mozilla38
x86
Windows NT
Points:
---

Firefox Tracking Flags

(firefox36+ verified, firefox37 fixed, firefox38 fixed)

Details

(crash signature)

Attachments

(1 attachment)

Reporter

Description

4 years ago
[Tracking Requested - why for this release]: This is a top crash on 36 beta.

This bug was filed from the Socorro interface and is 
report bp-4d62b602-1604-41ee-83b0-c0dfd2150121.
=============================================================

CHECK(U32_AT(buffer) >= 1)
http://hg.mozilla.org/releases/mozilla-beta/annotate/521859f9eae2/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp#l260

The top URL by far is http://www.microsoft.com/en-us/outlook-com/ which currently contains a video.
Reporter

Comment 1

4 years ago
Forgot to mention: This happens almost exclusively on Win7
Top crash, tracking!
Posted patch 1127115.patchSplinter Review
I can't reproduce this anywhere. I suspect a malformed MP4 that has now been fixed.

We should at least make the assertion non-fatal. It is trivial to construct an MP4 that would kill the browser.
Attachment #8556771 - Flags: review?(ajones) → review+
Comment on attachment 8556771 [details] [diff] [review]
1127115.patch

Approval Request Comment
[Feature/regressing bug #]: MP4 playback
[User impact if declined]: crashing on some (possibly malformed) MP4s
[Describe test coverage new/current, TreeHerder]: Nope
[Risks and why]: None
[String/UUID change made/needed]: None
Attachment #8556771 - Flags: approval-mozilla-beta?
Attachment #8556771 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/ae4c8ecf7145
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
Attachment #8556771 - Flags: approval-mozilla-beta?
Attachment #8556771 - Flags: approval-mozilla-beta+
Attachment #8556771 - Flags: approval-mozilla-aurora?
Attachment #8556771 - Flags: approval-mozilla-aurora+

Comment 8

4 years ago
I can confirm this is gone from 36.0b6.
Adding the Mac specific signature to the crash field.
Crash Signature: [@ abort | abort | __android_log_assert | stagefright::SampleTable::setSampleToChunkParams(__int64, unsigned int)] → [@ abort | abort | __android_log_assert | stagefright::SampleTable::setSampleToChunkParams(__int64, unsigned int)] [@ __android_log_assert | stagefright::SampleTable::setSampleToChunkParams(long long, unsigned long)]
You need to log in before you can comment on or make changes to this bug.