Closed
Bug 1423920
Opened 8 years ago
Closed 8 years ago
Crash in arena_t::DallocSmall | arena_dalloc | `anonymous namespace''::wasapi_device_collection_destroy
Categories
(Core :: WebRTC: Audio/Video, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla59
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox57 | --- | unaffected |
| firefox58 | --- | unaffected |
| firefox59 | --- | fixed |
People
(Reporter: calixte, Assigned: padenot)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression, Whiteboard: [clouseau])
Crash Data
This bug was filed from the Socorro interface and is
report bp-43567cef-f307-4d17-a30b-9ac730171207.
=============================================================
Top 10 frames of crashing thread:
0 mozglue.dll arena_t::DallocSmall memory/build/mozjemalloc.cpp:3402
1 mozglue.dll arena_dalloc memory/build/mozjemalloc.cpp:3499
2 xul.dll `anonymous namespace'::wasapi_device_collection_destroy media/libcubeb/src/cubeb_wasapi.cpp:2387
3 xul.dll cubeb_device_collection_destroy media/libcubeb/src/cubeb.c:605
4 xul.dll mozilla::AudioInputCubeb::UpdateDeviceList dom/media/webrtc/MediaEngineWebRTC.cpp:104
5 xul.dll mozilla::AudioInputCubeb::GetNumOfRecordingDevices dom/media/webrtc/MediaEngineWebRTC.h:193
6 xul.dll mozilla::MediaEngineWebRTC::EnumerateAudioDevices dom/media/webrtc/MediaEngineWebRTC.cpp:290
7 xul.dll mozilla::GetSources<mozilla::AudioDevice> dom/media/MediaManager.cpp:1318
8 xul.dll <lambda_28fccb895c21c9dc9d2492c3fb2c88f7>::operator dom/media/MediaManager.cpp:1741
9 xul.dll mozilla::media::LambdaTask<<lambda_28fccb895c21c9dc9d2492c3fb2c88f7> >::Run dom/media/systemservices/MediaTaskUtils.h:37
=============================================================
There is 1 crash in nightly 59 with buildid 20171206221407. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1397793.
[1] https://hg.mozilla.org/mozilla-central/rev/a781b123b252
Flags: needinfo?(padenot)
|
Assignee | |
Updated•8 years ago
|
Assignee: nobody → padenot
Flags: needinfo?(padenot)
|
||
Updated•8 years ago
|
Rank: 10
Priority: -- → P2
|
||
Comment 1•8 years ago
|
||
This is a symptom of memory corruption, or passing a UAF address to delete, or passing a bad ptr to delete (uninitialized, etc) at a guess.
Adding achronop, though likely it's not really caused by cubeb - the new code might be using the cubeb enumeration differently, though.
This is probably a must-fix regression for bug 1397793
Rank: 10 → 7
Priority: P2 → P1
|
|
Assignee | |
Comment 2•8 years ago
|
||
Fixed in https://reviewboard.mozilla.org/r/206292/diff/1-2/, that has landed on central.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
||
Updated•8 years ago
|
Target Milestone: --- → mozilla59
You need to log in
before you can comment on or make changes to this bug.
Description
•