Closed
Bug 1281695
Opened 8 years ago
Closed 7 years ago
mozGetUserMedia from zombie window ⇒ MOZ_CRASH [@ mozilla::MediaManager::PostTask] during shutdown
Categories
(Core :: WebRTC: Audio/Video, defect, P4)
Core
WebRTC: Audio/Video
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: assertion, crash, testcase)
Crash Data
Attachments
(3 files)
1. Load the testcase 2. Quit Firefox Result: MOZ_CRASH [@ mozilla::MediaManager::PostTask] during shutdown I'm testing on Mac and without e10s, in case that matters. khuey added this MOZ_CRASH in https://hg.mozilla.org/mozilla-central/rev/30dcf34cfb75#l7.336 (bug 1266595) Is this a security hole (either before or after that patch)?
Reporter | ||
Comment 1•8 years ago
|
||
Sometimes I see this non-fatal assertion before the crash: ###!!! ASSERTION: Mainthread not available; running on current thread: 'false', file MediaManager.h, line 299
Reporter | ||
Comment 2•8 years ago
|
||
Reporter | ||
Comment 3•8 years ago
|
||
Related testcases hit: [GFX1]: Texture deallocated too late during shutdown Assertion failure: false (An assert from the graphics logger), at Logging.h:519
Comment 4•8 years ago
|
||
(In reply to Jesse Ruderman from comment #0) > Is this a security hole (either before or after that patch)?
Flags: needinfo?(khuey)
I don't think so but really someone who is familiar with this code should answer ...
Flags: needinfo?(khuey)
Comment 6•8 years ago
|
||
Randell, how bad is this? The crash doesn't seem bad, but maybe an assertion would be...
Flags: needinfo?(rjesup)
Comment 7•8 years ago
|
||
The assertion is safe (though related to this crash). Basically it says "Hey, you've held things that need threading in the CC graph past where we can use normal methods" aka DispatchToMainThread/etc. We worked around a leak caused by this in MediaManager (and added the assertion as a poke to find a better fix); the irony is that almost by definition we're already running on MainThread. In this case, mMediaThread is likely shut down/null already, so we we wouldn't be sending anything anyways, and the worst case was just a leak. Before bug 1266595 it was just a return; kyle added the MOZ_CRASH() as part of some big change I don't think any media people reviewed. Kyle - what was your reasoning? I don't see this as any sort of security hole at present, btw, and am good with opening this if jesse agrees.
Flags: needinfo?(rjesup)
Flags: needinfo?(khuey)
Flags: needinfo?(jruderman)
Updated•8 years ago
|
Severity: critical → normal
Rank: 33
Priority: -- → P3
Before bug 1266595 it was a DEBUG-only assertion in already_AddRefed's destructor. I decided to make it more visible because the code doesn't explicitly leak, and the comment doesn't make it clear what the intended behavior is here.
Flags: needinfo?(khuey)
Comment 9•8 years ago
|
||
Aha. Last time I worked on it, it wasn't an already_AddRefed<> Runnable; you (kyle) landed that change in bug 1266595 as well. Before that I think it just cleanly leaked. The right solution might be to just cleanly leak again in this case (adopt the already-addrefed and forget it). And if I understand the report I got from Nils at London (I wasn't able to attend); there will be a change in how final-CC works so we shouldn't get bitten by this once that change lands.
Updated•8 years ago
|
Group: media-core-security
Comment 10•7 years ago
|
||
Mass change P3->P4 to align with new Mozilla triage process.
Priority: P3 → P4
Comment 11•7 years ago
|
||
No longer reproduces on trunk. I tried to bisect when exactly this got fixed, but ran into some issues getting it down to a short range for some reason. Appears to have been around early June, though.
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox50:
affected → ---
Flags: needinfo?(jruderman) → in-testsuite+
Resolution: --- → WORKSFORME
Comment 12•7 years ago
|
||
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/06a6bd2d785f Add crashtest. r=me
Comment 13•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/06a6bd2d785f
You need to log in
before you can comment on or make changes to this bug.
Description
•