crash in vorbis.acm@0x1f4f

RESOLVED FIXED in Firefox 50

Status

()

Core
Audio/Video: Playback
--
critical
RESOLVED FIXED
2 years ago
a year ago

People

(Reporter: alex_mayorga, Unassigned)

Tracking

({crash})

46 Branch
mozilla52
x86_64
Windows 10
crash
Points:
---

Firefox Tracking Flags

(firefox46 wontfix, firefox48 wontfix, firefox49 wontfix, firefox50 fixed, firefox51 fixed, firefox52 fixed)

Details

(crash signature)

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
This bug was filed from the Socorro interface and is 
report bp-768bd671-95d4-48d2-be25-368972160109.
=============================================================

¡Hola!

Filing per request from jya in #media.

Crashing Thread (60)
Frame	Module	Signature	Source
Ø 0	vorbis.acm	vorbis.acm@0x1f4f	
Ø 1	kernel32.dll	kernel32.dll@0x1b575	
Ø 2	vorbis.acm	vorbis.acm@0x15ff	
Ø 3	winmmbase.dll	winmmbase.dll@0x7a1d	
Ø 4	kernelbase.dll	kernelbase.dll@0x26862	
Ø 5	msacm32.dll	msacm32.dll@0x2793	
Ø 6	msacm32.dll	msacm32.dll@0x2261	
Ø 7	advapi32.dll	advapi32.dll@0x17160	
Ø 8	kernel32.dll	kernel32.dll@0xc798	
Ø 9	msacm32.dll	msacm32.dll@0x2af8	
Ø 10	ntdll.dll	ntdll.dll@0x258d3	
Ø 11	ntdll.dll	ntdll.dll@0x6d019	
Ø 12	msacm32.dll	msacm32.dll@0x2b70	
Ø 13	msacm32.dll	msacm32.dll@0x202f	
Ø 14	ntdll.dll	ntdll.dll@0x207d8	
Ø 15	kernel32.dll	kernel32.dll@0xc829	
Ø 16	msacm32.dll	msacm32.dll@0x127a7	
Ø 17	kernel32.dll	kernel32.dll@0x1014d	
Ø 18	msacm32.dll	msacm32.dll@0x126ff	
Ø 19	msacm32.dll	msacm32.dll@0x127bf	
Ø 20	msacm32.dll	msacm32.dll@0x127a7	
Ø 21	ntdll.dll	ntdll.dll@0x59a97	
Ø 22	audioses.dll	audioses.dll@0xb230	
Ø 23	audioses.dll	audioses.dll@0x70c57	
Ø 24	kernelbase.dll	kernelbase.dll@0x1563e	
Ø 25	audioses.dll	audioses.dll@0xb10f	
Ø 26	audioses.dll	audioses.dll@0x70acf	
Ø 27	audioses.dll	audioses.dll@0xb310	
Ø 28	audioses.dll	audioses.dll@0xb26f	
Ø 29	ntdll.dll	ntdll.dll@0x258d3	
Ø 30	kernelbase.dll	kernelbase.dll@0x1bf1f7	
Ø 31	kernel32.dll	kernel32.dll@0xdb45	
Ø 32	msacm32.dll	msacm32.dll@0x127bf	
Ø 33	kernel32.dll	kernel32.dll@0xe299	
Ø 34	msacm32.dll	msacm32.dll@0x127bb	
Ø 35	msacm32.dll	msacm32.dll@0x127bf	
Ø 36	msacm32.dll	msacm32.dll@0x1dee	
Ø 37	msacm32.dll	msacm32.dll@0x15dd	
Ø 38	msacm32.dll	msacm32.dll@0x110b2	
Ø 39	winmm.dll	winmm.dll@0x63af	
Ø 40	msacm32.dll	msacm32.dll@0x6ae4	
Ø 41	msacm32.dll	msacm32.dll@0xa7c5	
Ø 42	msacm32.drv	msacm32.drv@0x230c	
Ø 43	winmm.dll	winmm.dll@0x1bdf	
Ø 44	winmm.dll	winmm.dll@0x1bdf	
Ø 45	msacm32.drv	msacm32.drv@0x3c34	
Ø 46	msacm32.drv	msacm32.drv@0x3b2f	
Ø 47	WINMMBASE.dll	WINMMBASE.dll@0x7707	
Ø 48	ntdll.dll	ntdll.dll@0x208f8	
Ø 49	winmm.dll	winmm.dll@0x6632	
Ø 50	winmm.dll	winmm.dll@0xf22b	
Ø 51	winmm.dll	winmm.dll@0x194b7	
Ø 52	KERNELBASE.dll	KERNELBASE.dll@0x266ed	
Ø 53	winmm.dll	winmm.dll@0xf748	
Ø 54	winmm.dll	winmm.dll@0x201a	
Ø 55	winmm.dll	winmm.dll@0x18fc7	
Ø 56	winmm.dll	winmm.dll@0x1801f	
Ø 57	winmm.dll	winmm.dll@0x1c3d	
Ø 58	user32.dll	user32.dll@0x11168	
Ø 59	combase.dll	combase.dll@0x5dedf	
Ø 60	user32.dll	user32.dll@0x11043	
Ø 61	winmm.dll	winmm.dll@0x1bdf	
Ø 62	user32.dll	user32.dll@0x10c96	
Ø 63	winmm.dll	winmm.dll@0x1bdf	
Ø 64	user32.dll	user32.dll@0x1cb24	
Ø 65	winmm.dll	winmm.dll@0x3200	
Ø 66	winmm.dll	winmm.dll@0x1801f	
67		@0x7fffe173ffff	
Ø 68	kernel32.dll	kernel32.dll@0x18101	
Ø 69	winmm.dll	winmm.dll@0x30ef	
Ø 70	winmm.dll	winmm.dll@0x30ef	
Ø 71	ntdll.dll	ntdll.dll@0x5c2e3	
Ø 72	kernel32.dll	kernel32.dll@0x180df	
Ø 73	KERNELBASE.dll	KERNELBASE.dll@0xc7c7f

More crashes at https://crash-stats.mozilla.com/report/list?product=Firefox&signature=vorbis.acm%400x1f4f

¡Gracias!
(Reporter)

Comment 1

2 years ago
¡Hola Ralph!

jya suggested to ni? you on this one.

¡Gracias!
Flags: needinfo?(giles)
So vorbis.acm provides Ogg playback/export support in older windows applications. I found a similar crash report with FLstudio.

The Audio Compression Manager interface (https://en.wikipedia.org/wiki/Windows_legacy_audio_components#Audio_Compression_Manager) is deprecated, and I don't understand what's pulling it into our process. Maybe there's a directshow component which wraps them? Flash or another plugin? Without knowing how to block loading, I don't know what to recommend beyond uninstalling vorbis.acm.

Based on RtlFreeHeap in a lot of the crashes, it might be a CRT-mismatch with this component.
Flags: needinfo?(giles)
(Reporter)

Comment 3

2 years ago
¡Hola Ralph!

Does Firefox have a mechanism to suggest users to "uninstalling vorbis.acm"? Is this a plug-in that can be blacklisted perhaps?

https://crash-stats.mozilla.com/signature/?signature=vorbis.acm%400x1f4f shows 6 crashes in the past week in Release, Beta and Nightly.

¡Gracias!
Alex
status-firefox48: --- → affected
status-firefox49: --- → affected
status-firefox51: --- → affected
Flags: needinfo?(giles)
OS: Windows NT → Windows 10
Hardware: Unspecified → x86_64
Not really. We have the decoder doctor which adjusts playback preferences based on what works, but I don't believe it gives user feedback. We can block addons, but it's not clear to me this is just add-on. The stack traces are all different. One is from cubeb in a PluginContainer, another in webrtc code. The only common thing is calling waveOutOpen() or waveInOpen() in the win32 api and subsequently crashing in vorbis.acm.

Anthony, how would you suggest we address this?
Flags: needinfo?(giles) → needinfo?(ajones)
Perhaps the issue is an OGG masquerading an MP3 that is being fed to system decoders. If that is the case then we could sniff the MP3 files somehow to ensure they're actually MP3 before feeding them to Direct Show.
Chris - what do you make of this?
Flags: needinfo?(ajones) → needinfo?(cpearce)
All the crashes I've looked at are in vorbis.acm version 0.0.3.6. So we can just add that to our DLL blocklist.
Flags: needinfo?(cpearce)
Comment hidden (mozreview-request)

Comment 9

a year ago
mozreview-review
Comment on attachment 8794039 [details]
Bug 1239690 - Add vorbis.acm version 0.0.3.6 to the DLL blocklist.

https://reviewboard.mozilla.org/r/80620/#review79764
Attachment #8794039 - Flags: review?(aklotz) → review+

Comment 10

a year ago
Pushed by cpearce@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/dcb05d2949bb
Add vorbis.acm version 0.0.3.6 to the DLL blocklist. r=aklotz

Comment 11

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/dcb05d2949bb
Status: NEW → RESOLVED
Last Resolved: a year ago
status-firefox52: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
status-firefox46: affected → wontfix
status-firefox48: affected → wontfix
status-firefox49: affected → wontfix
status-firefox50: --- → ?
Comment on attachment 8794039 [details]
Bug 1239690 - Add vorbis.acm version 0.0.3.6 to the DLL blocklist.

Approval Request Comment
[Feature/regressing bug #]: Audio playback
[User impact if declined]: Crashes for people who have an old version of a DirectShow Vorbis decoder installed. (That decoder seems to be loading into our process somehow, and injecting itself into the system audio playback code, and crashing when we play audio.)
[Describe test coverage new/current, TreeHerder]: We don't use the DirectShow Vorbis decoder in question, so we don't have test coverage for this.
[Risks and why]: We're blocking a buggy DLL from loading, and we don't intentionally load this, so this should be low risk.
[String/UUID change made/needed]: None.
Attachment #8794039 - Flags: approval-mozilla-beta?
Attachment #8794039 - Flags: approval-mozilla-aurora?
status-firefox50: ? → affected
Comment on attachment 8794039 [details]
Bug 1239690 - Add vorbis.acm version 0.0.3.6 to the DLL blocklist.

Block listing a dll to avoid crashes, Aurora51+, Beta50+
Attachment #8794039 - Flags: approval-mozilla-beta?
Attachment #8794039 - Flags: approval-mozilla-beta+
Attachment #8794039 - Flags: approval-mozilla-aurora?
Attachment #8794039 - Flags: approval-mozilla-aurora+

Comment 14

a year ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-aurora/rev/2653658638c3
status-firefox51: affected → fixed

Comment 15

a year ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-beta/rev/a049f0f0b853
status-firefox50: affected → fixed
Looks like 0.0.3.6 is the only available version, so this crash could reappear again should they ever release a new version. Since this DLL injected in our process doesn't do anything, can we block all versions?
The software is unmaintained, so new versions are unlikely. I'd leave it like it is and update the blocklist later if necessary.
You need to log in before you can comment on or make changes to this bug.