1303902 - FLAC file triggers assertion: mIsValid (Invalid checked integer (division by zero or integer overflow))

Status: RESOLVED FIXED

(Core :: Audio/Video: Playback, defect)

Description

[Tyson Smith [:tsmith]]

Attachment: log.txt

The following assertion is raised when playing the attached test case.

Assertion failure: mIsValid (Invalid checked integer (division by zero or integer overflow)), at /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/CheckedInt.h:559

==40441==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fcf282e0791 bp 0x7fcef11fbf40 sp 0x7fcef11fbf40 T54)
    #0 0x7fcf282e0790 in mozilla::CheckedInt<long>::value() const /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/CheckedInt.h:560:12
    #1 0x7fcf282e1d58 in mozilla::media::TimeUnit::IsInfinite() const /home/worker/workspace/build/src/obj-firefox/dist/include/TimeUnits.h:148:12
    #2 0x7fcf282e1a49 in mozilla::media::TimeUnit::operator-(mozilla::media::TimeUnit const&) const /home/worker/workspace/build/src/obj-firefox/dist/include/TimeUnits.h:183:5
    #3 0x7fcf2c848bc7 in mozilla::FlacTrackDemuxer::TimeAtEnd() /home/worker/workspace/build/src/dom/media/flac/FlacDemuxer.cpp:1057:37
    #4 0x7fcf2c843dd1 in mozilla::FlacTrackDemuxer::Init() /home/worker/workspace/build/src/dom/media/flac/FlacDemuxer.cpp:688:5
    #5 0x7fcf2c843eb1 in mozilla::FlacDemuxer::Init() /home/worker/workspace/build/src/dom/media/flac/FlacDemuxer.cpp:583:8
    #6 0x7fcf2c755d27 in mozilla::MediaFormatReader::AsyncReadMetadata() /home/worker/workspace/build/src/dom/media/MediaFormatReader.cpp:256:29
    #7 0x7fcf2c7159e5 in RefPtr<mozilla::MozPromise<RefPtr<mozilla::MetadataHolder>, mozilla::MediaResult, true> > mozilla::detail::MethodCallInvokeHelper<RefPtr<mozilla::MozPromise<RefPtr<mozilla::MetadataHolder>, mozilla::MediaResult, true> >, mozilla::MediaDecoderReader>(RefPtr<mozilla::MozPromise<RefPtr<mozilla::MetadataHolder>, mozilla::MediaResult, true> > (mozilla::MediaDecoderReader::*)(), mozilla::MediaDecoderReader*, mozilla::Tuple<>&, mozilla::IndexSequence<>) /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/MozPromise.h:917:10
...
See attached log for full stack.

Comment 1

[Tyson Smith [:tsmith]]

Attachment: test_case.flac

Comment 2

[Jean-Yves Avenard [:jya]]

Attachment: Bug 1303902: [FLAC] Actually check that we found the first frame.

Review commit: https://reviewboard.mozilla.org/r/79640/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/79640/

Comment 3

[Jean-Yves Avenard [:jya]]

Comment on attachment 8792730 [details]
Bug 1303902: [FLAC] Actually check that we found the first frame.

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/79640/diff/1-2/

Comment 4

[u480271]

Comment on attachment 8792730 [details]
Bug 1303902: [FLAC] Actually check that we found the first frame.

https://reviewboard.mozilla.org/r/79640/#review78650

Comment 5

[Pulsebot]

Pushed by jyavenard@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/aebe51086acb
[FLAC] Actually check that we found the first frame. r=kamidphish

Comment 6

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/aebe51086acb

Comment 7

[Jean-Yves Avenard [:jya]]

Comment on attachment 8792730 [details]
Bug 1303902: [FLAC] Actually check that we found the first frame.

Approval Request Comment
[Feature/regressing bug #]: 1195723
[User impact if declined]: Invalid file will cause a crash.
[Describe test coverage new/current, TreeHerder]: In central, manual test.
[Risks and why]: Very low, added a test that should have been there to start with
[String/UUID change made/needed]: none

Comment 8

[Gerry Chang [:gchang]]

Comment on attachment 8792730 [details]
Bug 1303902: [FLAC] Actually check that we found the first frame.

Fix a potential crash. Take it in 51 aurora.

Comment 9

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-aurora/rev/249bd57d6428