Closed
Bug 1387793
Opened 8 years ago
Closed 8 years ago
Assertion failure: false [@ mp4_demuxer::SPSNALIterator::operator*]
Categories
(Core :: Audio/Video: Playback, defect, P1)
Core
Audio/Video: Playback
Tracking
()
RESOLVED
FIXED
mozilla57
People
(Reporter: tsmith, Assigned: ayang)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(2 files)
|
933.26 KB,
video/mp4
|
Details | |
|
6.00 KB,
patch
|
kinetik
:
review+
|
Details | Diff | Splinter Review |
Assertion failure: false, at src/media/libstagefright/binding/include/mp4_demuxer/ByteReader.h:78
Marking as s-s for now.
#0 0x7f5a559069f9 in mp4_demuxer::ByteReader::ReadU16() src/media/libstagefright/binding/include/mp4_demuxer/ByteReader.h:78:7
#1 0x7f5a5590e773 in mp4_demuxer::SPSNALIterator::operator*() const src/media/libstagefright/binding/H264.cpp:311:30
#2 0x7f5a5590e42a in mp4_demuxer::H264::DecodeSPSFromExtraData(mozilla::MediaByteBuffer const*, mp4_demuxer::SPSData&) src/media/libstagefright/binding/H264.cpp:738:11
#3 0x7f5a5a412d2a in mozilla::AccumulateSPSTelemetry(mozilla::MediaByteBuffer const*) src/dom/media/fmp4/MP4Demuxer.cpp:87:7
#4 0x7f5a5a415bba in mozilla::MP4TrackDemuxer::MP4TrackDemuxer(mozilla::MP4Demuxer*, mozilla::UniquePtr<mozilla::TrackInfo, mozilla::DefaultDelete<mozilla::TrackInfo> >&&, mp4_demuxer::IndiceWrapper const&) src/dom/media/fmp4/MP4Demuxer.cpp:373:28
#5 0x7f5a5a413dbc in mozilla::MP4Demuxer::Init() src/dom/media/fmp4/MP4Demuxer.cpp:255:13
#6 0x7f5a59ee6465 in mozilla::MediaFormatReader::DemuxerProxy::Init()::$_10::operator()() const src/dom/media/MediaFormatReader.cpp:1027:47
#7 0x7f5a59ee6116 in mozilla::detail::ProxyFunctionRunnable<mozilla::MediaFormatReader::DemuxerProxy::Init()::$_10, mozilla::MozPromise<mozilla::MediaResult, mozilla::MediaResult, true> >::Run() src/obj-firefox/dist/include/mozilla/MozPromise.h:1510:29
#8 0x7f5a55b45645 in mozilla::TaskQueue::Runner::Run() src/xpcom/threads/TaskQueue.cpp:246:12
#9 0x7f5a55b8195e in nsThreadPool::Run() src/xpcom/threads/nsThreadPool.cpp:225:14
#10 0x7f5a55b81ddc in non-virtual thunk to nsThreadPool::Run() src/xpcom/threads/nsThreadPool.cpp:154:15
#11 0x7f5a55b794b0 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1446:14
#12 0x7f5a55b7f0f0 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:480:10
#13 0x7f5a566e1f64 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:339:20
#14 0x7f5a566336e7 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:326:10
#15 0x7f5a56633579 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:299:3
#16 0x7f5a55b7161b in nsThread::ThreadFunc(void*) src/xpcom/threads/nsThread.cpp:506:11
#17 0x7f5a7203a5ed in _pt_root src/nsprpub/pr/src/pthreads/ptthread.c:216:5
#18 0x7f5a756446b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#19 0x7f5a746cd3dc in clone /build/glibc-bfm8X4/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Flags: in-testsuite?
|
||
Comment 1•8 years ago
|
||
Alfredo,
This looks at your wheelhouse.
Flags: needinfo?(ayang)
Priority: -- → P1
|
Assignee | |
Comment 2•8 years ago
|
||
Hi, do you run this in debug?
The assertion is caused by incorrect streams.
The extra data in the stream is:
01 42 c0 0d ff e1 00
The final '00' is the number of SPS; however, it should be 2 bytes, not 1 byte. So it causes assertion. There is nothing wrong in codes.
I have tried 54.0.1, and it can't be played as I expected.
Flags: needinfo?(ayang) → needinfo?(twsmith)
|
Reporter | |
Comment 3•8 years ago
|
||
(In reply to Alfredo Yang (:alfredo) from comment #2)
> Hi, do you run this in debug?
>
> The assertion is caused by incorrect streams.
> The extra data in the stream is:
>
> 01 42 c0 0d ff e1 00
>
> The final '00' is the number of SPS; however, it should be 2 bytes, not 1
> byte. So it causes assertion. There is nothing wrong in codes.
>
> I have tried 54.0.1, and it can't be played as I expected.
Yes this assertion came from a debug build. This was found by fuzzing. If this assertion is incorrect or invalid please remove it.
Flags: needinfo?(twsmith)
|
|
Assignee | |
Comment 4•8 years ago
|
||
The assertion is here for developer to find the problem quickly because the stream is incorrect. Since it's not affect on release, I'd prefer to keep it.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
|
||
Comment 5•8 years ago
|
||
Can it be downgraded to a warning instead of an assertion?
|
|
Assignee | |
Comment 6•8 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM] from comment #5)
> Can it be downgraded to a warning instead of an assertion?
Sure, I'll add a patch for that.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
|
|
Assignee | |
Comment 7•8 years ago
|
||
Assignee: nobody → ayang
Attachment #8895689 -
Flags: review?(kinetik)
|
||
Updated•8 years ago
|
Attachment #8895689 -
Flags: review?(kinetik) → review+
|
|
Assignee | |
Updated•8 years ago
|
Keywords: checkin-needed
|
||
Updated•8 years ago
|
Group: media-core-security
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/9c8a770bde30
Downgrade assertion to warning. r=kinetik
Keywords: checkin-needed
|
||
Comment 9•8 years ago
|
||
| bugherder | ||
Status: REOPENED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
|
|
||
Updated•8 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•