Closed
Bug 1225003
Opened 9 years ago
Closed 9 years ago
Crash [@ mozilla::WebAudioDecodeJob::SizeOfExcludingThis]
Categories
(Core :: Web Audio, defect, P1)
Core
Web Audio
Tracking
()
RESOLVED
FIXED
mozilla45
| Tracking | Status | |
|---|---|---|
| firefox42 | --- | unaffected |
| firefox43 | --- | fixed |
| firefox44 | --- | fixed |
| firefox45 | --- | fixed |
| b2g-v2.5 | --- | fixed |
People
(Reporter: jruderman, Assigned: karlt)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(5 files)
|
311 bytes,
text/html
|
Details | |
|
7.61 KB,
text/plain
|
Details | |
|
1.69 KB,
patch
|
erahm
:
review+
lizzard
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
|
1.94 KB,
patch
|
padenot
:
review+
lizzard
:
approval-mozilla-aurora+
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
|
1.92 KB,
patch
|
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
The testcase crashes [@ mozilla::WebAudioDecodeJob::SizeOfExcludingThis].
(It might trip bug 1222202 first, but that's probably unrelated).
The testcase calls fuzzPriv.getMemoryReports, which does pretty much the same calls as clicking "Measure" in about:memory, but lets the testcase control the timing. Run with https://github.com/MozillaSecurity/funfuzz/tree/master/dom/extension installed in a temporary profile. (Or modify the testcase so the timing doesn't need to be so precise?)
|
Reporter | |
Comment 1•9 years ago
|
||
|
Assignee | |
Comment 2•9 years ago
|
||
Thanks. Similar to bug 1221855.
I should fix this too:
https://hg.mozilla.org/mozilla-central/annotate/a8ed7dd831d1/dom/media/webaudio/AudioDestinationNode.cpp#l181
Assignee: nobody → karlt
Blocks: 1199559
Status: NEW → ASSIGNED
status-firefox42:
--- → unaffected
status-firefox43:
--- → affected
status-firefox44:
--- → affected
Keywords: regression
Priority: -- → P1
|
|
Assignee | |
Comment 3•9 years ago
|
||
The testing of the offline context is limited due to bug 1225282, but does
catch the crash fixed here.
Attachment #8688193 -
Flags: review?(erahm)
|
|
Assignee | |
Comment 4•9 years ago
|
||
Attachment #8688194 -
Flags: review?(padenot)
|
||
Comment 5•9 years ago
|
||
Comment on attachment 8688193 [details] [diff] [review]
test no crashes in decodeAudioData() and offline context memory reporting
Review of attachment 8688193 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/media/webaudio/test/test_WebAudioMemoryReporting.html
@@ +46,5 @@
> SpecialPowers.Cc["@mozilla.org/memory-reporter-manager;1"].
> getService(SpecialPowers.Ci.nsIMemoryReporterManager).
> getReports(handleReport, null, finished, null, /* anonymized = */ false);
>
> +ac.decodeAudioData(new ArrayBuffer(4), function(){}, function(){});
min: maybe add a note here about what we're trying to do. Is the goal to run |decodeAudioData| while reporting memory?
Attachment #8688193 -
Flags: review?(erahm) → review+
|
||
Updated•9 years ago
|
Attachment #8688194 -
Flags: review?(padenot) → review+
|
||
Updated•9 years ago
|
Rank: 10
|
|
Assignee | |
Comment 7•9 years ago
|
||
(In reply to Eric Rahm [:erahm] from comment #5)
> min: maybe add a note here about what we're trying to do. Is the goal to run
> |decodeAudioData| while reporting memory?
Yes. Added a note.
Flags: in-testsuite+
|
||
Comment 8•9 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/3c4b0d791c5d
https://hg.mozilla.org/mozilla-central/rev/4c1b0d416870
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
|
|
Assignee | |
Comment 9•9 years ago
|
||
Use this instead of attachment 8688193 [details] [diff] [review] on 43 branch, which does not have bug 1194555 fixed.
|
|
Assignee | |
Comment 10•9 years ago
|
||
Comment on attachment 8688194 [details] [diff] [review]
null-check mBuffer in SizeOfExcludingThis()
Approval Request Comment
[Feature/regressing bug #]: bug 1199559
[User impact if declined]: potential null-deref crash after running about:memory while OfflineAudioContext or decodeAudioData() is in use.
[Describe test coverage new/current, TreeHerder]: new test.
[Risks and why]: very low. simple null check.
This is the same fix as was uplifted for bug 1221855 in different code.
[String/UUID change made/needed]: none.
Attachment #8688194 -
Flags: approval-mozilla-beta?
Attachment #8688194 -
Flags: approval-mozilla-aurora?
|
||
Comment 11•9 years ago
|
||
Comment on attachment 8688194 [details] [diff] [review]
null-check mBuffer in SizeOfExcludingThis()
Please uplift to aurora and beta, crash fix, includes a test.
Attachment #8688194 -
Flags: approval-mozilla-beta?
Attachment #8688194 -
Flags: approval-mozilla-beta+
Attachment #8688194 -
Flags: approval-mozilla-aurora?
Attachment #8688194 -
Flags: approval-mozilla-aurora+
|
|
||
Comment 12•9 years ago
|
||
Comment on attachment 8689325 [details] [diff] [review]
43 branch: test no crashes in decodeAudioData() and offline context memory reporting
[Triage Comment]
Test for crash fix. Please uplift this to beta (instead of attachment 8688193 [details] [diff] [review])
Attachment #8689325 -
Flags: approval-mozilla-beta+
|
|
||
Comment 13•9 years ago
|
||
Comment on attachment 8688193 [details] [diff] [review]
test no crashes in decodeAudioData() and offline context memory reporting
[Triage Comment]
Test for crash fix, ok to uplift to aurora.
Attachment #8688193 -
Flags: approval-mozilla-aurora+
|
||
Comment 14•9 years ago
|
||
| bugherder uplift | ||
|
|
||
Comment 15•9 years ago
|
||
| bugherder uplift | ||
|
|
||
Comment 16•9 years ago
|
||
| bugherder uplift | ||
https://hg.mozilla.org/releases/mozilla-b2g44_v2_5/rev/0988f97bcef0
https://hg.mozilla.org/releases/mozilla-b2g44_v2_5/rev/a551f6125d8c
status-b2g-v2.5:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•