Closed Bug 1429536 Opened 2 years ago Closed 2 years ago

Assertion failure: !(aWidth&1), at /home/worker/workspace/build/src/dom/media/webrtc/MediaEngineDefault.cpp:145

Categories

(Core :: WebRTC, defect, P2)

59 Branch
defect

Tracking

()

RESOLVED FIXED
mozilla59
Tracking Status
firefox-esr52 --- wontfix
firefox57 --- wontfix
firefox58 --- wontfix
firefox59 --- fixed

People

(Reporter: jkratzer, Assigned: jib)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, testcase)

Attachments

(3 files)

Attached file trigger.html
Testcase found while fuzzing esr52 rev d61516b059c1.

OS|Linux|0.0.0 Linux 4.4.0-104-generic #127-Ubuntu SMP Mon Dec 11 12:16:42 UTC 2017 x86_64
CPU|amd64|family 6 model 78 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|24
24|0|libxul.so|mozilla::MediaEngineDefaultVideoSource::Notify|hg:hg.mozilla.org/releases/mozilla-esr52:dom/media/webrtc/MediaEngineDefault.cpp:d61516b059c1|145|0x0
24|1|libxul.so|nsTimerImpl::Fire|hg:hg.mozilla.org/releases/mozilla-esr52:xpcom/threads/nsTimerImpl.cpp:d61516b059c1|482|0x11
24|2|libxul.so|nsTimerEvent::Run|hg:hg.mozilla.org/releases/mozilla-esr52:xpcom/threads/TimerThread.cpp:d61516b059c1|285|0x17
24|3|libxul.so|nsThread::ProcessNextEvent|hg:hg.mozilla.org/releases/mozilla-esr52:xpcom/threads/nsThread.cpp:d61516b059c1|1216|0x11
24|4|libxul.so|NS_ProcessNextEvent|hg:hg.mozilla.org/releases/mozilla-esr52:xpcom/glue/nsThreadUtils.cpp:d61516b059c1|361|0xd
24|5|libxul.so|mozilla::ipc::MessagePumpForNonMainThreads::Run|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/glue/MessagePump.cpp:d61516b059c1|368|0xd
24|6|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/chromium/src/base/message_loop.cc:d61516b059c1|232|0x17
24|7|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/chromium/src/base/message_loop.cc:d61516b059c1|225|0x8
24|8|libxul.so|base::Thread::ThreadMain|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/chromium/src/base/thread.cc:d61516b059c1|180|0x8
24|9|libxul.so|ThreadFunc|hg:hg.mozilla.org/releases/mozilla-esr52:ipc/chromium/src/base/platform_thread_posix.cc:d61516b059c1|38|0x3
24|10|libpthread-2.23.so||||0x76ba
24|11|libc-2.23.so||||0x1073dd
Flags: in-testsuite?
The test case uses 'fake: true'. That makes it less important.

@jib: can you have a look or dispatch?
Rank: 15
Flags: needinfo?(jib)
Priority: -- → P2
Assignee: nobody → jib
Flags: needinfo?(jib)
Attached file simpler trigger.html
Simpler STRs (other one didn't trigger in Nightly for me).
Comment on attachment 8941681 [details]
Bug 1429536 - Assure even width and hight for fake:true camera, fixing debug crash.

https://reviewboard.mozilla.org/r/211924/#review217706

::: dom/media/webrtc/MediaEngineDefault.cpp:122
(Diff revision 1)
>                                  MediaEngine::DEFAULT_43_VIDEO_HEIGHT/2
>  #else
>                                  MediaEngine::DEFAULT_43_VIDEO_HEIGHT
>  #endif
>                                  );
> -  mOpts.mWidth = std::max(160, std::min(mOpts.mWidth, 4096));
> +  mOpts.mWidth = std::max(160, std::min(mOpts.mWidth, 4096)) & ~1;

(foo & -1) should be a no-op in 2s complement, perhaps you want (foo ^ 1).
Attachment #8941681 - Flags: review?(na-g) → review-
Comment on attachment 8941681 [details]
Bug 1429536 - Assure even width and hight for fake:true camera, fixing debug crash.

It's a tilde ~ i.e. bitwise NOT (one's complement), e.g. 0xfffffffe, not minus -
Attachment #8941681 - Flags: review- → review?(na-g)
Comment on attachment 8941681 [details]
Bug 1429536 - Assure even width and hight for fake:true camera, fixing debug crash.

https://reviewboard.mozilla.org/r/211924/#review217722
Attachment #8941681 - Flags: review?(na-g) → review+
Pushed by jbruaroey@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/172079108ce9
Assure even width and hight for fake:true camera, fixing debug crash. r=ng
https://hg.mozilla.org/mozilla-central/rev/172079108ce9
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
Since I believe we now properly support odd-width/height screencapture sources (and should support odd-sized camera sources, if they exist), we should support it here as well.  AllocateSolidColorFrame needs to change to do rounding correctly (i.e. (N+1)/2 instead of N/2 or N>>1, and for buffer sizes do that for both width and height instead of >>2)

Please file a followup bug.
You need to log in before you can comment on or make changes to this bug.