Closed Bug 1270135 Opened 8 years ago Closed 8 years ago

Crash in memset | mozilla::AudioCallbackBufferWrapper<T>::BufferFilled

Categories

(Core :: Audio/Video: cubeb, defect, P1)

45 Branch
x86
Windows 7
defect

Tracking

()

RESOLVED FIXED

People

(Reporter: padenot, Assigned: padenot)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-bc7c49f5-b1d2-40c2-9867-557dd2160503.
=============================================================
When draining (probable considering that it's trying to shut down the stream,
see the other thread), we can end up returning `true` from `get_output_buffer`
without touching the `frame_count`. `output_frames` is not zero because it's
containing garbage. Also `output_buffer` has probably an invalid value. We
probably allocate a massive buffer because we find that we don't have enough
input data in the linarized input buffer, possibly OOMing in the process.

If not, we call the call back, run the graph, and end up crashing somewhere
random in the MSG, possibly exactly at this crash location because we're
shutting down so no streams are writing to the output buffer until the logic
that fills in silence at the end.

This might fix bug 1268719, not sure.

Review commit: https://reviewboard.mozilla.org/r/50481/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/50481/
Attachment #8748688 - Flags: review?(kinetik)
Assignee: nobody → padenot
Rank: 10
Priority: -- → P1
Comment on attachment 8748688 [details]
MozReview Request: Bug 1270135 - Initialize the frame count properly to avoid passing a random value down the callback. r?kinetik

https://reviewboard.mozilla.org/r/50481/#review47321
Attachment #8748688 - Flags: review?(kinetik) → review+
I upstreamed the fix and will land it with bug 1270062.
Depends on: 1270062
See Also: → 1268719
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Depends on: 1273349
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: