Closed
Bug 1442297
Opened 7 years ago
Closed 5 years ago
AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp:279:24 in FakeVideoEncoder::Encode_m(GMPVideoi420Frame*, GMPVideoFrameType)
Categories
(Core :: Audio/Video: Playback, defect, P2)
Core
Audio/Video: Playback
Tracking
()
RESOLVED
DUPLICATE
of bug 1444363
People
(Reporter: tiberius_oros, Unassigned)
References
Details
(Keywords: csectype-uaf, intermittent-failure, sec-low)
https://treeherder.mozilla.org/logviewer.html#?job_id=165217117&repo=mozilla-inbound&lineNumber=15760
[task 2018-03-01T15:32:12.060Z] 15:32:12 ERROR - GECKO(2863) | ==3856==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000000e6c at pc 0x7f49296ebdd9 bp 0x7ffc6fb675e0 sp 0x7ffc6fb675d8
[task 2018-03-01T15:32:12.061Z] 15:32:12 INFO - GECKO(2863) | READ of size 4 at 0x603000000e6c thread T0
[task 2018-03-01T15:32:12.083Z] 15:32:12 INFO - GECKO(2863) | MEMORY STAT | vsize 20974550MB | residentFast 1003MB
[task 2018-03-01T15:32:12.133Z] 15:32:12 INFO - GECKO(2863) | #0 0x7f49296ebdd8 in FakeVideoEncoder::Encode_m(GMPVideoi420Frame*, GMPVideoFrameType) /builds/worker/workspace/build/src/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp:279:24
[task 2018-03-01T15:32:12.134Z] 15:32:12 INFO - GECKO(2863) | #1 0x7f49296ebae5 in FakeEncoderTask::Run() /builds/worker/workspace/build/src/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp:319:13
[task 2018-03-01T15:32:12.175Z] 15:32:12 INFO - TEST-OK | dom/media/tests/mochitest/test_peerConnection_basicH264Video.html | took 2284ms
[task 2018-03-01T15:32:12.306Z] 15:32:12 INFO - TEST-START | dom/media/tests/mochitest/test_peerConnection_basicScreenshare.html
[task 2018-03-01T15:32:12.632Z] 15:32:12 INFO - GECKO(2863) | TEST DEVICES: Using media devices:
[task 2018-03-01T15:32:12.633Z] 15:32:12 INFO - GECKO(2863) | audio: Monitor of Null Output
[task 2018-03-01T15:32:12.633Z] 15:32:12 INFO - GECKO(2863) | video: Dummy video device (0x0000)
[task 2018-03-01T15:32:12.766Z] 15:32:12 INFO - GECKO(2863) | Timecard created 1519918330.417200
[task 2018-03-01T15:32:12.766Z] 15:32:12 INFO - GECKO(2863) | Timestamp | Delta | Event | File | Function
[task 2018-03-01T15:32:12.766Z] 15:32:12 INFO - GECKO(2863) | ======================================================================================================================
[task 2018-03-01T15:32:12.766Z] 15:32:12 INFO - GECKO(2863) | 0.000041 | 0.000041 | Constructor Completed | PeerConnectionImpl.cpp:359 | PeerConnectionImpl
[task 2018-03-01T15:32:12.766Z] 15:32:12 INFO - GECKO(2863) | 0.002808 | 0.002767 | Initializing PC Ctx | PeerConnectionImpl.cpp:650 | Initialize
[task 2018-03-01T15:32:12.767Z] 15:32:12 INFO - GECKO(2863) | 0.195980 | 0.193172 | Create Offer | PeerConnectionImpl.cpp:1538 | CreateOffer
[task 2018-03-01T15:32:12.767Z] 15:32:12 INFO - GECKO(2863) | 0.213463 | 0.017483 | Set Local Description | PeerConnectionImpl.cpp:1743 | SetLocalDescription
[task 2018-03-01T15:32:12.772Z] 15:32:12 INFO - GECKO(2863) | 0.309666 | 0.096203 | Set Remote Description | PeerConnectionImpl.cpp:1846 | SetRemoteDescription
[task 2018-03-01T15:32:12.774Z] 15:32:12 INFO - GECKO(2863) | 0.352810 | 0.043144 | Ice gathering state: gathering | PeerConnectionImpl.cpp:3190 | IceGatheringStateChange
[task 2018-03-01T15:32:12.776Z] 15:32:12 INFO - GECKO(2863) | 0.370470 | 0.017660 | Ice gathering state: complete | PeerConnectionImpl.cpp:3193 | IceGatheringStateChange
[task 2018-03-01T15:32:12.777Z] 15:32:12 INFO - GECKO(2863) | 0.480447 | 0.109977 | Add Ice Candidate | PeerConnectionImpl.cpp:2014 | AddIceCandidate
[task 2018-03-01T15:32:12.782Z] 15:32:12 INFO - GECKO(2863) | 0.499130 | 0.018683 | Add Ice Candidate | PeerConnectionImpl.cpp:2014 | AddIceCandidate
[task 2018-03-01T15:32:12.784Z] 15:32:12 INFO - GECKO(2863) | 0.629351 | 0.130221 | Ice state: checking | PeerConnectionImpl.cpp:3142 | IceConnectionStateChange
[task 2018-03-01T15:32:12.786Z] 15:32:12 INFO - GECKO(2863) | 0.631450 | 0.002099 | Ice state: connected | PeerConnectionImpl.cpp:3145 | IceConnectionStateChange
[task 2018-03-01T15:32:12.787Z] 15:32:12 INFO - GECKO(2863) | 2.339998 | 1.708548 | Destructor Invoked | PeerConnectionImpl.cpp:373 | ~PeerConnectionImpl
[task 2018-03-01T15:32:12.788Z] 15:32:12 INFO - GECKO(2863) | [2913:Main Thread]: I/signaling [main|PeerConnectionImpl] PeerConnectionImpl.cpp:402: ~PeerConnectionImpl: PeerConnectionImpl destructor invoked for c42df92db740f307
[task 2018-03-01T15:32:12.790Z] 15:32:12 INFO - GECKO(2863) | Timecard created 1519918330.435222
[task 2018-03-01T15:32:12.791Z] 15:32:12 INFO - GECKO(2863) | Timestamp | Delta | Event | File | Function
[task 2018-03-01T15:32:12.793Z] 15:32:12 INFO - GECKO(2863) | ======================================================================================================================
[task 2018-03-01T15:32:12.794Z] 15:32:12 INFO - GECKO(2863) | 0.000032 | 0.000032 | Constructor Completed | PeerConnectionImpl.cpp:359 | PeerConnectionImpl
[task 2018-03-01T15:32:12.795Z] 15:32:12 INFO - GECKO(2863) | 0.001617 | 0.001585 | Initializing PC Ctx | PeerConnectionImpl.cpp:650 | Initialize
[task 2018-03-01T15:32:12.797Z] 15:32:12 INFO - GECKO(2863) | 0.222085 | 0.220468 | Set Remote Description | PeerConnectionImpl.cpp:1846 | SetRemoteDescription
[task 2018-03-01T15:32:12.798Z] 15:32:12 INFO - GECKO(2863) | 0.268111 | 0.046026 | Create Answer | PeerConnectionImpl.cpp:1609 | CreateAnswer
[task 2018-03-01T15:32:12.799Z] 15:32:12 INFO - GECKO(2863) | 0.275195 | 0.007084 | Set Local Description | PeerConnectionImpl.cpp:1743 | SetLocalDescription
[task 2018-03-01T15:32:12.801Z] 15:32:12 INFO - GECKO(2863) | 0.350760 | 0.075565 | Ice gathering state: gathering | PeerConnectionImpl.cpp:3190 | IceGatheringStateChange
[task 2018-03-01T15:32:12.802Z] 15:32:12 INFO - GECKO(2863) | 0.356865 | 0.006105 | Ice gathering state: complete | PeerConnectionImpl.cpp:3193 | IceGatheringStateChange
[task 2018-03-01T15:32:12.803Z] 15:32:12 INFO - GECKO(2863) | 0.395800 | 0.038935 | Add Ice Candidate | PeerConnectionImpl.cpp:2014 | AddIceCandidate
[task 2018-03-01T15:32:12.805Z] 15:32:12 INFO - GECKO(2863) | 0.407984 | 0.012184 | Add Ice Candidate | PeerConnectionImpl.cpp:2014 | AddIceCandidate
[task 2018-03-01T15:32:12.806Z] 15:32:12 INFO - GECKO(2863) | 0.425863 | 0.017879 | Add Ice Candidate | PeerConnectionImpl.cpp:2014 | AddIceCandidate
[task 2018-03-01T15:32:12.807Z] 15:32:12 INFO - GECKO(2863) | 0.444888 | 0.019025 | Add Ice Candidate | PeerConnectionImpl.cpp:2014 | AddIceCandidate
[task 2018-03-01T15:32:12.808Z] 15:32:12 INFO - GECKO(2863) | 0.501230 | 0.056342 | Ice state: checking | PeerConnectionImpl.cpp:3142 | IceConnectionStateChange
[task 2018-03-01T15:32:12.810Z] 15:32:12 INFO - GECKO(2863) | 0.617604 | 0.116374 | Ice state: connected | PeerConnectionImpl.cpp:3145 | IceConnectionStateChange
[task 2018-03-01T15:32:12.811Z] 15:32:12 INFO - GECKO(2863) | 2.328570 | 1.710966 | Destructor Invoked | PeerConnectionImpl.cpp:373 | ~PeerConnectionImpl
[task 2018-03-01T15:32:12.813Z] 15:32:12 INFO - GECKO(2863) | [2913:Main Thread]: I/signaling [main|PeerConnectionImpl] PeerConnectionImpl.cpp:402: ~PeerConnectionImpl: PeerConnectionImpl destructor invoked for de9866c7509a2c57
[task 2018-03-01T15:32:12.996Z] 15:32:12 INFO - GECKO(2863) | [2913:Main Thread]: I/signaling [main|PeerConnectionImpl] PeerConnectionImpl.cpp:358: PeerConnectionImpl: PeerConnectionImpl constructor for
[task 2018-03-01T15:32:12.996Z] 15:32:12 INFO - GECKO(2863) | [2863:Socket Thread]: D/mtransport NrIceCtx static call to find local stun addresses
[task 2018-03-01T15:32:13.012Z] 15:32:13 INFO - GECKO(2863) | [2913:Main Thread]: I/signaling [main|PeerConnectionImpl] PeerConnectionImpl.cpp:358: PeerConnectionImpl: PeerConnectionImpl constructor for
[task 2018-03-01T15:32:13.012Z] 15:32:13 INFO - GECKO(2863) | [2863:Socket Thread]: D/mtransport NrIceCtx static call to find local stun addresses
[task 2018-03-01T15:32:13.056Z] 15:32:13 INFO - GECKO(2863) | [2913:Main Thread]: I/signaling [main|PeerConnectionMedia] PeerConnectionMedia.cpp:64: OnProxyAvailable: Proxy Available: 0
[task 2018-03-01T15:32:13.057Z] 15:32:13 INFO - GECKO(2863) | [2913:Main Thread]: I/signaling [main|PeerConnectionMedia] PeerConnectionMedia.cpp:122: OnStunAddrsAvailable: receiving (4) stun addrs
[task 2018-03-01T15:32:13.057Z] 15:32:13 INFO - GECKO(2863) | [2913:Main Thread]: I/signaling [main|PeerConnectionMedia] PeerConnectionMedia.cpp:64: OnProxyAvailable: Proxy Available: 0
[task 2018-03-01T15:32:13.057Z] 15:32:13 INFO - GECKO(2863) | [2913:Main Thread]: I/signaling [main|PeerConnectionMedia] PeerConnectionMedia.cpp:122: OnStunAddrsAvailable: receiving (4) stun addrs
[task 2018-03-01T15:32:13.104Z] 15:32:13 INFO - GECKO(2863) | #2 0x7f4945c833e9 in mozilla::gmp::GMPRunnable::Run() /builds/worker/workspace/build/src/dom/media/gmp/GMPPlatform.cpp:44:12
[task 2018-03-01T15:32:13.110Z] 15:32:13 INFO - GECKO(2863) | #3 0x7f4945ccfd04 in applyImpl<mozilla::gmp::GMPRunnable, void (mozilla::gmp::GMPRunnable::*)()> /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:1149:12
[task 2018-03-01T15:32:13.110Z] 15:32:13 INFO - GECKO(2863) | #4 0x7f4945ccfd04 in apply<mozilla::gmp::GMPRunnable, void (mozilla::gmp::GMPRunnable::*)()> /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:1155
[task 2018-03-01T15:32:13.112Z] 15:32:13 INFO - GECKO(2863) | #5 0x7f4945ccfd04 in mozilla::detail::RunnableMethodImpl<RefPtr<mozilla::gmp::GMPRunnable>, void (mozilla::gmp::GMPRunnable::*)(), true, (mozilla::RunnableKind)0>::Run() /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:1200
[task 2018-03-01T15:32:13.133Z] 15:32:13 INFO - GECKO(2863) | #6 0x7f49405c77f3 in RunTask /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:452:9
[task 2018-03-01T15:32:13.134Z] 15:32:13 INFO - GECKO(2863) | #7 0x7f49405c77f3 in DeferOrRunPendingTask /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:460
[task 2018-03-01T15:32:13.136Z] 15:32:13 INFO - GECKO(2863) | #8 0x7f49405c77f3 in MessageLoop::DoWork() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:535
[task 2018-03-01T15:32:13.137Z] 15:32:13 INFO - GECKO(2863) | #9 0x7f49405c9768 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/chromium/src/base/message_pump_default.cc:36:31
[task 2018-03-01T15:32:13.138Z] 15:32:13 INFO - GECKO(2863) | #10 0x7f49405c4bd9 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10
[task 2018-03-01T15:32:13.139Z] 15:32:13 INFO - GECKO(2863) | #11 0x7f49405c4bd9 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319
[task 2018-03-01T15:32:13.140Z] 15:32:13 INFO - GECKO(2863) | #12 0x7f49405c4bd9 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299
[task 2018-03-01T15:32:13.141Z] 15:32:13 INFO - GECKO(2863) | #13 0x7f494b66fd9a in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:718:34
[task 2018-03-01T15:32:13.160Z] 15:32:13 INFO - GECKO(2863) | #14 0x4f1126 in content_process_main /builds/worker/workspace/build/src/ipc/app/../contentproc/plugin-container.cpp:50:30
[task 2018-03-01T15:32:13.162Z] 15:32:13 INFO - GECKO(2863) | #15 0x4f1126 in main /builds/worker/workspace/build/src/ipc/app/MozillaRuntimeMain.cpp:25
[task 2018-03-01T15:32:13.184Z] 15:32:13 INFO - GECKO(2863) | [2913:Main Thread]: E/signaling [main|WebrtcVideoSessionConduit] VideoConduit.cpp:1204: Init Initialization Done
[task 2018-03-01T15:32:13.287Z] 15:32:13 INFO - GECKO(2863) | #16 0x7f493c52682f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
[task 2018-03-01T15:32:13.289Z] 15:32:13 INFO - GECKO(2863) | #17 0x420d28 in _start (/builds/worker/workspace/build/application/firefox/plugin-container+0x420d28)
[task 2018-03-01T15:32:13.291Z] 15:32:13 INFO - GECKO(2863) | 0x603000000e6c is located 28 bytes inside of 32-byte region [0x603000000e50,0x603000000e70)
[task 2018-03-01T15:32:13.292Z] 15:32:13 INFO - GECKO(2863) | freed by thread T0 here:
[task 2018-03-01T15:32:13.293Z] 15:32:13 INFO - GECKO(2863) | #0 0x4eeb82 in operator delete(void*) /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:149:3
[task 2018-03-01T15:32:13.295Z] 15:32:13 INFO - GECKO(2863) | #1 0x7f4945ccb175 in mozilla::gmp::GMPVideoEncoderChild::RecvEncodingComplete() /builds/worker/workspace/build/src/dom/media/gmp/GMPVideoEncoderChild.cpp:186:18
[task 2018-03-01T15:32:13.317Z] 15:32:13 INFO - GECKO(2863) | #2 0x7f494080036f in mozilla::gmp::PGMPVideoEncoderChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/build/src/obj-firefox/ipc/ipdl/PGMPVideoEncoderChild.cpp:437:20
[task 2018-03-01T15:32:13.357Z] 15:32:13 INFO - GECKO(2863) | #3 0x7f49407d370f in mozilla::gmp::PGMPContentChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/build/src/obj-firefox/ipc/ipdl/PGMPContentChild.cpp:172:28
[task 2018-03-01T15:32:13.394Z] 15:32:13 INFO - GECKO(2863) | #4 0x7f49406691de in mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2110:25
[task 2018-03-01T15:32:13.395Z] 15:32:13 INFO - GECKO(2863) | #5 0x7f4940666257 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2040:17
[task 2018-03-01T15:32:13.396Z] 15:32:13 INFO - GECKO(2863) | #6 0x7f4940663d57 in mozilla::ipc::MessageChannel::Call(IPC::Message*, IPC::Message*) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:1662:13
[task 2018-03-01T15:32:13.398Z] 15:32:13 INFO - GECKO(2863) | #7 0x7f49407fe635 in mozilla::gmp::PGMPVideoEncoderChild::CallNeedShmem(unsigned int const&, mozilla::ipc::Shmem*) /builds/worker/workspace/build/src/obj-firefox/ipc/ipdl/PGMPVideoEncoderChild.cpp:177:39
[task 2018-03-01T15:32:13.400Z] 15:32:13 INFO - GECKO(2863) | #8 0x7f4945ccb310 in mozilla::gmp::GMPVideoEncoderChild::Alloc(unsigned long, mozilla::ipc::SharedMemory::SharedMemoryType, mozilla::ipc::Shmem*) /builds/worker/workspace/build/src/dom/media/gmp/GMPVideoEncoderChild.cpp:207:8
[task 2018-03-01T15:32:13.401Z] 15:32:13 INFO - GECKO(2863) | #9 0x7f4945cb70f6 in mozilla::gmp::GMPSharedMemManager::MgrAllocShmem(mozilla::gmp::GMPSharedMem::GMPMemoryClasses, unsigned long, mozilla::ipc::SharedMemory::SharedMemoryType, mozilla::ipc::Shmem*) /builds/worker/workspace/build/src/dom/media/gmp/GMPSharedMemManager.cpp:42:17
[task 2018-03-01T15:32:13.403Z] 15:32:13 INFO - GECKO(2863) | #10 0x7f4945cc8755 in mozilla::gmp::GMPVideoEncodedFrameImpl::CreateEmptyFrame(unsigned int) /builds/worker/workspace/build/src/dom/media/gmp/GMPVideoEncodedFrameImpl.cpp:117:33
[task 2018-03-01T15:32:13.405Z] 15:32:13 INFO - GECKO(2863) | #11 0x7f49296eee69 in FakeVideoEncoder::SendFrame(GMPVideoi420Frame*, GMPVideoFrameType, unsigned char) /builds/worker/workspace/build/src/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp:205:14
[task 2018-03-01T15:32:13.407Z] 15:32:13 INFO - GECKO(2863) | #12 0x7f49296ebbca in FakeVideoEncoder::Encode_m(GMPVideoi420Frame*, GMPVideoFrameType) /builds/worker/workspace/build/src/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp
[task 2018-03-01T15:32:13.409Z] 15:32:13 INFO - GECKO(2863) | #13 0x7f49296ebae5 in FakeEncoderTask::Run() /builds/worker/workspace/build/src/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp:319:13
[task 2018-03-01T15:32:13.412Z] 15:32:13 INFO - GECKO(2863) | #14 0x7f4945c833e9 in mozilla::gmp::GMPRunnable::Run() /builds/worker/workspace/build/src/dom/media/gmp/GMPPlatform.cpp:44:12
[task 2018-03-01T15:32:13.414Z] 15:32:13 INFO - GECKO(2863) | #15 0x7f4945ccfd04 in applyImpl<mozilla::gmp::GMPRunnable, void (mozilla::gmp::GMPRunnable::*)()> /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:1149:12
[task 2018-03-01T15:32:13.417Z] 15:32:13 INFO - GECKO(2863) | #16 0x7f4945ccfd04 in apply<mozilla::gmp::GMPRunnable, void (mozilla::gmp::GMPRunnable::*)()> /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:1155
[task 2018-03-01T15:32:13.424Z] 15:32:13 INFO - GECKO(2863) | #17 0x7f4945ccfd04 in mozilla::detail::RunnableMethodImpl<RefPtr<mozilla::gmp::GMPRunnable>, void (mozilla::gmp::GMPRunnable::*)(), true, (mozilla::RunnableKind)0>::Run() /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:1200
[task 2018-03-01T15:32:13.426Z] 15:32:13 INFO - GECKO(2863) | #18 0x7f49405c77f3 in RunTask /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:452:9
[task 2018-03-01T15:32:13.427Z] 15:32:13 INFO - GECKO(2863) | #19 0x7f49405c77f3 in DeferOrRunPendingTask /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:460
[task 2018-03-01T15:32:13.429Z] 15:32:13 INFO - GECKO(2863) | #20 0x7f49405c77f3 in MessageLoop::DoWork() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:535
[task 2018-03-01T15:32:13.432Z] 15:32:13 INFO - GECKO(2863) | #21 0x7f49405c9768 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/chromium/src/base/message_pump_default.cc:36:31
[task 2018-03-01T15:32:13.433Z] 15:32:13 INFO - GECKO(2863) | #22 0x7f49405c4bd9 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10
[task 2018-03-01T15:32:13.434Z] 15:32:13 INFO - GECKO(2863) | #23 0x7f49405c4bd9 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319
[task 2018-03-01T15:32:13.435Z] 15:32:13 INFO - GECKO(2863) | #24 0x7f49405c4bd9 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299
[task 2018-03-01T15:32:13.436Z] 15:32:13 INFO - GECKO(2863) | #25 0x7f494b66fd9a in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:718:34
[task 2018-03-01T15:32:13.437Z] 15:32:13 INFO - GECKO(2863) | #26 0x4f1126 in content_process_main /builds/worker/workspace/build/src/ipc/app/../contentproc/plugin-container.cpp:50:30
[task 2018-03-01T15:32:13.438Z] 15:32:13 INFO - GECKO(2863) | #27 0x4f1126 in main /builds/worker/workspace/build/src/ipc/app/MozillaRuntimeMain.cpp:25
[task 2018-03-01T15:32:13.440Z] 15:32:13 INFO - GECKO(2863) | #28 0x7f493c52682f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
[task 2018-03-01T15:32:13.444Z] 15:32:13 INFO - GECKO(2863) | previously allocated by thread T0 here:
[task 2018-03-01T15:32:13.445Z] 15:32:13 INFO - GECKO(2863) | #0 0x4edfa2 in operator new(unsigned long) /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:92:3
[task 2018-03-01T15:32:13.445Z] 15:32:13 INFO - GECKO(2863) | #1 0x7f49296edcde in GMPGetAPI /builds/worker/workspace/build/src/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp:479:21
[task 2018-03-01T15:32:13.491Z] 15:32:13 INFO - GECKO(2863) | #2 0x7f4945c4af62 in GetAPI /builds/worker/workspace/build/src/dom/media/gmp/GMPLoader.cpp:137:20
[task 2018-03-01T15:32:13.494Z] 15:32:13 INFO - GECKO(2863) | #3 0x7f4945c4af62 in GetAPI /builds/worker/workspace/build/src/dom/media/gmp/GMPChild.cpp:274
[task 2018-03-01T15:32:13.496Z] 15:32:13 INFO - GECKO(2863) | #4 0x7f4945c4af62 in mozilla::gmp::GMPContentChild::RecvPGMPVideoEncoderConstructor(mozilla::gmp::PGMPVideoEncoderChild*) /builds/worker/workspace/build/src/dom/media/gmp/GMPContentChild.cpp:121
[task 2018-03-01T15:32:13.498Z] 15:32:13 INFO - GECKO(2863) | #5 0x7f49407d405a in mozilla::gmp::PGMPContentChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/build/src/obj-firefox/ipc/ipdl/PGMPContentChild.cpp:260:20
[task 2018-03-01T15:32:13.499Z] 15:32:13 INFO - GECKO(2863) | #6 0x7f49406691de in mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2110:25
[task 2018-03-01T15:32:13.501Z] 15:32:13 INFO - GECKO(2863) | #7 0x7f4940666257 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2040:17
[task 2018-03-01T15:32:13.506Z] 15:32:13 INFO - GECKO(2863) | #8 0x7f494066795c in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:1886:5
[task 2018-03-01T15:32:13.507Z] 15:32:13 INFO - GECKO(2863) | #9 0x7f4940667fb8 in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:1919:15
[task 2018-03-01T15:32:13.508Z] 15:32:13 INFO - GECKO(2863) | #10 0x7f49405c77f3 in RunTask /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:452:9
[task 2018-03-01T15:32:13.512Z] 15:32:13 INFO - GECKO(2863) | #11 0x7f49405c77f3 in DeferOrRunPendingTask /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:460
[task 2018-03-01T15:32:13.514Z] 15:32:13 INFO - GECKO(2863) | #12 0x7f49405c77f3 in MessageLoop::DoWork() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:535
[task 2018-03-01T15:32:13.515Z] 15:32:13 INFO - GECKO(2863) | #13 0x7f49405c9768 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/chromium/src/base/message_pump_default.cc:36:31
[task 2018-03-01T15:32:13.519Z] 15:32:13 INFO - GECKO(2863) | #14 0x7f49405c4bd9 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10
[task 2018-03-01T15:32:13.524Z] 15:32:13 INFO - GECKO(2863) | #15 0x7f49405c4bd9 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319
[task 2018-03-01T15:32:13.526Z] 15:32:13 INFO - GECKO(2863) | #16 0x7f49405c4bd9 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299
[task 2018-03-01T15:32:13.533Z] 15:32:13 INFO - GECKO(2863) | #17 0x7f494b66fd9a in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:718:34
[task 2018-03-01T15:32:13.534Z] 15:32:13 INFO - GECKO(2863) | #18 0x4f1126 in content_process_main /builds/worker/workspace/build/src/ipc/app/../contentproc/plugin-container.cpp:50:30
[task 2018-03-01T15:32:13.540Z] 15:32:13 INFO - GECKO(2863) | #19 0x4f1126 in main /builds/worker/workspace/build/src/ipc/app/MozillaRuntimeMain.cpp:25
[task 2018-03-01T15:32:13.542Z] 15:32:13 INFO - GECKO(2863) | #20 0x7f493c52682f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
[task 2018-03-01T15:32:13.545Z] 15:32:13 INFO - GECKO(2863) | SUMMARY: AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp:279:24 in FakeVideoEncoder::Encode_m(GMPVideoi420Frame*, GMPVideoFrameType)
[task 2018-03-01T15:32:13.546Z] 15:32:13 INFO - GECKO(2863) | Shadow bytes around the buggy address:
[task 2018-03-01T15:32:13.548Z] 15:32:13 INFO - GECKO(2863) | 0x0c067fff8170: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fa
[task 2018-03-01T15:32:13.551Z] 15:32:13 INFO - GECKO(2863) | 0x0c067fff8180: fa fa fd fd fd fa fa fa 00 00 00 fa fa fa 00 00
[task 2018-03-01T15:32:13.553Z] 15:32:13 INFO - GECKO(2863) | 0x0c067fff8190: 00 fa fa fa fd fd fd fa fa fa 00 00 00 00 fa fa
[task 2018-03-01T15:32:13.557Z] 15:32:13 INFO - GECKO(2863) | 0x0c067fff81a0: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
[task 2018-03-01T15:32:13.559Z] 15:32:13 INFO - GECKO(2863) | 0x0c067fff81b0: fa fa 00 00 00 fa fa fa 00 00 00 00 fa fa fd fd
[task 2018-03-01T15:32:13.562Z] 15:32:13 INFO - GECKO(2863) | =>0x0c067fff81c0: fd fa fa fa fd fd fd fa fa fa fd fd fd[fd]fa fa
[task 2018-03-01T15:32:13.562Z] 15:32:13 INFO - GECKO(2863) | 0x0c067fff81d0: fd fd fd fa fa fa 00 00 00 fa fa fa fd fd fd fa
[task 2018-03-01T15:32:13.563Z] 15:32:13 INFO - GECKO(2863) | 0x0c067fff81e0: fa fa 00 00 00 fa fa fa fd fd fd fd fa fa fd fd
[task 2018-03-01T15:32:13.563Z] 15:32:13 INFO - GECKO(2863) | 0x0c067fff81f0: fd fd fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa
[task 2018-03-01T15:32:13.563Z] 15:32:13 INFO - GECKO(2863) | 0x0c067fff8200: 00 00 00 fa fa fa fd fd fd fd fa fa fd fd fd fd
[task 2018-03-01T15:32:13.565Z] 15:32:13 INFO - GECKO(2863) | 0x0c067fff8210: fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa fd fd
[task 2018-03-01T15:32:13.566Z] 15:32:13 INFO - GECKO(2863) | Shadow byte legend (one shadow byte represents 8 application bytes):
[task 2018-03-01T15:32:13.567Z] 15:32:13 INFO - GECKO(2863) | Addressable: 00
[task 2018-03-01T15:32:13.570Z] 15:32:13 INFO - GECKO(2863) | Partially addressable: 01 02 03 04 05 06 07
[task 2018-03-01T15:32:13.572Z] 15:32:13 INFO - GECKO(2863) | Heap left redzone: fa
[task 2018-03-01T15:32:13.572Z] 15:32:13 INFO - GECKO(2863) | Freed heap region: fd
[task 2018-03-01T15:32:13.573Z] 15:32:13 INFO - GECKO(2863) | Stack left redzone: f1
[task 2018-03-01T15:32:13.574Z] 15:32:13 INFO - GECKO(2863) | Stack mid redzone: f2
[task 2018-03-01T15:32:13.579Z] 15:32:13 INFO - GECKO(2863) | Stack right redzone: f3
[task 2018-03-01T15:32:13.581Z] 15:32:13 INFO - GECKO(2863) | Stack after return: f5
[task 2018-03-01T15:32:13.582Z] 15:32:13 INFO - GECKO(2863) | Stack use after scope: f8
[task 2018-03-01T15:32:13.583Z] 15:32:13 INFO - GECKO(2863) | Global redzone: f9
[task 2018-03-01T15:32:13.583Z] 15:32:13 INFO - GECKO(2863) | Global init order: f6
[task 2018-03-01T15:32:13.584Z] 15:32:13 INFO - GECKO(2863) | Poisoned by user: f7
[task 2018-03-01T15:32:13.585Z] 15:32:13 INFO - GECKO(2863) | Container overflow: fc
[task 2018-03-01T15:32:13.585Z] 15:32:13 INFO - GECKO(2863) | Array cookie: ac
[task 2018-03-01T15:32:13.586Z] 15:32:13 INFO - GECKO(2863) | Intra object redzone: bb
[task 2018-03-01T15:32:13.587Z] 15:32:13 INFO - GECKO(2863) | ASan internal: fe
[task 2018-03-01T15:32:13.588Z] 15:32:13 INFO - GECKO(2863) | Left alloca redzone: ca
[task 2018-03-01T15:32:13.589Z] 15:32:13 INFO - GECKO(2863) | Right alloca redzone: cb
[task 2018-03-01T15:32:13.590Z] 15:32:13 INFO - GECKO(2863) | ==3856==ABORTING
|
||
Comment 1•7 years ago
|
||
Randell: is this shipping code or just test code? Looks like raw pointers all over so UAF isn't too surprising. Is real code like that?
Group: core-security → media-core-security
Flags: needinfo?(rjesup)
|
||
Comment 2•7 years ago
|
||
There are 15 failures of this since the end of November. First one is https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&revision=84bcb5742e0c0d8d49c8c9605405a5e1dce671e0&filter-resultStatus=testfailed&filter-resultStatus=busted&filter-resultStatus=exception&filter-resultStatus=retry&filter-resultStatus=usercancel&filter-resultStatus=running&filter-resultStatus=pending&filter-resultStatus=runnable&selectedJob=148683048
|
||
Comment 3•7 years ago
|
||
This is a bug in the fake encoder; it should block processing the EncodingComplete (or defer it) until any pending operations are complete.
Byron - you're in there at the moment (I think); you might glance at this issue
Flags: needinfo?(rjesup)
Keywords: sec-low
|
||
Updated•7 years ago
|
Priority: -- → P2
|
|
||
Updated•7 years ago
|
Group: media-core-security
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
|
||
Comment 10•7 years ago
|
||
The patch from bug 1444363 might fix this too.
|
|
||
Updated•5 years ago
|
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(docfaraday)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•