Closed Bug 1207312 Opened 6 years ago Closed 6 years ago

ASan: SEGV at NULL in MozPromise

Categories

(Core :: Audio/Video: Playback, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla44
Tracking Status
firefox44 --- fixed

People

(Reporter: tsmith, Assigned: jya)

References

Details

(4 keywords, Whiteboard: [post-critsmash-triage][adv-main44-])

Attachments

(4 files)

Attached file call_stack.txt
I came across this fuzzing a couple weeks ago but have been swamped and didn't log it. It appears to be preventing me from reproducing bug 1206211
Attached video test_case.mp4
Assignee: nobody → jyavenard
I encountered that same crash when playing with ffmpeg on mac ; likely the same.
Attached patch P2. Amend gtest.Splinter Review
Attachment #8667696 - Flags: review?(bobbyholley)
Comment on attachment 8667695 [details] [diff] [review]
P1. Prevent crash when more than one promise is rejected.

Review of attachment 8667695 [details] [diff] [review]:
-----------------------------------------------------------------

Nice, thanks.
Attachment #8667695 - Flags: review?(bobbyholley) → review+
Comment on attachment 8667696 [details] [diff] [review]
P2. Amend gtest.

Review of attachment 8667696 [details] [diff] [review]:
-----------------------------------------------------------------

Please add a comment describing what this test misses without a second rejection. :-)
Attachment #8667696 - Flags: review?(bobbyholley) → review+
Nice find, Tyson.
(In reply to Bobby Holley (:bholley) from comment #7)
> Nice find, Tyson.

Thanks! Once this is in m-c I'll fire up that fuzzer again.
https://hg.mozilla.org/mozilla-central/rev/47db8328de21
https://hg.mozilla.org/mozilla-central/rev/c3a9d50943f4
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
Group: media-core-security → core-security-release
Whiteboard: [post-critsmash-triage]
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main44-]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.