Closed Bug 1380468 Opened 8 years ago Closed 8 years ago

mp4 file triggers OOM

Categories

(Core :: Audio/Video: Playback, defect)

Product:
Core
Component:
Audio/Video: Playback
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla56
Tracking Flags:
Tracking Status
firefox56 --- fixed

People

(Reporter: tsmith, Assigned: ayang)

References

Details

(Keywords: csectype-oom, testcase)

Attachments

(3 files)

test_case.mp4
2.37 KB, video/mp4
Details
Bug 1380468 - don't fallback when table size is too large.
59 bytes, text/x-review-board-request
kinetik
: review+
Details
Bug 1380468 - update rust parser.
59 bytes, text/x-review-board-request
kinetik
: review+
Details
Attached video test_case.mp4
==121631==ERROR: AddressSanitizer failed to allocate 0x300002000 (12884910080) bytes of LargeMmapAllocator (error code: 12) ==121631==AddressSanitizer CHECK failed: /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:120 "((0 && "unable to mmap")) != (0)" (0x0, 0x0) #0 0x4c580f in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_rtl.cc:67:3 #1 0x4d8322 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_termination.cc:79:5 #2 0x4ca08e in __sanitizer::ReportMmapFailureAndDie(unsigned long, char const*, char const*, int, bool) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:120:3 #3 0x4d264b in __sanitizer::MmapOrDie(unsigned long, char const*, bool) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_posix.cc:132:5 #4 0x4218f4 in __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback>::Allocate(__sanitizer::AllocatorStats*, unsigned long, unsigned long) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator.h:1057:9 #5 0x4217b8 in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<105553116266496ul, 4398046511104ul, 0ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __asan::AsanMapUnmapCallback>, __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<105553116266496ul, 4398046511104ul, 0ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __asan::AsanMapUnmapCallback> >, __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback> >::Allocate(__sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<105553116266496ul, 4398046511104ul, 0ul, __sanitizer::SizeClassMap<17ul, 128ul, 16ul>, __asan::AsanMapUnmapCallback> >*, unsigned long, unsigned long, bool, bool) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator.h:1326:24 #6 0x41e932 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_allocator.cc:368:21 #7 0x41f10d in __asan::Allocator::Reallocate(void*, unsigned long, __sanitizer::BufferedStackTrace*) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_allocator.cc:549:21 #8 0x4bbe82 in realloc /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:85:10 #9 0x7f20d640a319 in alloc_system::imp::reallocate /checkout/src/liballoc_system/lib.rs:143 #10 0x7f20d640a319 in alloc_system::__rust_reallocate /checkout/src/liballoc_system/lib.rs:63 #11 0x7f20d640a319 in alloc::heap::reallocate /checkout/src/liballoc/heap.rs:93 #12 0x7f20d640a319 in _$LT$alloc..raw_vec..RawVec$LT$T$GT$$GT$::double::hd770ab531a4200ab /checkout/src/liballoc/raw_vec.rs:232 #13 0x7f20d640903e in collections::vec::{{impl}}::push<mp4parse_capi::mp4parse_indice> /checkout/src/libcollections/vec.rs:969 #14 0x7f20d640903e in mp4parse_capi::create_sample_table src/media/libstagefright/binding/mp4parse_capi/src/lib.rs:905 #15 0x7f20d640903e in mp4parse_get_indice_table src/media/libstagefright/binding/mp4parse_capi/src/lib.rs:706 #16 0x7f20c9babeaf in mp4_demuxer::MP4MetadataRust::ReadTrackIndice(mp4parse_byte_data*, int) src/media/libstagefright/binding/MP4Metadata.cpp:1011:8 #17 0x7f20c9ba990f in mp4_demuxer::MP4Metadata::GetTrackIndice(int) src/media/libstagefright/binding/MP4Metadata.cpp:434:33 #18 0x7f20cf6213c5 in mozilla::MP4Demuxer::Init() src/dom/media/fmp4/MP4Demuxer.cpp:247:18 #19 0x7f20cefd48e4 in operator() src/dom/media/MediaFormatReader.cpp:1030:47 #20 0x7f20cefd48e4 in mozilla::detail::ProxyFunctionRunnable<mozilla::MediaFormatReader::DemuxerProxy::Init()::$_10, mozilla::MozPromise<mozilla::MediaResult, mozilla::MediaResult, true> >::Run() src/obj-firefox/dist/include/mozilla/MozPromise.h:1510 #21 0x7f20c9df27e4 in mozilla::TaskQueue::Runner::Run() src/xpcom/threads/TaskQueue.cpp:246:12 #22 0x7f20c9e243c8 in nsThreadPool::Run() src/xpcom/threads/nsThreadPool.cpp:225:14 #23 0x7f20c9e24b0c in non-virtual thunk to nsThreadPool::Run() src/xpcom/threads/nsThreadPool.cpp:154:15 #24 0x7f20c9e1a875 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1437:14 #25 0x7f20c9e20aa8 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:489:10 #26 0x7f20cac341e0 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:339:20 #27 0x7f20cab8f0e0 in RunInternal src/ipc/chromium/src/base/message_loop.cc:320:10 #28 0x7f20cab8f0e0 in RunHandler src/ipc/chromium/src/base/message_loop.cc:313 #29 0x7f20cab8f0e0 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:293 #30 0x7f20c9e124dd in nsThread::ThreadFunc(void*) src/xpcom/threads/nsThread.cpp:506:11 #31 0x7f20e48d3423 in _pt_root src/nsprpub/pr/src/pthreads/ptthread.c:216:5 #32 0x7f20e7ecb6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) #33 0x7f20e6f543dc in clone /build/glibc-bfm8X4/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Allocation from the Rust MP4 parser. Alfredo, could you please have a look, when possible? (Or reassign)
Flags: needinfo?(ayang)
Sure, I'll check it.
Assignee: nobody → ayang
Flags: needinfo?(ayang)
Comment on attachment 8886453 [details] Bug 1380468 - update rust parser. https://reviewboard.mozilla.org/r/157236/#review162362
Attachment #8886453 - Flags: review?(kinetik) → review+
Comment on attachment 8886452 [details] Bug 1380468 - don't fallback when table size is too large. https://reviewboard.mozilla.org/r/157234/#review162364
Attachment #8886452 - Flags: review?(kinetik) → review+
Thanks for quick review!
Pushed by ayang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d6286a7f8094 don't fallback when table size is too large. r=kinetik https://hg.mozilla.org/integration/autoland/rev/294935222edd update rust parser. r=kinetik
https://hg.mozilla.org/mozilla-central/rev/d6286a7f8094 https://hg.mozilla.org/mozilla-central/rev/294935222edd
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox56: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
Alfredo, it looks like this fix has automated coverage. Would manual testing be relevant here?
Flags: qe-verify?
Flags: needinfo?(ayang)
(In reply to Andrei Vaida [:avaida], Desktop Release QA – please ni? me from comment #13) > Alfredo, it looks like this fix has automated coverage. Would manual testing > be relevant here? The autotest is on rust only. It'd be good if QA can help to test it manually, that helps to cover gecko part.
Flags: needinfo?(ayang)
hmm... it'd be better to add the test file into gecko mochitest.
Flags: needinfo?(ayang)
See Also: → 1404182
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: