Closed
Bug 1414623
Opened 7 years ago
Closed 7 years ago
Crash in mozilla::AudioStream::GetUnprocessed
Categories
(Core :: Audio/Video: Playback, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla59
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox56 | --- | unaffected |
firefox57 | --- | unaffected |
firefox58 | --- | disabled |
firefox59 | --- | fixed |
People
(Reporter: philipp, Assigned: u480271)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(2 files)
This bug was filed from the Socorro interface and is report bp-4b0fb92a-963d-4a3c-8a34-f2edb0171105. ============================================================= Crashing Thread (45) Frame Module Signature Source 0 libxul.so mozilla::AudioStream::GetUnprocessed dom/media/AudioStream.h:135 1 libxul.so mozilla::AudioStream::DataCallback dom/media/AudioStream.cpp:657 2 libxul.so std::sys_common::backtrace::__rust_begin_short_backtrace<closure, ()> media/audioipc/client/src/stream.rs:67 3 libxul.so alloc::boxed::{{impl}}::call_box<(), closure> src/libstd/thread/mod.rs:394 4 libxul.so std::sys::imp::thread::{{impl}}::new::thread_start src/liballoc/boxed.rs:692 Ø 5 libpthread-2.26.so libpthread-2.26.so@0x7089 Ø 6 libc-2.26.so libc-2.26.so@0xf647e these crash reports on linux are regressing in 58.0a1 starting with build 20171020100426. this is the pushlog to the day before: https://hg.mozilla.org/mozilla-central/pushloghtml?startdate=2017-10-19&tochange=d1e995c8640a191cd127e87273ec96cb2fabffa9 so perhaps related to bug 1407487?
Flags: needinfo?(dglastonbury)
Comment 1•7 years ago
|
||
It doesn't look this crash is related to bug 1407487 since this crash can date back to 2017-05-14.
Component: Audio/Video → Audio/Video: Playback
Updated•7 years ago
|
Priority: -- → P2
Reporter | ||
Comment 2•7 years ago
|
||
on linux it's regressing in 58.0a1 though.
Comment 3•7 years ago
|
||
(In reply to Blake Wu [:bwu][:blakewu] from comment #1) > It doesn't look this crash is related to bug 1407487 since this crash can > date back to 2017-05-14. Which report was on 2017-05-14?
Comment 4•7 years ago
|
||
Going back 1 year, I see reports from 48.0.2 to 58.01, on osx, win and linux. Possibly bug 1407487 made this rare bug more easy to hit on linux (which all crash w/ SIGBUS)? Here's a report from 2017-05-15: https://crash-stats.mozilla.com/report/index/f9c05eb5-bf28-43c6-bc84-b21470170515
Comment 5•7 years ago
|
||
(In reply to Mike Taylor [:miketaylr] (58 Regression Engineering Owner) from comment #4) > Going back 1 year, I see reports from 48.0.2 to 58.01, on osx, win and linux. > > Possibly bug 1407487 made this rare bug more easy to hit on linux (which all > crash w/ SIGBUS)? > > Here's a report from 2017-05-15: > > https://crash-stats.mozilla.com/report/index/f9c05eb5-bf28-43c6-bc84- > b21470170515 This one looks like a UAF which is really bad. I think this one is caused by some other memory bugs instead of cubeb/AudioStream itself.
I've been pondering on this one for a while and JW's assertion that this is a UAF gives me a clue at to what is causing this. I'll put together a patch and lets see if the issue disappears after that patch is applied.
Flags: needinfo?(dglastonbury)
Comment hidden (mozreview-request) |
Comment 8•7 years ago
|
||
mozreview-review |
Comment on attachment 8927116 [details] Bug 1414623 - P1: Make state_callback synchronous. https://reviewboard.mozilla.org/r/198332/#review203570 Seems like a good idea.
Attachment #8927116 -
Flags: review?(kinetik) → review+
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment 11•7 years ago
|
||
mozreview-review |
Comment on attachment 8928019 [details] Bug 1414623 - P2: Connect callback send/receive with Mutex. https://reviewboard.mozilla.org/r/199252/#review204294
Attachment #8928019 -
Flags: review?(kinetik) → review+
Assignee | ||
Comment 12•7 years ago
|
||
The 2nd try run looks a lot better. https://treeherder.mozilla.org/#/jobs?repo=try&revision=938c5a2c35703c32be1de5714b68e38c226b598e&group_state=expanded&selectedJob=144433966
Comment 13•7 years ago
|
||
Pushed by dglastonbury@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/96e5e96d36e9 P1: Make state_callback synchronous. r=kinetik https://hg.mozilla.org/integration/autoland/rev/b69589aa7089 P2: Connect callback send/receive with Mutex. r=kinetik
Comment 14•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/96e5e96d36e9 https://hg.mozilla.org/mozilla-central/rev/b69589aa7089
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox59:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
Assignee | ||
Comment 16•7 years ago
|
||
(In reply to Sylvestre Ledru [:sylvestre] from comment #15) > Dan, do you want to uplift that in 58? Yes.
Flags: needinfo?(dglastonbury)
Assignee | ||
Comment 17•7 years ago
|
||
(In reply to Dan Glastonbury :kamidphish from comment #16) > (In reply to Sylvestre Ledru [:sylvestre] from comment #15) > > Dan, do you want to uplift that in 58? > > Yes. Although the feature is only enabled on Nightly, so it might not be an issue that we see for Beta because it is disabled by default.
Flags: needinfo?(sledru)
Comment 18•7 years ago
|
||
OK, thanks. I updated the flag then. No need to take the patch then!
Flags: needinfo?(sledru)
Comment 19•6 years ago
|
||
This signature is still present in recent nightlies and betas: https://crash-stats.mozilla.com/signature/?product=Firefox&signature=mozilla%3A%3AAudioStream%3A%3AGetUnprocessed I encountered it today. Different bug?
You need to log in
before you can comment on or make changes to this bug.
Description
•