Closed Bug 1132757 Opened 9 years ago Closed 9 years ago

Firefox crash in mozilla::MFTDecoder::Input(unsigned char const*, unsigned int, __int64)


(Core :: Audio/Video, defect, P1)

37 Branch
Windows NT



Tracking Status
firefox37 + fixed
firefox38 + fixed
firefox39 --- fixed


(Reporter: marcia, Assigned: mattwoodrow)


(Blocks 1 open bug)


(Keywords: crash)

Crash Data


(1 file)

This bug was filed from the Socorro interface and is 
report bp-b620182d-ba98-4330-bc46-527a72150212.

Seen while looking at Aurora crash stats. Small volume crash seen as recently as Build 2015021200 with crashes dating back to 2015020300. Product breakdown shows other crashes on Beta and 35.0.1 as well, so not specific to Aurora.

Link to crashes:*,%20unsigned%20int,%20__int64%29

Almost all URLs are - some samples:

Truncate URLs
Total Count 	URL

Frame 	Module 	Signature 	Source
0 	xul.dll 	mozilla::MFTDecoder::Input(unsigned char const*, unsigned int, __int64) 	dom/media/fmp4/wmf/MFTDecoder.cpp
1 	xul.dll 	mozilla::WMFVideoMFTManager::Input(mp4_demuxer::MP4Sample*) 	dom/media/fmp4/wmf/WMFVideoMFTManager.cpp
2 	xul.dll 	mozilla::WMFMediaDataDecoder::ProcessDecode(mp4_demuxer::MP4Sample*) 	dom/media/fmp4/wmf/WMFMediaDataDecoder.cpp
3 	xul.dll 	nsRunnableMethodImpl<void ( mozilla::DataStorage::*)(char const*), char const*, 1>::Run() 	xpcom/glue/nsThreadUtils.h
4 	xul.dll 	mozilla::MediaTaskQueue::Runner::Run() 	dom/media/MediaTaskQueue.cpp
5 	xul.dll 	nsThreadPool::Run() 	xpcom/threads/nsThreadPool.cpp
6 	xul.dll 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp
7 	xul.dll 	NS_ProcessNextEvent(nsIThread*, bool) 	xpcom/glue/nsThreadUtils.cpp
8 	xul.dll 	mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp
9 	xul.dll 	MessageLoop::RunHandler() 	ipc/chromium/src/base/
10 	xul.dll 	MessageLoop::Run() 	ipc/chromium/src/base/
11 	xul.dll 	nsThread::ThreadFunc(void*) 	xpcom/threads/nsThread.cpp
12 	nss3.dll 	_PR_NativeRunThread 	nsprpub/pr/src/threads/combined/pruthr.c
13 	nss3.dll 	pr_root 	nsprpub/pr/src/md/windows/w95thred.c
14 	msvcr120.dll 	_callthreadstartex 	f:\dd\vctools\crt\crtw32\startup\threadex.c:376
15 	msvcr120.dll 	msvcr120.dll@0x2c000 	
16 	kernel32.dll 	BaseThreadInitThunk 	
17 	ntdll.dll 	__RtlUserThreadStart 	
18 	ntdll.dll 	_RtlUserThreadStart
Flags: needinfo?(cpearce)
Priority: -- → P1
0x2c is the offset of mDecoder within MFTDecoder, so mDecoder in WMFVideoMFTManager::Input must be nullptr.
Matt, are you working on this? Just wondering what the next steps are.
No, I assumed cpearce would be, I don't know this code very well.

I can take a look if cpearce is too busy with EME though. Chris?
(In reply to Matt Woodrow (:mattwoodrow) from comment #3)
> I can take a look if cpearce is too busy with EME though. Chris?

Yes please!
Flags: needinfo?(cpearce) → needinfo?(matt.woodrow)
Looks like this can happen during MediaDecoderReader::Shutdown().

We call ReleaseMediaResources, which will (via the PDM task queue) call Shutdown, and release mDecoder.

We then also wait for the decoder task queue to complete, which could include a RequestVideoData/Input task.
Assignee: nobody → matt.woodrow
Flags: needinfo?(matt.woodrow)
Attachment #8568375 - Flags: review?(cpearce)
Attachment #8568375 - Flags: review?(cpearce) → review+
Comment on attachment 8568375 [details] [diff] [review]
Avoid crash when calling Input after Shutdown

Approval Request Comment
[Feature/regressing bug #]: MSE
[User impact if declined]: Crashes playing youtube and other MSE video.
[Describe test coverage new/current, TreeHerder]: Green on inbound.
[Risks and why]: Risk is minimal. Returns failure instead of crashing in an error condition.
[String/UUID change made/needed]: None
Attachment #8568375 - Flags: approval-mozilla-beta?
Attachment #8568375 - Flags: approval-mozilla-aurora?
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Attachment #8568375 - Flags: approval-mozilla-beta?
Attachment #8568375 - Flags: approval-mozilla-beta+
Attachment #8568375 - Flags: approval-mozilla-aurora?
Attachment #8568375 - Flags: approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.