Closed Bug 1407833 Opened 2 years ago Closed 2 years ago

panicked at 'attempt to add with overflow' in [@ mp4parse_capi::create_sample_table]

Categories

(Core :: Audio/Video: Playback, defect, P3)

defect

Tracking

()

RESOLVED FIXED
mozilla58
Tracking Status
firefox-esr52 --- unaffected
firefox56 --- wontfix
firefox57 --- wontfix
firefox58 --- fixed

People

(Reporter: tsmith, Assigned: ayang)

References

(Blocks 1 open bug)

Details

(Keywords: testcase)

Attachments

(2 files)

Attached video test_case.mp4
thread '<unnamed>' panicked at 'attempt to add with overflow', /builds/worker/workspace/build/src/media/libstagefright/binding/mp4parse_capi/src/lib.rs:844
stack backtrace:
   0:     0x7ff614bb8463 - std::sys::imp::backtrace::tracing::imp::unwind_backtrace::hcab99e0793da62c7
                               at /checkout/src/libstd/sys/unix/backtrace/tracing/gcc_s.rs:49
   1:     0x7ff614bb3786 - std::sys_common::backtrace::_print::hbfe5b0c7e79c0711
                               at /checkout/src/libstd/sys_common/backtrace.rs:71
   2:     0x7ff614bc5afa - std::panicking::default_hook::{{closure}}::h9ba2c6973907a2be
                               at /checkout/src/libstd/sys_common/backtrace.rs:60
                               at /checkout/src/libstd/panicking.rs:355
   3:     0x7ff614bc56fb - std::panicking::default_hook::he4d55e2dd21c3cca
                               at /checkout/src/libstd/panicking.rs:371
   4:     0x7ff614bc5f0b - std::panicking::rust_panic_with_hook::ha138c05cd33ad44d
                               at /checkout/src/libstd/panicking.rs:549
   5:     0x7ff614bc5de4 - std::panicking::begin_panic::hcdbfa35c94142fa2
                               at /checkout/src/libstd/panicking.rs:511
   6:     0x7ff614bc5d19 - std::panicking::begin_panic_fmt::hc09fe500d9b7be81
                               at /checkout/src/libstd/panicking.rs:495
   7:     0x7ff614bc5ca7 - rust_begin_unwind
                               at /checkout/src/libstd/panicking.rs:471
   8:     0x7ff614bdb04d - core::panicking::panic_fmt::h883a028e9f4b4457
                               at /checkout/src/libcore/panicking.rs:69
   9:     0x7ff614bdaf84 - core::panicking::panic::hdb3cf3207dda37bb
                               at /checkout/src/libcore/panicking.rs:49
  10:     0x7ff614341445 - <mp4parse_capi::SampleToChunkIterator<'a> as core::iter::iterator::Iterator>::next::{{closure}}::h75d2bc65443e8c92
                               at /builds/worker/workspace/build/src/media/libstagefright/binding/mp4parse_capi/src/lib.rs:844
  11:     0x7ff614341329 - <mp4parse_capi::SampleToChunkIterator<'a> as core::iter::iterator::Iterator>::next::h991d67725e2a52db
                               at /builds/worker/workspace/build/src/media/libstagefright/binding/mp4parse_capi/src/lib.rs:833
  12:     0x7ff6143415ff - mp4parse_capi::create_sample_table::h7d722112ba754ec6
                               at /builds/worker/workspace/build/src/media/libstagefright/binding/mp4parse_capi/src/lib.rs:889
  13:     0x7ff614341002 - mp4parse_get_indice_table
                               at /builds/worker/workspace/build/src/media/libstagefright/binding/mp4parse_capi/src/lib.rs:703
  14:     0x7ff609eb242c - _ZN11mp4_demuxer15MP4MetadataRust15ReadTrackIndiceEP18mp4parse_byte_datai
                               at /builds/worker/workspace/build/src/media/libstagefright/binding/MP4Metadata.cpp:1008
  15:     0x7ff609eb145d - _ZN11mp4_demuxer11MP4Metadata14GetTrackIndiceEi
                               at /builds/worker/workspace/build/src/media/libstagefright/binding/MP4Metadata.cpp:433
  16:     0x7ff60ed67ca2 - _ZN7mozilla10MP4Demuxer4InitEv
                               at /builds/worker/workspace/build/src/dom/media/fmp4/MP4Demuxer.cpp:247
  17:     0x7ff60e819715 - _ZZN7mozilla17MediaFormatReader12DemuxerProxy4InitEvENK4$_10clEv
                               at /builds/worker/workspace/build/src/dom/media/MediaFormatReader.cpp:1111
  18:     0x7ff60e8193c6 - _ZN7mozilla6detail21ProxyFunctionRunnableIZNS_17MediaFormatReader12DemuxerProxy4InitEvE4$_10NS_10MozPromiseINS_11MediaResultES6_Lb1EEEE3RunEv
                               at /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/MozPromise.h:1511
  19:     0x7ff60a106c19 - _ZN7mozilla9TaskQueue6Runner3RunEv
                               at /builds/worker/workspace/build/src/xpcom/threads/TaskQueue.cpp:246
  20:     0x7ff60a124fde - _ZN12nsThreadPool3RunEv
                               at /builds/worker/workspace/build/src/xpcom/threads/nsThreadPool.cpp:228
  21:     0x7ff60a12539c - _ZThn16_N12nsThreadPool3RunEv
                               at /builds/worker/workspace/build/src/xpcom/threads/nsThreadPool.cpp:156
  22:     0x7ff60a11d79f - _ZN8nsThread16ProcessNextEventEbPb
                               at /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1037
  23:     0x7ff60a13d260 - _Z19NS_ProcessNextEventP9nsIThreadb
                               at /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:524
  24:     0x7ff60acd7584 - _ZN7mozilla3ipc28MessagePumpForNonMainThreads3RunEPN4base11MessagePump8DelegateE
                               at /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:338
  25:     0x7ff60ac2ae27 - _ZN11MessageLoop11RunInternalEv
                               at /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326
  26:     0x7ff60ac2acb9 - _ZN11MessageLoop3RunEv
                               at /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299
  27:     0x7ff60a118f2e - _ZN8nsThread10ThreadFuncEPv
                               at /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:425
  28:     0x7ff626b7465d - _pt_root
                               at /builds/worker/workspace/build/src/nsprpub/pr/src/pthreads/ptthread.c:216
  29:     0x7ff62a4a16b9 - start_thread
  30:     0x7ff62952a3dc - clone
  31:                0x0 - <unknown>
Flags: in-testsuite?
This bisects all the way back to when the Rust MP4 parser first became pref-controlled.
Has Regression Range: --- → yes
Alfredo, 
Are you able to check this bug?
Flags: needinfo?(ayang)
(In reply to Blake Wu [:bwu][:blakewu] from comment #2)
> Alfredo, 
> Are you able to check this bug?

This is another invalid stream which produces on debug build only.
Per discussing with Alfredo, this is not what normal users would encounter, so set priority as P3.
Priority: P2 → P3
https://github.com/mozilla/mp4parse-rust/pull/123
Assignee: nobody → ayang
Flags: needinfo?(ayang)
Comment on attachment 8924073 [details]
Bug 1407833 - update rust mp4 parser for add overflow.

https://reviewboard.mozilla.org/r/195280/#review200354
Attachment #8924073 - Flags: review?(kinetik) → review+
Pushed by ayang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e102d4b48c35
update rust mp4 parser for add overflow. r=kinetik
https://hg.mozilla.org/mozilla-central/rev/e102d4b48c35
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
You need to log in before you can comment on or make changes to this bug.