Closed Bug 1303902 Opened 8 years ago Closed 8 years ago

FLAC file triggers assertion: mIsValid (Invalid checked integer (division by zero or integer overflow))

Categories

(Core :: Audio/Video: Playback, defect)

Product:
Core
Component:
Audio/Video: Playback
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla52
Tracking Flags:
Tracking Status
firefox51 --- fixed
firefox52 --- fixed

People

(Reporter: tsmith, Assigned: jya)

Details

(Keywords: assertion)

Attachments

(3 files)

log.txt
15.62 KB, text/plain
Details
test_case.flac
5.15 KB, audio/x-flac
Details
Bug 1303902: [FLAC] Actually check that we found the first frame.
58 bytes, text/x-review-board-request
u480271
: review+
gchang
: approval-mozilla-aurora+
Details
Attached file log.txt 
The following assertion is raised when playing the attached test case.

Assertion failure: mIsValid (Invalid checked integer (division by zero or integer overflow)), at /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/CheckedInt.h:559

==40441==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fcf282e0791 bp 0x7fcef11fbf40 sp 0x7fcef11fbf40 T54)
    #0 0x7fcf282e0790 in mozilla::CheckedInt<long>::value() const /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/CheckedInt.h:560:12
    #1 0x7fcf282e1d58 in mozilla::media::TimeUnit::IsInfinite() const /home/worker/workspace/build/src/obj-firefox/dist/include/TimeUnits.h:148:12
    #2 0x7fcf282e1a49 in mozilla::media::TimeUnit::operator-(mozilla::media::TimeUnit const&) const /home/worker/workspace/build/src/obj-firefox/dist/include/TimeUnits.h:183:5
    #3 0x7fcf2c848bc7 in mozilla::FlacTrackDemuxer::TimeAtEnd() /home/worker/workspace/build/src/dom/media/flac/FlacDemuxer.cpp:1057:37
    #4 0x7fcf2c843dd1 in mozilla::FlacTrackDemuxer::Init() /home/worker/workspace/build/src/dom/media/flac/FlacDemuxer.cpp:688:5
    #5 0x7fcf2c843eb1 in mozilla::FlacDemuxer::Init() /home/worker/workspace/build/src/dom/media/flac/FlacDemuxer.cpp:583:8
    #6 0x7fcf2c755d27 in mozilla::MediaFormatReader::AsyncReadMetadata() /home/worker/workspace/build/src/dom/media/MediaFormatReader.cpp:256:29
    #7 0x7fcf2c7159e5 in RefPtr<mozilla::MozPromise<RefPtr<mozilla::MetadataHolder>, mozilla::MediaResult, true> > mozilla::detail::MethodCallInvokeHelper<RefPtr<mozilla::MozPromise<RefPtr<mozilla::MetadataHolder>, mozilla::MediaResult, true> >, mozilla::MediaDecoderReader>(RefPtr<mozilla::MozPromise<RefPtr<mozilla::MetadataHolder>, mozilla::MediaResult, true> > (mozilla::MediaDecoderReader::*)(), mozilla::MediaDecoderReader*, mozilla::Tuple<>&, mozilla::IndexSequence<>) /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/MozPromise.h:917:10
...
See attached log for full stack.
Attached audio test_case.flac 

    
  
Flags: in-testsuite?

    
  
Assignee: nobody → jyavenard

    
    

    
      
  


  

    
    

    
      
  

    
    

    
  
Comment on attachment 8792730 [details]
Bug 1303902: [FLAC] Actually check that we found the first frame.

https://reviewboard.mozilla.org/r/79640/#review78650

        Attachment #8792730 -
        Flags: review?(dglastonbury) → review+

    
    

    
  
Pushed by jyavenard@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/aebe51086acb
[FLAC] Actually check that we found the first frame. r=kamidphish

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/aebe51086acb
Status: NEW → RESOLVED
Closed: 8 years ago

          status-firefox52:
          affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52

    
    

    
  
Comment on attachment 8792730 [details]
Bug 1303902: [FLAC] Actually check that we found the first frame.

Approval Request Comment
[Feature/regressing bug #]: 1195723
[User impact if declined]: Invalid file will cause a crash.
[Describe test coverage new/current, TreeHerder]: In central, manual test.
[Risks and why]: Very low, added a test that should have been there to start with
[String/UUID change made/needed]: none

        Attachment #8792730 -
        Flags: approval-mozilla-aurora?

    
    

    
  
Comment on attachment 8792730 [details]
Bug 1303902: [FLAC] Actually check that we found the first frame.

Fix a potential crash. Take it in 51 aurora.

        Attachment #8792730 -
        Flags: approval-mozilla-aurora? → approval-mozilla-aurora+

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: