Closed
Bug 1150271
Opened 10 years ago
Closed 10 years ago
WebRTC session crashes in mozilla::MediaEngineGonkVideoSource::StartImpl()
Categories
(Core :: WebRTC: Audio/Video, defect)
Tracking
()
People
(Reporter: diego, Assigned: sotaro)
References
Details
(Keywords: crash, Whiteboard: [b2g-crash][caf-crash 595][caf priority: p1][CR 815094])
Attachments
(3 files)
|
137.37 KB,
text/plain
|
Details | |
|
286.22 KB,
text/plain
|
Details | |
|
1.50 KB,
patch
|
Details | Diff | Splinter Review |
There's a hard to reproduce null dereference crash in MediaEngineGonkVideoSource.
My best guess is it's we need to null check mCameraControl [1]
[1] https://mxr.mozilla.org/mozilla-central/source/dom/media/webrtc/MediaEngineGonkVideoSource.cpp#473
|
Reporter | |
Comment 1•10 years ago
|
||
[Blocking Requested - why for this release]:
Blocks: CAF-v2.2-metabug
blocking-b2g: --- → 2.0?
|
|
Reporter | |
Updated•10 years ago
|
Whiteboard: [CR 815094]
|
||
Updated•10 years ago
|
Whiteboard: [CR 815094] → [caf priority: p1][CR 815094]
|
|
||
Updated•10 years ago
|
Whiteboard: [caf priority: p1][CR 815094] → [b2g-crash][caf-crash 595][caf priority: p1][CR 815094]
|
|
||
Comment 2•10 years ago
|
||
Observed on:
Device: msm8909
Gonk Version: AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.116
Moz BuildID: 20150323002504
Manifest: https://www.codeaurora.org/cgit/quic/lf/b2g/manifest/tree/caf_AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.116.xml?h=release
Gecko Version: 37.0
Gaia: http://git.mozilla.org/?p=releases/gaia.git;a=commit;h=7f367fc98ffdd183f21d2cdfe20556ab877ece34
Gecko: http://git.mozilla.org/?p=releases/gecko.git;a=commit;h=3970b1e517b6447237421c1f9e7845c00bde0838
Patches: bug 1133398, bug 1143694, bug 1146987, bug 1145724, bug 1147646, bug 1133147, bug 1142770
|
|
||
Comment 3•10 years ago
|
||
|
|
||
Comment 4•10 years ago
|
||
|
|
Reporter | |
Comment 5•10 years ago
|
||
Sotaro,
Looks like there's a race condition somewhere here. Does the mCameraControl null check make sense?
Flags: needinfo?(sotaro.ikeda.g)
|
||
Updated•10 years ago
|
blocking-b2g: 2.2? → 2.2+
|
Assignee | |
Comment 6•10 years ago
|
||
(In reply to Diego Wilson [:diego] from comment #5)
> Looks like there's a race condition somewhere here. Does the mCameraControl
> null check make sense?
I just looked the source, the implementation seems very tricky. I am going to look into more.
Assignee: nobody → sotaro.ikeda.g
Flags: needinfo?(sotaro.ikeda.g)
|
||
Comment 7•10 years ago
|
||
Could we know if there is any update? Thanks.
Flags: needinfo?(sotaro.ikeda.g)
|
|
Assignee | |
Comment 8•10 years ago
|
||
The following functions could be related to the crash. They have a common characteristics. They are called on media thread(MediaManager's thread) and actual task is done on main thread. And They synchronously wait the task's completion.
- MediaEngineGonkVideoSource::Allocate()
- allocate ICameraControl
- MediaEngineGonkVideoSource::Start()
- Trigger MediaEngineGonkVideoSource::StartImpl() call.
- MediaEngineGonkVideoSource::Deallocate()
- Clear ICameraControl pointer.
Flags: needinfo?(sotaro.ikeda.g)
|
|
Assignee | |
Comment 9•10 years ago
|
||
ICameraControl does not call valid callback function until ICameraControl::Start() is called. Therefore, it seems not possible that ICameraControl is cleared between MediaEngineGonkVideoSource::Start() and MediaEngineGonkVideoSource::StartImpl().
Instead it seems possible that ICameraControl is nullptr when MediaEngineGonkVideoSource::Start() is called. MediaEngineGonkVideoSource::Start() does not check ICameraControl pointer.
|
|
Assignee | |
Comment 10•10 years ago
|
||
FYI: The following is a diagram around MediaManager on gonk.
https://github.com/sotaroikeda/firefox-diagrams/blob/master/media/dom_media_MediaManager_FirefoxOS_2_2.pdf
|
|
Assignee | |
Comment 11•10 years ago
|
||
Comment 9 is just one possibility of the crash. Therefore I am going to create a new bug for it.
|
|
Assignee | |
Comment 12•10 years ago
|
||
Diego, can you confirm if the problem still happens?
Flags: needinfo?(dwilson)
|
|
Reporter | |
Comment 13•10 years ago
|
||
Sotaro,
We are currently patching gecko to avoid this crash
Flags: needinfo?(dwilson)
|
|
Assignee | |
Comment 14•10 years ago
|
||
(In reply to Diego Wilson [:diego] from comment #13)
> Created attachment 8592308 [details] [diff] [review]
> 0001-Bug-1150271-WebRTC-session-crashes-in-mozilla-MediaE.patch
>
> Sotaro,
>
> We are currently patching gecko to avoid this crash
diego, can it be removed? If the code of MediaEngineGonkVideoSource works as expected, this bugs fix should prevent the crash.
Flags: needinfo?(dwilson)
|
|
Reporter | |
Comment 15•10 years ago
|
||
OK, I'll remove the patch from our builds and wait and see if the crash comes up again.
Flags: needinfo?(dwilson)
|
|
Assignee | |
Comment 16•10 years ago
|
||
Thanks!
|
|
Reporter | |
Comment 17•10 years ago
|
||
OK. I removed the patch from our builds. I'll mark this bug as resolved and reopen if I see the crash again. Thanks for your help sotaro!
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
||
Updated•10 years ago
|
status-b2g-v2.2:
--- → fixed
status-b2g-master:
--- → fixed
status-firefox38:
--- → wontfix
status-firefox39:
--- → wontfix
status-firefox40:
--- → fixed
Target Milestone: --- → mozilla40
|
|
Assignee | |
Comment 18•10 years ago
|
||
(In reply to Diego Wilson [:diego] from comment #17)
> OK. I removed the patch from our builds. I'll mark this bug as resolved and
> reopen if I see the crash again. Thanks for your help sotaro!
No problem :-)
You need to log in
before you can comment on or make changes to this bug.
Description
•