Closed
Bug 1426678
Opened 7 years ago
Closed 7 years ago
Assertion failure: mRawPtr != nullptr (You can't dereference a NULL RefPtr with operator*().), at /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:370
Categories
(Core :: WebRTC, defect)
Tracking
()
RESOLVED
FIXED
mozilla59
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox57 | --- | unaffected |
firefox58 | --- | unaffected |
firefox59 | --- | fixed |
People
(Reporter: jkratzer, Assigned: dminor)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(2 files)
Testcase found while fuzzing mozilla-central rev 5b1fdaa14d35.
Testcase must be provided via a local webserver in order to reproduce. Further, the testcase may require several reloads in order to trigger.
OS|Linux|0.0.0 Linux 4.4.0-104-generic #127-Ubuntu SMP Mon Dec 11 12:16:42 UTC 2017 x86_64
CPU|amd64|family 6 model 78 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|0
0|0|libxul.so|RefPtr<mozilla::dom::MediaStreamTrack>::operator*|hg:hg.mozilla.org/mozilla-central:mfbt/RefPtr.h:5b1fdaa14d35|369|0x5
0|1|libxul.so|mozilla::PeerConnectionImpl::DTMFState::Notify|hg:hg.mozilla.org/mozilla-central:media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp:5b1fdaa14d35|3834|0x8
0|2|libxul.so|nsTimerImpl::Fire|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsTimerImpl.cpp:5b1fdaa14d35|704|0x11
0|3|libxul.so|nsTimerEvent::Run|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TimerThread.cpp:5b1fdaa14d35|286|0x18
0|4|libxul.so|nsThread::ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:5b1fdaa14d35|1039|0x15
0|5|libxul.so|NS_ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:5b1fdaa14d35|508|0x11
0|6|libxul.so|mozilla::ipc::MessagePump::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:5b1fdaa14d35|97|0xa
0|7|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:5b1fdaa14d35|326|0x17
0|8|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:5b1fdaa14d35|319|0x8
0|9|libxul.so|nsBaseAppShell::Run|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:5b1fdaa14d35|157|0xd
0|10|libxul.so|XRE_RunAppShell|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:5b1fdaa14d35|875|0x11
0|11|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:5b1fdaa14d35|269|0x5
0|12|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:5b1fdaa14d35|326|0x17
0|13|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:5b1fdaa14d35|319|0x8
0|14|libxul.so|XRE_InitChildProcess|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:5b1fdaa14d35|701|0x8
0|15|firefox|content_process_main|hg:hg.mozilla.org/mozilla-central:ipc/contentproc/plugin-container.cpp:5b1fdaa14d35|63|0x14
0|16|firefox|main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:5b1fdaa14d35|280|0x11
0|17|libc-2.23.so||||0x20830
0|18|firefox|MOZ_ReportAssertionFailure|hg:hg.mozilla.org/mozilla-central:mfbt/Assertions.h:5b1fdaa14d35|165|0x5
Flags: in-testsuite?
Reporter | ||
Updated•7 years ago
|
Blocks: fuzzing-webrtc
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → dminor
Status: NEW → ASSIGNED
Comment hidden (mozreview-request) |
Comment 2•7 years ago
|
||
mozreview-review |
Comment on attachment 8938402 [details]
Bug 1426678 - Ensure SendTrack is not null before trying to dispatch DTMF event;
https://reviewboard.mozilla.org/r/209106/#review214868
Attachment #8938402 -
Flags: review?(docfaraday) → review+
Pushed by dminor@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2e99f273f7b7
Ensure SendTrack is not null before trying to dispatch DTMF event; r=bwc
Comment 4•7 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
Updated•7 years ago
|
status-firefox57:
--- → unaffected
status-firefox58:
--- → unaffected
status-firefox-esr52:
--- → unaffected
Flags: in-testsuite? → in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•