Closed Bug 1153650 Opened 7 years ago Closed 7 years ago

Firefox segmentation fault on video playback (gstreamer) running OpenBSD

Categories

(Core :: Audio/Video: Playback, defect, P5)

37 Branch
x86_64
OpenBSD
defect

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: adam.wolk, Unassigned)

References

Details

User Agent: Mozilla/5.0 (X11; OpenBSD amd64; rv:37.0) Gecko/20100101 Firefox/37.0
Build ID: 20150408192825

Steps to reproduce:

I'm trying to watch the latest BSDNow.tv episode in Firefox and it works
perfectly fine until
they go to discuss port reviews by the end of the episode.

I managed to reproduce the crash twice so far, always resulting in the
same segmentation
fault that looks like coming from gstreamer.

Running:
 amd64 snapshot from Apr 9 GENERIC.MP + a re0 patch from Brad Smith
 Gnome 3.16.0
 firefox-37.0.1 (installed)
 etc/login.conf :datasize-cur=1536M
 dmesg at the far end
 
Steps to reproduce:
 1. Start firefox
 2. Navigate to:
 http://www.bsdnow.tv/episodes/2015_04_08-pkg_remove_freebsd-update
 3. Press play - keep on 360p
 4. Skip to 1h 10m
 5. Wait for Chris to speak.
 6. There is a slight chance that the browser will crash when Allan
 talks before they both
     get to OpenBSD content.

Possible workarounds:
 - youtube-dl the epsisode & play in mplayer/vlc
 - watch the video in 720p (not able to reproduce crash when video is on
 720p)

Crash reproduced 4 times:
 1) 16:12 (783M core dump)
 2) 16:22 (572M core dump)
 3) 16:24 (270M core dump)
 4) 16:28 (263M core dump)

The reason for the core dumps getting smaller is me narrowing down the
issue.
First test runs had more tabs open, last two tests were done with no
other tabs
than the linked bsdnow.tv page.

Allan Jude on twitter (https://twitter.com/allanjude/status/587299374528512000) suggested it might be:
 - https://www.mozilla.org/en-US/security/advisories/mfsa2015-31/
though that tweet was most probably a joke but I don't know how to verify if that patch is included
in my Firefox build.

This issue was originally reported to the OpenBSD mailing lists:
 - http://marc.info/?l=openbsd-ports&m=142884995931428&w=2


Actual results:

$ firefox 
Segmentation fault (core dumped)

Trace run 1:
#0  0x00000b40930669ba in kill () at <stdin>:2
2       <stdin>: No such file or directory.
        in <stdin>
(gdb) bt
#0  0x00000b40930669ba in kill () at <stdin>:2
#1  0x00000b4148eb53a4 in workerlz4_maxCompressedSize () from
/usr/local/lib/firefox-37.0.1/libxul.so.55.0
#2  <signal handler called>
#3  0x00000b416be82dd7 in aac_decode_frame_int () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#4  0x00000b416be84c7e in aac_decode_frame () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#5  0x00000b416c12fabc in avcodec_decode_audio4 () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#6  0x00000b416bdc960e in gst_ffmpegauddec_frame () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#7  0x00000b416bdc9f8d in gst_ffmpegauddec_handle_frame () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#8  0x00000b4160daab20 in gst_audio_decoder_push_buffers
(dec=0xb40d17462a0, force=0) at gstaudiodecoder.c:1415
#9  0x00000b4160daafc1 in gst_audio_decoder_chain_forward
(dec=0xb40d17462a0, buffer=0xb4074a29440) at gstaudiodecoder.c:1518
#10 0x00000b4160daedfc in gst_audio_decoder_chain (pad=Variable "pad" is
not available.
) at gstaudiodecoder.c:1797
#11 0x00000b415a84bfa4 in gst_pad_chain_data_unchecked
(pad=0xb407cfc0360, type=Variable "type" is not available.
) at gstpad.c:3830
#12 0x00000b415a855118 in gst_pad_push_data (pad=0xb41408f9d70,
type=4112, data=0xb4074a29440) at gstpad.c:4063
#13 0x00000b415b1121bb in gst_base_parse_push_frame
(parse=0xb40ab116230, frame=0xb4123b055c0) at gstbaseparse.c:2304
#14 0x00000b415b113939 in gst_base_parse_chain (pad=Variable "pad" is
not available.
) at gstbaseparse.c:2824
#15 0x00000b415a84bfa4 in gst_pad_chain_data_unchecked
(pad=0xb41408f9b40, type=Variable "type" is not available.
) at gstpad.c:3830
#16 0x00000b415a855118 in gst_pad_push_data (pad=0xb41408f9910,
type=4112, data=0xb4074a29440) at gstpad.c:4063
#17 0x00000b4161629c77 in gst_multi_queue_loop (pad=Variable "pad" is
not available.
) at gstmultiqueue.c:1229
#18 0x00000b415a87bfa9 in gst_task_func (task=0xb40899505f0) at
gsttask.c:316
#19 0x00000b40f4e7e3fd in g_thread_pool_thread_proxy () from
/usr/local/lib/libglib-2.0.so.4200.1
#20 0x00000b40f4e7d789 in g_thread_proxy () from
/usr/local/lib/libglib-2.0.so.4200.1
#21 0x00000b408cb20a7e in _rthread_start (v=Variable "v" is not
available.
) at /usr/src/lib/librthread/rthread.c:145
#22 0x00000b409302761b in __tfork_thread () at
/usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75
#23 0x0000000000000000 in ?? ()
Current language:  auto; currently asm
(gdb) 

Trace 2:
#0  0x000003c8525159ba in kill () at <stdin>:2
2       <stdin>: No such file or directory.
        in <stdin>
(gdb) bt
#0  0x000003c8525159ba in kill () at <stdin>:2
#1  0x000003c7f2b873a4 in workerlz4_maxCompressedSize () from
/usr/local/lib/firefox-37.0.1/libxul.so.55.0
#2  <signal handler called>
#3  0x000003c8b751fc04 in decode_ics () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#4  0x000003c8b75205d1 in decode_cpe () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#5  0x000003c8b752102e in aac_decode_frame_int () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#6  0x000003c8b7522c7e in aac_decode_frame () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#7  0x000003c8b77cdabc in avcodec_decode_audio4 () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#8  0x000003c8b746760e in gst_ffmpegauddec_frame () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#9  0x000003c8b7467f8d in gst_ffmpegauddec_handle_frame () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#10 0x000003c8b3bd2b20 in gst_audio_decoder_push_buffers
(dec=0x3c864adfaa0, force=0) at gstaudiodecoder.c:1415
#11 0x000003c8b3bd2fc1 in gst_audio_decoder_chain_forward
(dec=0x3c864adfaa0, buffer=0x3c80ce778c0) at gstaudiodecoder.c:1518
#12 0x000003c8b3bd6dfc in gst_audio_decoder_chain (pad=Variable "pad" is
not available.
) at gstaudiodecoder.c:1797
#13 0x000003c8afa11fa4 in gst_pad_chain_data_unchecked
(pad=0x3c814f71620, type=Variable "type" is not available.
) at gstpad.c:3830
#14 0x000003c8afa1b118 in gst_pad_push_data (pad=0x3c814f711c0,
type=4112, data=0x3c80ce778c0) at gstpad.c:4063
#15 0x000003c8b02d81bb in gst_base_parse_push_frame
(parse=0x3c8134a9a30, frame=0x3c7afcd5b30) at gstbaseparse.c:2304
#16 0x000003c8b02d9939 in gst_base_parse_chain (pad=Variable "pad" is
not available.
) at gstbaseparse.c:2824
#17 0x000003c8afa11fa4 in gst_pad_chain_data_unchecked
(pad=0x3c814f70f90, type=Variable "type" is not available.
) at gstpad.c:3830
#18 0x000003c8afa1b118 in gst_pad_push_data (pad=0x3c814f70d60,
type=4112, data=0x3c80ce778c0) at gstpad.c:4063
#19 0x000003c8b4029c77 in gst_multi_queue_loop (pad=Variable "pad" is
not available.
) at gstmultiqueue.c:1229
#20 0x000003c8afa41fa9 in gst_task_func (task=0x3c8336c8ef0) at
gsttask.c:316
#21 0x000003c87af503fd in g_thread_pool_thread_proxy () from
/usr/local/lib/libglib-2.0.so.4200.1
#22 0x000003c87af4f789 in g_thread_proxy () from
/usr/local/lib/libglib-2.0.so.4200.1
#23 0x000003c864baaa7e in _rthread_start (v=Variable "v" is not
available.
) at /usr/src/lib/librthread/rthread.c:145
#24 0x000003c8524d661b in __tfork_thread () at
/usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75
#25 0x0000000000000000 in ?? ()
Current language:  auto; currently asm
(gdb) 

Trace 3:
#0  0x00001790c26589ba in kill () at <stdin>:2
2       <stdin>: No such file or directory.
        in <stdin>
(gdb) bt
#0  0x00001790c26589ba in kill () at <stdin>:2
#1  0x00001790fb7353a4 in workerlz4_maxCompressedSize () from
/usr/local/lib/firefox-37.0.1/libxul.so.55.0
#2  <signal handler called>
#3  0x0000179124fdbd9b in aac_decode_frame_int () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#4  0x0000179124fddc7e in aac_decode_frame () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#5  0x0000179125288abc in avcodec_decode_audio4 () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#6  0x0000179124f2260e in gst_ffmpegauddec_frame () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#7  0x0000179124f22f8d in gst_ffmpegauddec_handle_frame () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#8  0x0000179122771b20 in gst_audio_decoder_push_buffers
(dec=0x17907396a2a0, force=0) at gstaudiodecoder.c:1415
#9  0x0000179122771fc1 in gst_audio_decoder_chain_forward
(dec=0x17907396a2a0, buffer=0x179053986940) at gstaudiodecoder.c:1518
#10 0x0000179122775dfc in gst_audio_decoder_chain (pad=Variable "pad" is
not available.
) at gstaudiodecoder.c:1797
#11 0x00001791156bbfa4 in gst_pad_chain_data_unchecked
(pad=0x17906df51660, type=Variable "type" is not available.
) at gstpad.c:3830
#12 0x00001791156c5118 in gst_pad_push_data (pad=0x17906df51200,
type=4112, data=0x179053986940) at gstpad.c:4063
#13 0x0000179121a341bb in gst_base_parse_push_frame
(parse=0x17906fb37230, frame=0x17905fb1b140) at gstbaseparse.c:2304
#14 0x0000179121a35939 in gst_base_parse_chain (pad=Variable "pad" is
not available.
) at gstbaseparse.c:2824
#15 0x00001791156bbfa4 in gst_pad_chain_data_unchecked
(pad=0x17906df50fd0, type=Variable "type" is not available.
) at gstpad.c:3830
#16 0x00001791156c5118 in gst_pad_push_data (pad=0x17906df50da0,
type=4112, data=0x179053986940) at gstpad.c:4063
#17 0x000017912342ac77 in gst_multi_queue_loop (pad=Variable "pad" is
not available.
) at gstmultiqueue.c:1229
#18 0x00001791156ebfa9 in gst_task_func (task=0x1790d81fd3b0) at
gsttask.c:316
#19 0x000017902e07c3fd in g_thread_pool_thread_proxy () from
/usr/local/lib/libglib-2.0.so.4200.1
#20 0x000017902e07b789 in g_thread_proxy () from
/usr/local/lib/libglib-2.0.so.4200.1
#21 0x00001790904f5a7e in _rthread_start (v=Variable "v" is not
available.
) at /usr/src/lib/librthread/rthread.c:145
#22 0x00001790c261961b in __tfork_thread () at
/usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75
#23 0x0000000000000000 in ?? ()
Current language:  auto; currently asm

Trace 4:
#0  0x000018db1edae9ba in kill () at <stdin>:2
2       <stdin>: No such file or directory.
        in <stdin>
(gdb) bt
#0  0x000018db1edae9ba in kill () at <stdin>:2
#1  0x000018db3abf43a4 in workerlz4_maxCompressedSize () from
/usr/local/lib/firefox-37.0.1/libxul.so.55.0
#2  <signal handler called>
#3  0x000018db646cfc68 in decode_ics () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#4  0x000018db646d15d1 in decode_cpe () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#5  0x000018db646d202e in aac_decode_frame_int () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#6  0x000018db646d3c7e in aac_decode_frame () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#7  0x000018db6497eabc in avcodec_decode_audio4 () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#8  0x000018db6461860e in gst_ffmpegauddec_frame () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#9  0x000018db64618f8d in gst_ffmpegauddec_handle_frame () from
/usr/local/lib/gstreamer-1.0/libgstlibav.so
#10 0x000018db61a49b20 in gst_audio_decoder_push_buffers
(dec=0x18db2d21d2a0, force=0) at gstaudiodecoder.c:1415
#11 0x000018db61a49fc1 in gst_audio_decoder_chain_forward
(dec=0x18db2d21d2a0, buffer=0x18dab3007690) at gstaudiodecoder.c:1518
#12 0x000018db61a4ddfc in gst_audio_decoder_chain (pad=Variable "pad" is
not available.
) at gstaudiodecoder.c:1797
#13 0x000018daf0504fa4 in gst_pad_chain_data_unchecked
(pad=0x18da888976f0, type=Variable "type" is not available.
) at gstpad.c:3830
#14 0x000018daf050e118 in gst_pad_push_data (pad=0x18da88897290,
type=4112, data=0x18dab3007690) at gstpad.c:4063
#15 0x000018db36a451bb in gst_base_parse_push_frame
(parse=0x18da692e8a30, frame=0x18da7d2a96b0) at gstbaseparse.c:2304
#16 0x000018db36a46939 in gst_base_parse_chain (pad=Variable "pad" is
not available.
) at gstbaseparse.c:2824
#17 0x000018daf0504fa4 in gst_pad_chain_data_unchecked
(pad=0x18da88897060, type=Variable "type" is not available.
) at gstpad.c:3830
#18 0x000018daf050e118 in gst_pad_push_data (pad=0x18da88896e30,
type=4112, data=0x18dab3007690) at gstpad.c:4063
#19 0x000018db62702c77 in gst_multi_queue_loop (pad=Variable "pad" is
not available.
) at gstmultiqueue.c:1229
#20 0x000018daf0534fa9 in gst_task_func (task=0x18daf58d63b0) at
gsttask.c:316
#21 0x000018db5820a3fd in g_thread_pool_thread_proxy () from
/usr/local/lib/libglib-2.0.so.4200.1
#22 0x000018db58209789 in g_thread_proxy () from
/usr/local/lib/libglib-2.0.so.4200.1
#23 0x000018db35d4aa7e in _rthread_start (v=Variable "v" is not
available.
) at /usr/src/lib/librthread/rthread.c:145
#24 0x000018db1ed6f61b in __tfork_thread () at
/usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75
#25 0x0000000000000000 in ?? ()
Current language:  auto; currently asm


Expected results:

Being able to watch the video up to the end without the browser crashing.
(In reply to Adam Wolk from comment #0)

> Allan Jude on twitter
> (https://twitter.com/allanjude/status/587299374528512000) suggested it might
> be:
>  - https://www.mozilla.org/en-US/security/advisories/mfsa2015-31/
> though that tweet was most probably a joke but I don't know how to verify if
> that patch is included
> in my Firefox build.

That kind of joke is .. not funny. The actual MFSA was fixed in 37.0 so your build had it.

To add another data point, is it with gstreamer1-1.4.5 and more or less the same version for the gstreamer plugins ?
(In reply to Landry Breuil (:gaston) from comment #1)
> To add another data point, is it with gstreamer1-1.4.5 and more or less the
> same version for the gstreamer plugins ?

Correct. Here are my gstreamer & plugins plugins:
# pkg_info -Q gstreamer | grep -i installed
gstreamer1-1.4.5 (installed)
gstreamer1-plugins-base-1.4.5 (installed)
gstreamer1-plugins-good-1.4.5p1 (installed)
gstreamer1-plugins-libav-1.4.5 (installed)
gstreamer1-plugins-ugly-1.4.5 (installed)

It's also worth to add that I downloaded the whole episode with youtube-dl
and played it without any issues in Totem which also uses the gstreamer backend.
Component: Untriaged → Video/Audio
Product: Firefox → Core
Havent been able to reproduce so far with 38.0b3, but youtube/video playback is barely usable on my desktop even at 360p.
I can provide a core dump from the last crash privately to you Landry.
Would that help?
gdb is unusable to debug anything "big" on OpenBSD.
In the hope that it might be useful, here is a list off all packages installed on this system:

# echo $PKG_PATH
http://mirrors.nycbug.org/pub/OpenBSD/snapshots/packages/amd64/
$ pkg_info -A
ImageMagick-6.7.7.7p8 image processing tools
accountsservice-0.6.40p0 D-Bus interface for user account query and manipulation
adwaita-icon-theme-3.16.0 base icon theme for GNOME
argyllcms-1.6.3     ICC compatible color management system
aspell-0.60.6.1p2   spell checker designed to eventually replace Ispell
at-spi2-atk-2.16.0p0 atk-bridge for at-spi2
at-spi2-core-2.16.0p0 service interface for assistive technologies
atk-2.16.0          accessibility toolkit used by gtk+
atk2mm-2.22.7p0     C++ binding for the ATK library
avahi-0.6.31p17     framework for Multicast DNS Service Discovery
babl-0.1.12         dynamic pixel format conversion library
baobab-3.16.0p0     directory tree analyzer for GNOME
bzip2-1.0.6p1       block-sorting file compressor, unencumbered
cairo-1.14.2        vector graphics library
cairomm-1.10.0p3    C++ interface for cairo
cantarell-fonts-0.0.16p2 humanist sans-serif font family
caribou-0.4.18p0    input assistive technology
cdparanoia-3.a9.8p1 CDDA reading utility with extra data verification features
cdrtools-3.00p1     ISO 9660 filesystem and CD/DVD/BD creation tools
clisp-2.48p3        ANSI Common Lisp implementation
clutter-1.22.0      OpenGL-based interactive canvas library
clutter-gst-3.0.4   clutter GStreamer integration library
clutter-gtk-1.6.0p0 GTK+ widget for clutter
cmake-3.2.1         portable build system
cogl-1.20.0         modern 3D graphics API
colord-1.2.9p1      device color profile management daemon
colord-gtk-0.1.26p0 GTK+ support library for colord
consolekit-0.4.6p14 framework for defining and tracking users
cracklib-2.9.2      sensible unix password cracker
cups-libs-2.0.2p0   CUPS libraries and headers
cups-pk-helper-0.2.5p0 fine-grained privileges PolicyKit helper for CUPS
curl-7.41.0         get files from FTP, Gopher, HTTP or HTTPS servers
cvsps-2.1p0         generate patchsets from CVS repositories
cyrus-sasl-2.1.26p12 RFC 2222 SASL (Simple Authentication and Security Layer)
db-4.6.21p1v0       Berkeley DB package, revision 4
dbus-1.8.16p1v0     message bus system
dbus-daemon-launch-helper-1.8.16p0 DBus setuid helper for starting system services
dbus-glib-0.104p0v0 glib bindings for dbus message system
dconf-0.24.0p1      configuration backend system
desktop-file-utils-0.22 utilities for dot.desktop entries
detex-2.8p1         strip TeX/LaTeX codes from a file
djvulibre-3.5.25.3p2 view, decode and encode DjVu files
dotconf-1.3         simple, powerful configuration-file parser
dvi2tty-5.3.1p0     converts .dvi files to plain text
e2fsprogs-1.42.12p0 utilities to manipulate ext2 filesystems
emacs-24.4p2-gtk3   GNU editor: extensible, customizable, self-documenting
enca-1.16p1         detect character set and encoding of text files
enchant-1.6.0p2     generic spell checking library/wrapper
eog-3.16.0p0        Eye of GNOME, image viewing and cataloging program
eog-plugins-3.16.0p0 plugins for EOG
espeak-1.48.04      compact speech synthesizer
evince-3.16.0p0     GNOME document viewer
evolution-data-server-3.16.0p1 unified backend for PIM programs
exempi-2.2.1        implementation of XMP
exiv2-0.24          manipulate image meta-data such as exif and ipct
ffcall-1.10p2       foreign function call libraries
fftw3-3.2.2p2       C routines for computing the Discrete Fourier Transform
fftw3-common-3.2.2p0 common files for the fftw3 packages
file-roller-3.16.0p2 archive manager utility for GNOME
firefox-37.0.1      Mozilla web browser
flac-1.3.1          free lossless audio codec
folks-0.11.0        people aggregation library
freetype-1.3.1p4    free and portable TrueType font rendering engine
gconf2-3.2.6p5      configuration database system for GNOME
gcpio-2.11p1        GNU copy-in/out (cpio)
gcr-3.14.0p2        library for bits of crypto UI and parsing
gd-2.1.0p0          library for dynamic creation of images
gdbm-1.11p0         GNU dbm
gdk-pixbuf-2.30.8   graphic library for gtk+2
gdm-3.16.0.1p0      GNOME display manager
gedit-3.16.0p0      lightweight GNOME text editor
gedit-plugins-3.16.0p0 plugins for Gedit
gegl03-0.2.99p1     graph based image processing framework (API version 0.3)
geoclue2-2.1.10p2   modular geoinformation service on top of D-Bus
geocode-glib-3.16.0 convenience library for the geocoding
gettext-0.19.4      GNU gettext
ghostscript-9.07p0  GNU PostScript interpreter
ghostscript-fonts-8.11p3 35 standard PostScript fonts with Adobe name aliases
giflib-5.1.1        tools and library routines for working with GIF images
git-2.3.5           GIT - Tree History Storage Tool
gjs-1.43.3p1        Javascript bindings for GNOME
glib2-2.44.0p0      general-purpose utility library
glib2-networking-2.44.0 network-related gio modules for glib2
glib2mm-2.44.0      C++ interface for glib2
gmime-2.6.20        MIME messages creation and parsing library
gmp-5.0.2p3         library for arbitrary precision arithmetic
gnome-3.16.0p3      GNOME desktop meta-package (base installation)
gnome-backgrounds-3.16.0 wallpapers for GNOME
gnome-calculator-3.16.0p2 GNOME desktop calculator
gnome-calendar-3.16.0 GNOME calendar
gnome-clocks-3.16.0p0 clock application for GNOME
gnome-color-manager-3.16.0p0 color profile manager for GNOME
gnome-contacts-3.16.0p1 contacts manager for GNOME
gnome-control-center-3.16.0p2 GNOME control center
gnome-desktop-3.16.0p0 components for the GNOME desktop
gnome-dictionary-3.16.0p0 GNOME dictionary application
gnome-documents-3.16.0p1 document and e-books manager for GNOME
gnome-epub-thumbnailer-1.5 thumbnailer for EPub and MOBI books
gnome-font-viewer-3.16.0p0 font viewer for GNOME
gnome-getting-started-docs-3.16.0 getting started with GNOM
gnome-icon-theme-3.12.0p2 base icon theme for GNOME
gnome-icon-theme-symbolic-3.12.0p2 base icon theme extension for special UI contexts
gnome-initial-setup-3.16.0p0 initial-setup firstboot-like tool
gnome-keyring-3.16.0 password agent for the GNOME project
gnome-maps-3.16.0p0 map application for GNOME
gnome-menus-3.10.1p1 implementation of the FreeDesktop Desktop Menu Spec
gnome-music-3.16.0p0 GNOME music playing application
gnome-online-accounts-3.16.0p0 interfaces for interacting with online accounts
gnome-online-miners-3.14.1p1 crawls through your online content
gnome-photos-3.16.0p0 access, organize and share your photos on GNOME
gnome-power-manager-3.16.0p0 GNOME power manager
gnome-screenshot-3.16.0p0 screenshot application for GNOME
gnome-session-3.16.0p0 GNOME session
gnome-settings-daemon-3.16.0p0 GNOME settings daemon
gnome-shell-3.16.0p3 next generation GNOME shell
gnome-shell-extensions-3.16.0p0 collection of extensions for GNOME Shell
gnome-system-monitor-3.16.0p0 sytem monitor for GNOME
gnome-terminal-3.16.0p0 GNOME terminal
gnome-themes-standard-3.16.0 standard GNOME themes
gnome-tweak-tool-3.16.0 tweak hidden GTK/GNOME settings
gnome-user-docs-3.16.0 general user documentation for GNOME
gnome-weather-3.16.0p0 weather application for GNOME
gnupg-1.4.19        GNU privacy guard - a free PGP replacement
gnutls-3.2.21       GNU Transport Layer Security library
go-1.4.1            Go programming language
gobject-introspection-1.44.0 GObject Introspection
gocover-1.4         go code coverage tool
gperf-3.0.4p0       perfect hash functions, to help write parsers
gpgme-1.5.1p0       GnuPG Made Easy
graphite2-1.2.4     rendering for complex writing systems
grilo-0.2.12p0      framework for making media discovery and browsing easy
grilo-plugins-0.2.14p0 plugins for Grilo
gsettings-desktop-schemas-3.16.0p0 collection of shared GSettings schemas
gsound-1.0.1        GObject library for playing system sounds
gstreamer1-1.4.5    framework for streaming media
gstreamer1-plugins-base-1.4.5 base elements for GStreamer
gstreamer1-plugins-good-1.4.5p1 good elements for GStreamer
gstreamer1-plugins-libav-1.4.5 ffmpeg elements for GStreamer
gstreamer1-plugins-ugly-1.4.5 ugly elements for GStreamer
gtar-1.28p1         GNU version of the traditional tape archiver
gtk+2-2.24.27p2     multi-platform graphical toolkit
gtk+2-cups-2.24.27p0 gtk+2 CUPS print backend
gtk+3-3.16.1        multi-platform graphical toolkit
gtk+3-cloudprint-3.16.1 gtk+3 Google Cloud Print backend
gtk+3-cups-3.16.1   gtk+3 CUPS print backend
gtk-engines2-2.20.2p5 collection of theme engines for GTK+2
gtk-update-icon-cache-3.16.1 gtk+ icon theme caching utility
gtk3mm-3.16.0p0     C++ interface for gtk3+
gtksourceview3-3.16.0p0 text widget that extends the GTK3 GtkTextView widget
gucharmap-3.16.0p0  Unicode character map for the GNOME project
gvfs-1.24.0p0       GNOME Virtual File System
gvfs-goa-1.24.0p0   GVFS volume monitor for gnome-online-account
gvfs-smb-1.24.0p0   GVFS mount module for samba
harfbuzz-0.9.40     text shaping library
harfbuzz-icu-0.9.40 ICU support for libharfbuzz
heimdal-libs-1.5.3p0 Heimdal libraries and headers
hicolor-icon-theme-0.15 fallback theme of the icon theme specification
hunspell-1.3.2p0    spelling, stemming, morphological analysis and generation
hwdata-0.276        hardware identification and configuration data
ibus-1.5.5p1        intelligent input bus framework
icu4c-54.1p3        International Components for Unicode
ijs-0.35p2          raster image transmission library
iniparser-3.1p1     ini file parsing library
iodbc-3.52.10       ODBC 3.x driver manager
iso-codes-3.57      lists of the country, language and currency iso names
jasper-1.900.1p2    reference implementation of JPEG-2000
jbig2dec-0.11       decoder for JBIG2 monochrome hi-res image compression format
jbigkit-2.1         lossless image compression library, with lightweight version
jpeg-9a             IJG's JPEG compression utilities
json-c-0.12         JSON implementation in C
json-glib-1.0.4     JSON parser for GLib-based libraries and applications
jsoncpp-0.10.0      JSON parsing C++ API
lame-3.99.5p0       lame ain't an MP3 encoder
latex-mk-1.9.1p1    set of Makefile fragments to manage LaTeX documents
lcms-1.18ap0        color management library
lcms2-2.6p0         color management library
liba52-0.7.5p2      free library for decoding ATSC A/52 streams, aka AC-3
libao-1.2.0         portable audio output library
libarchive-3.1.2    multi-format archive and compression library
libassuan-2.1.1     IPC library used by GnuPG and gpgme
libcanberra-0.30p2  implementation of the Freedesktop sound theme spec.
libcanberra-gtk-0.30p2 gtk+2 helper for libcanberra
libcanberra-gtk3-0.30p2 gtk+3 helper for libcanberra
libchamplain-0.12.10p0 library to provide a GTK+ widget to display maps
libcroco-0.6.8p1    generic CSS parsing library for GNOME project
libcryptui-3.12.2p0 interface components for OpenPGP
libcue-1.4.0p0      cue sheet parser library
libdaemon-0.14p1    lightweight C library that eases the writing of daemons
libdvdcss-1.3.0     descramble scrambled DVDs
libdvdread-5.0.0    accessing DVD files
libelf-0.8.13p3     read, modify, create ELF files on any arch
libepoxy-1.2        OpenGL dispatch library
libexecinfo-0.2p5v0 clone of backtrace facility found in the GNU libc
libexif-0.6.21p0    extract digital camera info tags from JPEG images
libffi-3.1          Foreign Function Interface
libgcrypt-1.6.3     crypto library based on code used in GnuPG
libgdata-0.16.1     Google Data API based Glib client library
libgee-0.18.0       GObject based collection library
libgexiv2-0.10.3    GObject wrapper around exiv2
libgfbgraph-0.2.2   GObject library for Facebook Graph API
libgit2-0.22.2      the Git library, take 2
libgit2-glib-0.22.4 GLib library wrapping libgit2
libgnome-keyring-3.12.0p0 library for gnome keyring integration
libgnomekbd-3.6.0p1 keyboard configuration library
libgpg-error-1.18   error codes for GnuPG related software
libgphoto-2.5.7     digital camera library
libgpod-0.8.0p5     library to access the contents of an iPod
libgsf-1.14.32      GNOME Structured File library
libgtop2-2.30.0p2   portable library for obtaining system information
libgweather-3.16.0p0 weather information access library
libgxps-0.2.2       GObject library for handling and rendering XPS documents
libical-1.0.1       implementation of the iCalendar protocols and data units
libiconv-1.14p2     character set conversion library
libidn-1.30         internationalized string handling
libiptcdata-1.0.4   manipulating with IPTC metadata
liblouis-2.6.0      braille translator, back-translator and formatter
libltdl-2.4.2p1     GNU libtool system independent dlopen wrapper
libmad-0.15.1bp4    high-quality MPEG audio decoder
libmagic-5.22       library to determine file type
libmediaart-1.9.0   media art extraction and cache management library
libmng-1.0.10p3     Multiple-image Network Graphics (MNG) reference library
libmusicbrainz5-5.0.1p1 library for audio metadata lookup (v5)
libnettle-2.7.1p1   cryptographic library
libnotify-0.7.6     send desktop notifications to a notification daemon
liboauth-1.0.2      library implementing the OAuth Core RFC 5849 standard
libogg-1.3.2        Ogg bitstream library
libosinfo-0.2.11p0  library for managing information about operating systems
libpaper-1.1.24p0   library for handling paper characteristics
libpeas-1.14.0p0    gobject-based plugins engine
libplist-1.10       library to handle Apple Property List format
libproxy-0.4.11p3   library handling all the details of proxy configuration
libpwquality-1.2.4  library to generate, and check strenght of passwords
libquvi-0.9.4       library to parse flash media stream URLs
libquvi-scripts-0.9.20131130 scripts libquvi uses for parsing the media details
libraw-0.16.0       library for reading RAW files
librest-0.7.93      access web services that claim to be RESTful
librsvg-2.40.9      SAX-based render library for SVG files
libsecret-0.18      library for storing and retrieving passwords and secrets
libshout-2.2.2p3    library for communicating with an icecast server
libsigc++-2.4.1     callback framework for C++
libsigsegv-2.10p1   library for handling page faults in user mode
libsndfile-1.0.25p1 library to handle various audio file formats
libsoup-2.50.0      HTTP client/server library for GNOME
libspectre-0.2.7p6  library for rendering Postscript documents
libssh2-1.4.3p0     library implementing the SSH2 protocol
libstdc++-4.8.4p1   GNU compiler collection: C++ compiler library
libtalloc-2.0.1p1   hierarchical memory pool system with destructors
libtasn1-4.4        Abstract Syntax Notation One structure parser library
libtheora-1.1.1p3   open video codec
libusb-compat-0.1.5p0 libusb-0.1 compatibility layer for libusb1
libusb1-1.0.9p9     library for USB device access from userspace
libvorbis-1.3.5     audio compression codec library
libvpx-1.3.0p1      Google VP8/VP9 video codec
libwebp-0.4.2       Google WebP image format conversion tool
libwmf-0.2.8.4p2    WMF handling and conversion library
libxkbcommon-0.5.0  library to handle keyboard descriptions
libxklavier-5.3p0   utility library for XKB
libxml-2.9.2p0      XML parsing library
libxslt-1.1.28p0    XSLT C Library for GNOME
libzapojit-0.0.3p1  GLib/GObject wrapper for SkyDrive and Hotmail REST APIs
lua-5.1.5p3         powerful, light-weight programming language (version 5.1.5)
luasocket-3.0rc1p0  network support for the lua language
lzo2-2.09           portable speedy lossless data compression library
mercurial-3.2.3     fast, lightweight source control management
meta-tracker-1.4.0p0 powerful desktop search tool and indexer
mousetweaks-3.12.0p0 mouse accessibility enhancements for GNOME
mozilla-dicts-en-GB-1.3p0 en-GB dictionary for Mozilla
mozilla-dicts-pl-1.3p0 pl dictionary for Mozilla
mozjs17-17.0p1      Mozilla C implementation of JavaScript
mpfr-3.1.0.3p0      library for multiple-precision floating-point computations
mutter-3.16.0p0     window and compositing manager
nautilus-3.16.0p0   GNOME file manager
nautilus-sendto-3.8.2p0 applications integration into Nautilus
neon-0.30.1         HTTP and WebDAV client library, with C interface
netpbm-10.35.94     toolkit for converting images between different formats
nspr-4.10.8         Netscape Portable Runtime
nss-3.18            libraries to support development of security-enabled apps
openal-1.15.1p0v0   cross-platform 3D audio API
openjpeg-1.5.1      open-source JPEG 2000 codec library
openldap-client-2.4.40 open-source LDAP software (client)
openpam-20141014    Pluggable Authentication Module
orc-0.4.19          library and toolset to operate arrays of data
orca-3.16.0         assistive screen reader
otter-browser-0.9.05pl0 browser aiming to recreate classic Opera (12.x) UI using Qt5
p11-kit-0.22.1p0    library for loading and enumurating of PKCS#11 modules
p5-Error-0.17023    error/exception handling in an OO-ish way
p7zip-9.38.1        file archiver with high compression ratio
pango-1.36.8        library for layout and rendering of text
pangomm-2.36.0      C++ interface for pango
pcre-8.35p0         perl-compatible regular expression library
png-1.6.16          library for manipulating PNG images
polkit-0.112p8      framework for granting privileged operations to users
poppler-0.32.0      PDF rendering library
poppler-data-0.4.7  encoding files for poppler
popt-1.16p0         getopt(3)-like library with a number of enhancements
portaudio-svn-1919  portable cross-platform audio API
ps2eps-1.68p0       convert Postscript to Encapsulated Postscript
psutils-1.23        utilities for manipulating PostScript documents
pulseaudio-6.0p3    cross-platform networked sound server
py-MarkupSafe-0.23  implements an XML/HTML/XHTML markup safe string
py-beaker-1.6.2p3   session and caching library with wsgi middleware
py-cairo-1.10.0p1   cairo bindings for Python
py-crypto-2.6.1p0   cryptographic tools for Python
py-dbus-1.2.0p3     dbus bindings for Python
py-dbus-common-1.2.0p1 common files for py-dbus
py-gobject3-3.16.0  Python bindings for GLib and GObject
py-gobject3-common-3.16.0 common files for py-gobject3
py-mako-0.9.1p1     super-fast templating language
py-setuptools-3.4.4p2v0 simplified packaging system for Python modules
py3-MarkupSafe-0.23 implements an XML/HTML/XHTML markup safe string
py3-atspi-2.16.0    python bindings for at-spi2
py3-beaker-1.6.2p3  session and caching library with wsgi middleware
py3-cairo-1.10.0p1  cairo bindings for Python
py3-crypto-2.6.1p0  cryptographic tools for Python
py3-dbus-1.2.0p3    dbus bindings for Python
py3-gobject3-3.16.0 Python bindings for GLib and GObject
py3-mako-0.9.1p1    super-fast templating language
py3-setproctitle-1.1.8p0 library for getting/setting process names
py3-setuptools-3.4.4p2v0 simplified packaging system for Python modules
py3-xdg-0.25p2      python library to access freedesktop.org standards
python-2.7.9p0      interpreted object-oriented programming language
python-3.4.3        interpreted object-oriented programming language
qt5-5.3.2p12        C++ general-purpose toolkit
quirks-2.64         exceptions to pkg_add rules
recode-3.6p9        convert files between character sets and usages
rhythmbox-3.2p0     integrated music management application for GNOME
rsync-3.1.1         mirroring/synchronization over low bandwidth links
samba-3.6.15p14     SMB and CIFS client and server for UNIX
seahorse-3.14.1p1   GNOME encryption interface
seahorse-nautilus-3.10.1p3 GnuPG extension for nautilus(1)
seahorse-sharing-3.8.0p4 PGP public keys sharing via DNS-SD and HKP
shared-color-targets-0.1.5 color targets from vendors for color calibration
shared-mime-info-1.4 shared mime database for desktops
shotwell-0.22.0p1   digital photo organizer
sound-theme-freedesktop-0.8p0 XDG sound theme
speech-dispatcher-0.8.2 common interface to speech synthesis
speex-1.2rc1p1      patent-free speech codec
spidermonkey-24.2.0p1 Mozilla C implementation of JavaScript
startup-notification-0.12p4 library for tracking application startup
sushi-3.12.0p4      quick previewer for Nautilus
t1lib-5.1.2p0       Type 1 rasterizer library for UNIX/X11
t1utils-1.37        utilities for PostScript Type 1 fonts
taglib-1.9.1p1      managing meta-data of audio formats
tdb-1.2.7p2         trivial database library
telepathy-glib-0.24.1p1 flexible communications framework, glib bindings
telepathy-logger-0.8.1p0 flexible communications framework, logger component
telepathy-mission-control-5.16.3p1 abstraction layer between apps and connection managers
texlive_base-2013p4 base binaries for TeXLive typesetting distribution
texlive_texmf-buildset-2013p3 smallest texlive texmf for building ports
tiff-4.0.4beta      tools and library routines for working with TIFF images
totem-3.16.0        official media player for GNOME
totem-pl-parser-3.10.4 GObject-based parsing library
transfig-3.2.5ap0   tools to convert Xfig's .fig files
tremor-20120410p1   integer-only, fully Ogg Vorbis compliant decoder library
twolame-0.3.13p1    optimised MPEG Audio Layer 2 (MP2) encoder
unrar-5.21v1        extract, list, and test RAR archives
unzip-6.0p6         extract, list & test files in a ZIP archive
upower-0.99.2p6     userland power management interface
vino-3.16.0p0       GNOME desktop sharing server
vte3-0.40.0p0       terminal emulation library
wavpack-4.70.0p1    audio codec for lossless, lossy and hybrid compression
webkit-gtk3-2.4.8p2v1 open source web browser engine for Gtk+
webkitgtk4-2.8.0    GTK+ port of the WebKit rendering engine
x264-20141218       free H.264/MPEG-4 AVC encoder
xdg-user-dirs-0.15  utilities to manage well known user directories
xdg-user-dirs-gtk-0.10p0 integration of xdg-user-dirs into GNOME/gtk+
xdg-utils-1.1.0rc3p0 utilities to assist desktop integration tasks
xz-5.2.1            LZMA compression and decompression tools
yelp-3.16.0p0       GNOME help browser
yelp-xsl-3.16.0     XSLT stylesheets for yelp
youtube-dl-2015.04.03 CLI program to download videos from YouTube and other sites
zeitgeist-0.9.14p6v0 event logging framework
zenity-3.14.0       dialogs for GNOME
zip-3.0             create/update ZIP files compatible with PKZip(tm)

Let me know if there is anything that would help in any way that I could provide.
Ok this might be interesting. Totally a shot in the dark but just found my previous
reports from i386: https://www.marc.info/?t=142495074100001&r=1&w=1

One of my friends took a look at it back then:
 - https://www.marc.info/?l=openbsd-ports&m=142496891206563&w=1

Though that crashes don't have gstreamer on their path (they start from JS). The only
common crash point is workerlz4_maxCompressedSize and it was from Firefox 35.

Is 37.1 compiled with enabled assertions like 35.0.1 was?
(In reply to Adam Wolk from comment #7)
> Is 37.1 compiled with enabled assertions like 35.0.1 was?

The same configure options were used - dunno what you think about when you say 'assertions' here..
(In reply to Landry Breuil (:gaston) from comment #8)
> (In reply to Adam Wolk from comment #7)
> > Is 37.1 compiled with enabled assertions like 35.0.1 was?
> 
> The same configure options were used - dunno what you think about when you
> say 'assertions' here..

Sorry for being unclear.

In the i386 bug report I linked the common code paths were:

(this is the i386 OLD backtrace, possibly not related to this issue)
#0  0x0399f481 in kill () at <stdin>:2
#1  0x039dd876 in raise (s=11) at /usr/src/lib/libc/gen/raise.c:39
#2  0x0b6eae52 in workerlz4_maxCompressedSize () from
/usr/local/lib/firefox-35.0.1/libxul.so.53.0

compared to the new one
(this is the current backtrace, for this issue)
#0  0x000018db1edae9ba in kill () at <stdin>:2
2       <stdin>: No such file or directory.
        in <stdin>
(gdb) bt
#0  0x000018db1edae9ba in kill () at <stdin>:2
#1  0x000018db3abf43a4 in workerlz4_maxCompressedSize () from
/usr/local/lib/firefox-37.0.1/libxul.so.55.0

When you look at the definition of maxCompresseSize:
  /*
   * Provides the maximum size that LZ4 may output in a "worst case"
   * scenario (input data not compressible) primarily useful for memory
   * allocation of output buffer.
   * note : this function is limited by "int" range (2^31-1)
   *
   * @param aInputSize is the input size. Max supported value is ~1.9GB
   * @return maximum output size in a "worst case" scenario
   */
  static inline size_t maxCompressedSize(size_t aInputSize)
  {
    size_t max = (aInputSize + (aInputSize / 255) + 16);
    MOZ_ASSERT(max > aInputSize);
    return max;
  }

It seems that the old bug 'died' on the assertion:
#1  0x039dd876 in raise (s=11) at /usr/src/lib/libc/gen/raise.c:39
#2  0x0b6eae52 in workerlz4_maxCompressedSize () from

The new code shares the entry point of workerlz4_maxCompressedSize
thoug:
#1  0x039dd876 in raise (s=11) at /usr/src/lib/libc/gen/raise.c:39
is not present on the amd64 box.

That's the reason I was thinking those issues might be related or
being trapped by the same: MOZ_ASSERT(max > aInputSize);

Though on my part it's just a guess, hope it doesn't introduce misinformation.
Experienced the crash again but this time while watching Youtube.
Came from a different codec but resulted also in a crash in workerlz4_maxCompressedSize.

I can't pin point the actual video as it was a random vid from Youtube music.

#0  0x00000cb8a6ae79ba in kill () at <stdin>:2
2       <stdin>: No such file or directory.
        in <stdin>
(gdb) bt
#0  0x00000cb8a6ae79ba in kill () at <stdin>:2
#1  0x00000cb85b7913a4 in workerlz4_maxCompressedSize () from /usr/local/lib/firefox-37.0.1/libxul.so.55.0
#2  <signal handler called>
#3  0x00000cb95d142c04 in decode_ics () from /usr/local/lib/gstreamer-1.0/libgstlibav.so
#4  0x00000cb95d1435d1 in decode_cpe () from /usr/local/lib/gstreamer-1.0/libgstlibav.so
#5  0x00000cb95d14402e in aac_decode_frame_int () from /usr/local/lib/gstreamer-1.0/libgstlibav.so
#6  0x00000cb95d145c7e in aac_decode_frame () from /usr/local/lib/gstreamer-1.0/libgstlibav.so
#7  0x00000cb95d3f0abc in avcodec_decode_audio4 () from /usr/local/lib/gstreamer-1.0/libgstlibav.so
#8  0x00000cb95d08a60e in gst_ffmpegauddec_frame () from /usr/local/lib/gstreamer-1.0/libgstlibav.so
#9  0x00000cb95d08af8d in gst_ffmpegauddec_handle_frame () from /usr/local/lib/gstreamer-1.0/libgstlibav.so
#10 0x00000cb95aec2b20 in gst_audio_decoder_push_buffers (dec=0xcb956792aa0, force=0) at gstaudiodecoder.c:1415
#11 0x00000cb95aec2fc1 in gst_audio_decoder_chain_forward (dec=0xcb956792aa0, buffer=0xcb8b7158b70) at gstaudiodecoder.c:1518
#12 0x00000cb95aec6dfc in gst_audio_decoder_chain (pad=Variable "pad" is not available.
) at gstaudiodecoder.c:1797
#13 0x00000cb959470fa4 in gst_pad_chain_data_unchecked (pad=0xcb93d8b9910, type=Variable "type" is not available.
) at gstpad.c:3830
#14 0x00000cb95947a118 in gst_pad_push_data (pad=0xcb94e4f4100, type=4112, data=0xcb8b7158b70) at gstpad.c:4063
#15 0x00000cb959d371bb in gst_base_parse_push_frame (parse=0xcb8b4145230, frame=0xcb8c184d960) at gstbaseparse.c:2304
#16 0x00000cb959d38939 in gst_base_parse_chain (pad=Variable "pad" is not available.
) at gstbaseparse.c:2824
#17 0x00000cb959470fa4 in gst_pad_chain_data_unchecked (pad=0xcb94e4f4330, type=Variable "type" is not available.
) at gstpad.c:3830
#18 0x00000cb95947a118 in gst_pad_push_data (pad=0xcb88d4454e0, type=4112, data=0xcb8b7158b70) at gstpad.c:4063
#19 0x00000cb95bb7bc77 in gst_multi_queue_loop (pad=Variable "pad" is not available.
) at gstmultiqueue.c:1229
#20 0x00000cb9594a0fa9 in gst_task_func (task=0xcb8fed1f170) at gsttask.c:316
#21 0x00000cb8955b23fd in g_thread_pool_thread_proxy () from /usr/local/lib/libglib-2.0.so.4200.1
#22 0x00000cb8955b1789 in g_thread_proxy () from /usr/local/lib/libglib-2.0.so.4200.1
#23 0x00000cb9065c0a7e in _rthread_start (v=Variable "v" is not available.
) at /usr/src/lib/librthread/rthread.c:145
#24 0x00000cb8a6aa861b in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75
#25 0x0000000000000000 in ?? ()
Current language:  auto; currently asm
Component: Audio/Video → Audio/Video: Playback
Can i chime in, guys?

I'm coming from the FreeBSD world to share a few traces and thoughts about this one.

First, someone already reported that bug at: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198902

Second, here goes my own trace:

(gdb) bt full
#0  0x000000080147714a in thr_kill () from /lib/libc.so.7
No symbol table info available.
#1  0x0000000801477138 in raise () from /lib/libc.so.7
No symbol table info available.
#2  0x000000080473f203 in workerlz4_maxCompressedSize () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#3  0x000000080119cc0a in pthread_sigmask () from /lib/libthr.so.3
No symbol table info available.
#4  0x000000080119c28c in pthread_getspecific () from /lib/libthr.so.3
No symbol table info available.
#5  <signal handler called>
No symbol table info available.
#6  0x00000008048a2375 in js::ProtoKeyToClass () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#7  0x000000080489c54c in js::ProtoKeyToClass () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#8  0x000000080489448c in js::GetArrayBufferLengthAndData () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#9  0x0000000804c02604 in js::GetPropertyNameFromPC () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#10 0x0000000804894208 in js::GetArrayBufferLengthAndData () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#11 0x000000080487d769 in js::GetArrayBufferLengthAndData () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#12 0x0000000804bdc96e in JS::CompileOptions::CompileOptions () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#13 0x000000080375a101 in std::__1::__split_buffer<bool*, std::__1::allocator<bool*> >::push_front () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#14 0x0000000803029a64 in imgLoader::SupportImageWithMimeType () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#15 0x00000008030208bd in imgLoader::SupportImageWithMimeType () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#16 0x00000008030296e0 in imgLoader::SupportImageWithMimeType () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#17 0x00000008027381fd in XRE_AddJarManifestLocation () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#18 0x0000000802738497 in XRE_AddJarManifestLocation () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#19 0x0000000802735536 in XRE_AddJarManifestLocation () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#20 0x00000008027580c3 in std::__1::vector<unsigned long, std::__1::allocator<unsigned long> >::__push_back_slow_path<unsigned long> () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#21 0x00000008029ad0be in std::__1::vector<std::__1::pair<int, int>, std::__1::allocator<std::__1::pair<int, int> > >::__push_back_slow_path<std::__1::pair<int, int> > () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#22 0x00000008029927c8 in std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > >::insert<std::__1::__wrap_iter<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*> > () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#23 0x0000000803f2169b in std::__1::__tree<unsigned long, std::__1::less<unsigned long>, std::__1::allocator<unsigned long> >::destroy () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#24 0x00000008046fcb2e in XRE_StartupTimelineRecord () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#25 0x00000008047480b8 in XRE_InitCommandLine () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#26 0x0000000804748350 in XRE_InitCommandLine () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#27 0x0000000804748772 in XRE_main () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#28 0x00000000004061d6 in _start ()
No symbol table info available.
#29 0x0000000000405bef in _start ()
No symbol table info available.
#30 0x0000000800673000 in ?? ()
No symbol table info available.
#31 0x0000000000000000 in ?? ()
No symbol table info available.

The code block that MOZ_ASSERT is guarding is one line long and the only possible reason for ASSERT to fire up is giant aInputSize that make size_t overflow:

#include <stddef.h>
#include <stdio.h>

int main(void) {
  size_t x = 18446744073709551615UL;
  size_t y = (x + (x / 256) + 16);
  printf("%zu\n%zu\n", x, y);
  return(0);
}

This code compiles perfectly for me resulting in:

18446744073709551615
72057594037927950

So here we have an overflow.

I think MOZ_ASSERT can be traded for NS_WARNING here:

  static inline size_t maxCompressedSize(size_t aInputSize)
  {
    size_t max = (aInputSize + (aInputSize / 255) + 16);
    if (max > aInputSize) {
      NS_WARNING(nsPrintfCString("maxCompressedSize overflowed: %zu", aInputSize).get());
      return(SIZE_MAX);
    }
    //MOZ_ASSERT(max > aInputSize);
    return max;
  }

I think the bug is not actually in the compression code, it's rather a mandelbug that makes process fail here when some other part of code requests too big memory chunk.
Probably I was wrong here. After patching maxCompressedSize function I faced another core dump:

#0  0x000000080147714a in thr_kill () from /lib/libc.so.7
No symbol table info available.
#1  0x0000000801477138 in raise () from /lib/libc.so.7
No symbol table info available.
#2  0x0000000810140033 in workerlz4_maxCompressedSize () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#3  0x000000080119cc0a in pthread_sigmask () from /lib/libthr.so.3
No symbol table info available.
#4  0x000000080119c28c in pthread_getspecific () from /lib/libthr.so.3
No symbol table info available.
#5  <signal handler called>
No symbol table info available.
#6  0x0000000000000000 in ?? ()
No symbol table info available.
#7  0x000000080e0f0e81 in NS_GetMemoryManager () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#8  0x000000080e0e9d84 in mozilla::TimeStamp::Now () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#9  0x000000080e0eccdd in NS_CycleCollectorSuspect3 () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#10 0x000000080eb2d7e3 in js::BaseProxyHandler::finalizeInBackground () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#11 0x000000080eb2eaac in js::BaseProxyHandler::finalizeInBackground () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#12 0x000000080e1385ed in XRE_AddJarManifestLocation () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#13 0x000000080e138887 in XRE_AddJarManifestLocation () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#14 0x000000080e135926 in XRE_AddJarManifestLocation () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#15 0x000000080e1584b3 in std::__1::vector<unsigned long, std::__1::allocator<unsigned long> >::__push_back_slow_path<unsigned long> () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#16 0x000000080e3ad67e in std::__1::vector<std::__1::pair<int, int>, std::__1::allocator<std::__1::pair<int, int> > >::__push_back_slow_path<std::__1::pair<int, int> > () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#17 0x000000080e392bb8 in std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > >::insert<std::__1::__wrap_iter<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*> > () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#18 0x000000080f920bdb in std::__1::__tree<unsigned long, std::__1::less<unsigned long>, std::__1::allocator<unsigned long> >::destroy () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#19 0x00000008100fd94e in XRE_StartupTimelineRecord () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#20 0x0000000810148df8 in XRE_InitCommandLine () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#21 0x0000000810149090 in XRE_InitCommandLine () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#22 0x00000008101494b2 in XRE_main () from /usr/local/lib/firefox/libxul.so
No symbol table info available.
#23 0x00000000004061d6 in _start ()
No symbol table info available.
#24 0x0000000000405bef in _start ()
No symbol table info available.
#25 0x0000000800673000 in ?? ()
No symbol table info available.
#26 0x0000000000000000 in ?? ()
No symbol table info available.

What can I do more to debug the issue? Building Firefox with DEBUG makes it crash instantly...
gstreamer is going in bug 1234092
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.