Closed Bug 1132757 Opened 10 years ago Closed 10 years ago

Firefox crash in mozilla::MFTDecoder::Input(unsigned char const*, unsigned int, __int64)

Categories

(Core :: Audio/Video, defect, P1)

Product:
Core
Component:
Audio/Video
Version:
37 Branch
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla39
Tracking Flags:
Tracking Status
firefox37 + fixed
firefox38 + fixed
firefox39 --- fixed

People

(Reporter: marcia, Assigned: mattwoodrow)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Avoid crash when calling Input after Shutdown
1.05 KB, patch
cpearce
: review+
lsblakk
: approval-mozilla-aurora+
lsblakk
: approval-mozilla-beta+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-b620182d-ba98-4330-bc46-527a72150212. ============================================================= Seen while looking at Aurora crash stats. Small volume crash seen as recently as Build 2015021200 with crashes dating back to 2015020300. Product breakdown shows other crashes on Beta and 35.0.1 as well, so not specific to Aurora. Link to crashes: https://crash-stats.mozilla.com/report/list?signature=mozilla::MFTDecoder::Input%28unsigned%20char%20const*,%20unsigned%20int,%20__int64%29 Almost all URLs are youtube.com - some samples: Truncate URLs Total Count URL 2 https://www.youtube.com/watch?v=-rdK1oDiQtI 1 https://www.youtube.com/watch?v=FtuoEtohPv4 1 http://www.youtube.com/watch?v=96VpplqGe6M 1 https://www.youtube.com/watch?v=ct0StLPZI7Q 1 https://www.youtube.com/watch?v=we9_CdNPuJg 1 https://www.youtube.com/watch?v=fNSXAHLX0Uk 1 https://www.youtube.com/watch?v=t7XtzYQYm5I 1 https://www.youtube.com/watch?v=QrVoZ43eF_g Frame Module Signature Source 0 xul.dll mozilla::MFTDecoder::Input(unsigned char const*, unsigned int, __int64) dom/media/fmp4/wmf/MFTDecoder.cpp 1 xul.dll mozilla::WMFVideoMFTManager::Input(mp4_demuxer::MP4Sample*) dom/media/fmp4/wmf/WMFVideoMFTManager.cpp 2 xul.dll mozilla::WMFMediaDataDecoder::ProcessDecode(mp4_demuxer::MP4Sample*) dom/media/fmp4/wmf/WMFMediaDataDecoder.cpp 3 xul.dll nsRunnableMethodImpl<void ( mozilla::DataStorage::*)(char const*), char const*, 1>::Run() xpcom/glue/nsThreadUtils.h 4 xul.dll mozilla::MediaTaskQueue::Runner::Run() dom/media/MediaTaskQueue.cpp 5 xul.dll nsThreadPool::Run() xpcom/threads/nsThreadPool.cpp 6 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 7 xul.dll NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 8 xul.dll mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 9 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc 10 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 11 xul.dll nsThread::ThreadFunc(void*) xpcom/threads/nsThread.cpp 12 nss3.dll _PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c 13 nss3.dll pr_root nsprpub/pr/src/md/windows/w95thred.c 14 msvcr120.dll _callthreadstartex f:\dd\vctools\crt\crtw32\startup\threadex.c:376 15 msvcr120.dll msvcr120.dll@0x2c000 16 kernel32.dll BaseThreadInitThunk 17 ntdll.dll __RtlUserThreadStart 18 ntdll.dll _RtlUserThreadStart
Flags: needinfo?(cpearce)
Priority: -- → P1
0x2c is the offset of mDecoder within MFTDecoder, so mDecoder in WMFVideoMFTManager::Input must be nullptr.
Matt, are you working on this? Just wondering what the next steps are.
No, I assumed cpearce would be, I don't know this code very well. I can take a look if cpearce is too busy with EME though. Chris?
(In reply to Matt Woodrow (:mattwoodrow) from comment #3) > I can take a look if cpearce is too busy with EME though. Chris? Yes please!
Flags: needinfo?(cpearce) → needinfo?(matt.woodrow)
Looks like this can happen during MediaDecoderReader::Shutdown(). We call ReleaseMediaResources, which will (via the PDM task queue) call Shutdown, and release mDecoder. We then also wait for the decoder task queue to complete, which could include a RequestVideoData/Input task.
Assignee: nobody → matt.woodrow
Flags: needinfo?(matt.woodrow)
Attachment #8568375 - Flags: review?(cpearce)
Attachment #8568375 - Flags: review?(cpearce) → review+
Comment on attachment 8568375 [details] [diff] [review] Avoid crash when calling Input after Shutdown Approval Request Comment [Feature/regressing bug #]: MSE [User impact if declined]: Crashes playing youtube and other MSE video. [Describe test coverage new/current, TreeHerder]: Green on inbound. [Risks and why]: Risk is minimal. Returns failure instead of crashing in an error condition. [String/UUID change made/needed]: None
Attachment #8568375 - Flags: approval-mozilla-beta?
Attachment #8568375 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/4b19506f6313
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox39: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Attachment #8568375 - Flags: approval-mozilla-beta?
Attachment #8568375 - Flags: approval-mozilla-beta+
Attachment #8568375 - Flags: approval-mozilla-aurora?
Attachment #8568375 - Flags: approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: