Crash in OpusDecoder: ASSERTION: You can't dereference a NULL nsAutoPtr with operator->().: '

RESOLVED INVALID

Status

()

defect
RESOLVED INVALID
4 years ago
4 years ago

People

(Reporter: jya, Unassigned)

Tracking

(Blocks 1 bug)

43 Branch
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
Got a crash, with YouTube webm enabled.

In OpusDataDecoder::DoDecode, we have mOpusParser being null.
causing a null derefer when reading the number of channels.

[25165] ###!!! ASSERTION: You can't dereference a NULL nsAutoPtr with operator->().: 'mRawPtr != 0', file ../../../dist/include/nsAutoPtr.h, line 196
(lldb) bt
* thread #113: tid = 0x1c76c6, 0x00000001071e3ffe XUL`mozilla::OpusDataDecoder::DoDecode(this=0x0000000138e5eda0, aSample=0x000000011769a0d0) + 126 at OpusDecoder.cpp:142, name = 'MediaPD~oder #1', stop reason = EXC_BAD_ACCESS (code=1, address=0x8)
  * frame #0: 0x00000001071e3ffe XUL`mozilla::OpusDataDecoder::DoDecode(this=0x0000000138e5eda0, aSample=0x000000011769a0d0) + 126 at OpusDecoder.cpp:142
    frame #1: 0x00000001071e3f0f XUL`mozilla::OpusDataDecoder::Decode(this=0x0000000138e5eda0, aSample=0x000000011769a0d0) + 47 at OpusDecoder.cpp:128
    frame #2: 0x00000001071f880f XUL`void nsRunnableMethodArguments<nsRefPtr<mozilla::MediaRawData> >::apply<mozilla::OpusDataDecoder, void (this=0x0000000137887e90, o=0x0000000138e5eda0, m=0x00000001071e3ee0)(mozilla::MediaRawData*)>(mozilla::OpusDataDecoder*, void (mozilla::OpusDataDecoder::*)(mozilla::MediaRawData*)) + 159 at nsThreadUtils.h:674
    frame #3: 0x00000001071f8486 XUL`nsRunnableMethodImpl<void (mozilla::OpusDataDecoder::*)(mozilla::MediaRawData*), true, nsRefPtr<mozilla::MediaRawData> >::Run(this=0x0000000137887e60) + 134 at nsThreadUtils.h:868
    frame #4: 0x0000000103f1cc2f XUL`mozilla::TaskQueue::Runner::Run(this=0x000000013438df40) + 591 at TaskQueue.cpp:170
    frame #5: 0x0000000103f28b8f XUL`nsThreadPool::Run(this=0x00000001176942b0) + 1231 at nsThreadPool.cpp:227
    frame #6: 0x0000000103f28c8c XUL`non-virtual thunk to nsThreadPool::Run(this=0x00000001176942b0) + 28 at nsThreadPool.cpp:155
    frame #7: 0x0000000103f25451 XUL`nsThread::ProcessNextEvent(this=0x0000000148f1dc80, aMayWait=false, aResult=0x000000014abccc3e) + 1921 at nsThread.cpp:960
    frame #8: 0x0000000103fa5267 XUL`NS_ProcessNextEvent(aThread=0x0000000148f1dc80, aMayWait=false) + 151 at nsThreadUtils.cpp:277
    frame #9: 0x0000000104603100 XUL`mozilla::ipc::MessagePumpForNonMainThreads::Run(this=0x00000001378a3ba0, aDelegate=0x000000013433cd20) + 624 at MessagePump.cpp:326
    frame #10: 0x0000000104531ab5 XUL`MessageLoop::RunInternal(this=0x000000013433cd20) + 117 at message_loop.cc:234
    frame #11: 0x00000001045319c5 XUL`MessageLoop::RunHandler(this=0x000000013433cd20) + 21 at message_loop.cc:227
    frame #12: 0x000000010453196d XUL`MessageLoop::Run(this=0x000000013433cd20) + 45 at message_loop.cc:201
    frame #13: 0x0000000103f2333d XUL`nsThread::ThreadFunc(aArg=0x0000000148f1dc80) + 445 at nsThread.cpp:382
    frame #14: 0x0000000103b747e1 libnss3.dylib`_pt_root(arg=0x0000000148f200c0) + 449 at ptthread.c:212
    frame #15: 0x00007fff8a69105a libsystem_pthread.dylib`_pthread_body + 131
    frame #16: 0x00007fff8a690fd7 libsystem_pthread.dylib`_pthread_start + 176
    frame #17: 0x00007fff8a68e3ed libsystem_pthread.dylib`thread_start + 13
(lldb)
(Reporter)

Comment 1

4 years ago
I can see this only happening if we attempt to feed the decoder with data before the decoder being initialized.

This could happen with any codecs really, likely a regression due to bug
Depends on: 1146086
(Reporter)

Comment 2

4 years ago
This is due to a side modification I made not being added to the mDecodersInitRequest and the code relies on mDecodersInitRequest not existing to call the decoder.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.