Closed
Bug 1443198
Opened 7 years ago
Closed 7 years ago
Crash [@ operator!]
Categories
(Core :: WebRTC, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla60
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox58 | --- | unaffected |
| firefox59 | --- | wontfix |
| firefox60 | --- | fixed |
People
(Reporter: jkratzer, Assigned: bwc)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase)
Attachments
(3 files)
Found while fuzzing mozilla-central rev 51200c0fdadd.
==22792==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000e0 (pc 0x7fa8c001e9b8 bp 0x7ffce7a17370 sp 0x7ffce7a17200 T0)
==22792==The signal is caused by a READ memory access.
==22792==Hint: address points to the zero page.
#0 0x7fa8c001e9b7 in operator! /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h
#1 0x7fa8c001e9b7 in mozilla::PeerConnectionMedia::AddTransceiver(mozilla::JsepTransceiver*, mozilla::dom::MediaStreamTrack&, mozilla::dom::MediaStreamTrack*, RefPtr<mozilla::TransceiverImpl>*) /builds/worker/workspace/build/src/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp:1138
#2 0x7fa8c001f606 in CreateTransceiverImpl /builds/worker/workspace/build/src/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp:1209:17
#3 0x7fa8c001f606 in mozilla::PeerConnectionImpl::CreateTransceiverImpl(nsTSubstring<char16_t> const&, mozilla::dom::MediaStreamTrack*, mozilla::ErrorResult&) /builds/worker/workspace/build/src/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp:1237
#4 0x7fa8c1ec38ec in mozilla::dom::PeerConnectionImplBinding::createTransceiverImpl(JSContext*, JS::Handle<JSObject*>, mozilla::PeerConnectionImpl*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/PeerConnectionImplBinding.cpp:356:62
#5 0x7fa8c3a16161 in mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3031:13
#6 0x7fa8ca4f288e in CallJSNative /builds/worker/workspace/build/src/js/src/vm/JSContext-inl.h:290:15
#7 0x7fa8ca4f288e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:467
#8 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
#9 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
#10 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
#11 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
#12 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
#13 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
#14 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
#15 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
#16 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
#17 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
#18 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
#19 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
#20 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
#21 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
#22 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
#23 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
#24 0x7fa8ca4f33f3 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:535:10
#25 0x7fa8cb0fa65f in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:3028:12
#26 0x7fa8c205ca88 in mozilla::dom::RTCPeerConnectionJSImpl::CreateOffer(mozilla::dom::RTCOfferOptions const&, mozilla::ErrorResult&, JSCompartment*) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:6369:8
#27 0x7fa8c213720f in CreateOffer /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:10100:17
#28 0x7fa8c213720f in createOffer /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:1705
#29 0x7fa8c213720f in mozilla::dom::RTCPeerConnectionBinding::createOffer_promiseWrapper(JSContext*, JS::Handle<JSObject*>, mozilla::dom::RTCPeerConnection*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:1789
#30 0x7fa8c3a16f1f in mozilla::dom::GenericPromiseReturningBindingMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3073:13
#31 0x7fa8ca4f288e in CallJSNative /builds/worker/workspace/build/src/js/src/vm/JSContext-inl.h:290:15
#32 0x7fa8ca4f288e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:467
#33 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
#34 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
#35 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
#36 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
#37 0x7fa8ca4f33f3 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:535:10
#38 0x7fa8cb0fa65f in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:3028:12
#39 0x7fa8c3157bef in mozilla::dom::EventListener::HandleEvent(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/EventListenerBinding.cpp:47:8
#40 0x7fa8c41349a1 in HandleEvent<mozilla::dom::EventTarget *> /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/EventListenerBinding.h:66:12
#41 0x7fa8c41349a1 in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, nsIDOMEvent*, mozilla::dom::EventTarget*) /builds/worker/workspace/build/src/dom/events/EventListenerManager.cpp:1104
#42 0x7fa8c413609e in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*) /builds/worker/workspace/build/src/dom/events/EventListenerManager.cpp:1276:20
#43 0x7fa8c411f967 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) /builds/worker/workspace/build/src/dom/events/EventDispatcher.cpp:527:16
#44 0x7fa8c41236c3 in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) /builds/worker/workspace/build/src/dom/events/EventDispatcher.cpp:915:9
#45 0x7fa8c41259bc in mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, nsIDOMEvent*, nsPresContext*, nsEventStatus*) /builds/worker/workspace/build/src/dom/events/EventDispatcher.cpp:994:12
#46 0x7fa8c40e48c9 in mozilla::DOMEventTargetHelper::DispatchEvent(nsIDOMEvent*, bool*) /builds/worker/workspace/build/src/dom/events/DOMEventTargetHelper.cpp:269:5
#47 0x7fa8c4143ac1 in mozilla::dom::EventTarget::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&) /builds/worker/workspace/build/src/dom/events/EventTarget.cpp:102:9
#48 0x7fa8c32b917b in mozilla::dom::EventTargetBinding::dispatchEvent(JSContext*, JS::Handle<JSObject*>, mozilla::dom::EventTarget*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/EventTargetBinding.cpp:987:21
#49 0x7fa8c32b5e24 in mozilla::dom::EventTargetBinding::genericMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/EventTargetBinding.cpp:1169:13
#50 0x7fa8ca4f288e in CallJSNative /builds/worker/workspace/build/src/js/src/vm/JSContext-inl.h:290:15
#51 0x7fa8ca4f288e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:467
#52 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
#53 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
#54 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
#55 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
#56 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
#57 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
#58 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
#59 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
#60 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
#61 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
#62 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
#63 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
#64 0x7fa8ca4f33f3 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:535:10
#65 0x7fa8cb0fa65f in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:3028:12
#66 0x7fa8c1e1d701 in mozilla::dom::PeerConnectionObserverJSImpl::OnStateChange(mozilla::dom::PCObserverStateType, mozilla::ErrorResult&, JSCompartment*) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/PeerConnectionObserverBinding.cpp:2194:8
#67 0x7fa8c0033d8b in mozilla::PeerConnectionImpl::SetSignalingState_m(mozilla::dom::PCImplSignalingState, bool) /builds/worker/workspace/build/src/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp:2889:8
#68 0x7fa8c000e956 in mozilla::PeerConnectionImpl::Close() /builds/worker/workspace/build/src/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp:2655:3
#69 0x7fa8c1ecd047 in Close /builds/worker/workspace/build/src/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.h:591:10
#70 0x7fa8c1ecd047 in mozilla::dom::PeerConnectionImplBinding::close(JSContext*, JS::Handle<JSObject*>, mozilla::PeerConnectionImpl*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/PeerConnectionImplBinding.cpp:1081
#71 0x7fa8c3a16161 in mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3031:13
#72 0x7fa8ca4f288e in CallJSNative /builds/worker/workspace/build/src/js/src/vm/JSContext-inl.h:290:15
#73 0x7fa8ca4f288e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:467
#74 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
#75 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
#76 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
#77 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
#78 0x7fa8ca4f33f3 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:535:10
#79 0x7fa8cb0fa65f in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:3028:12
#80 0x7fa8c2080ad7 in mozilla::dom::RTCPeerConnectionJSImpl::Close(mozilla::ErrorResult&, JSCompartment*) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:8346:8
#81 0x7fa8c214f7a7 in Close /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:10364:17
#82 0x7fa8c214f7a7 in mozilla::dom::RTCPeerConnectionBinding::close(JSContext*, JS::Handle<JSObject*>, mozilla::dom::RTCPeerConnection*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:4202
#83 0x7fa8c3a16161 in mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3031:13
#84 0x7fa8ca4f288e in CallJSNative /builds/worker/workspace/build/src/js/src/vm/JSContext-inl.h:290:15
#85 0x7fa8ca4f288e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:467
#86 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
#87 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
#88 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
#89 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
#90 0x7fa8ca4f33f3 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:535:10
#91 0x7fa8ca703afe in PromiseReactionJob(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/js/src/builtin/Promise.cpp:1237:14
#92 0x7fa8ca4f288e in CallJSNative /builds/worker/workspace/build/src/js/src/vm/JSContext-inl.h:290:15
#93 0x7fa8ca4f288e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:467
#94 0x7fa8ca4f33f3 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:535:10
#95 0x7fa8cb0fa65f in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:3028:12
#96 0x7fa8c1ffafb2 in mozilla::dom::PromiseJobCallback::Call(JSContext*, JS::Handle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/PromiseBinding.cpp:21:8
#97 0x7fa8be0da515 in Call /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/PromiseBinding.h:90:12
#98 0x7fa8be0da515 in Call /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/PromiseBinding.h:103
#99 0x7fa8be0da515 in mozilla::PromiseJobRunnable::Run(mozilla::AutoSlowOperation&) /builds/worker/workspace/build/src/xpcom/base/CycleCollectedJSContext.cpp:205
#100 0x7fa8be0bf621 in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint() /builds/worker/workspace/build/src/xpcom/base/CycleCollectedJSContext.cpp:543:17
#101 0x7fa8be0bfe6d in mozilla::CycleCollectedJSContext::AfterProcessTask(unsigned int) /builds/worker/workspace/build/src/xpcom/base/CycleCollectedJSContext.cpp:374:3
#102 0x7fa8bfcdc73d in XPCJSContext::AfterProcessTask(unsigned int) /builds/worker/workspace/build/src/js/xpconnect/src/XPCJSContext.cpp:1246:30
#103 0x7fa8be266d12 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1056:24
#104 0x7fa8be2825d0 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:517:10
#105 0x7fa8bf1432ca in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:97:21
#106 0x7fa8bf093229 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10
#107 0x7fa8bf093229 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319
#108 0x7fa8bf093229 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299
#109 0x7fa8c5d592ea in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:157:27
#110 0x7fa8ca1ec47b in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:892:22
#111 0x7fa8bf093229 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10
#112 0x7fa8bf093229 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319
#113 0x7fa8bf093229 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299
#114 0x7fa8ca1ebe5a in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:718:34
#115 0x4f6f2c in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:50:30
#116 0x4f6f2c in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:280
#117 0x7fa8dddfd82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
Flags: in-testsuite?
|
||
Updated•7 years ago
|
Rank: 19
Priority: -- → P2
|
Assignee | |
Comment 1•7 years ago
|
||
Looks like JS is calling createOffer() inside the state change callback caused by a call to close(), but PeerConnection.js is allowing it. Shouldn't be hard to fix I think...
|
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → docfaraday
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
||
Comment 5•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8956486 [details]
Bug 1443198 - Part 1: Test that offerToReceiveX doesn do anything silly when the PC is closed.
https://reviewboard.mozilla.org/r/225404/#review231368
Attachment #8956486 -
Flags: review?(jib) → review+
|
|
||
Comment 6•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8956463 [details]
Bug 1443198 - Part 2: Check whether PC is closed before trying to create transceivers due to offerToReceive.
https://reviewboard.mozilla.org/r/225358/#review231376
Not right for the legacy callback API.
::: dom/media/PeerConnection.js:823
(Diff revision 2)
> _ensureTransceiversForOfferToReceive(options) {
> + this._checkClosed();
In general, spec-mandated state checks are best done higher up, in the calling function IMHO.
Looks like this won't fire the error callback correctly if the legacy callback API is used. Normally I wouldn't care, except offerToReceiveX is also legacy.
See [1]. Moving the _ensureTransceiversForOfferToReceive() call to this._createOffer should fix it.
[1] https://searchfox.org/mozilla-central/rev/bffd3e0225b65943364be721881470590b9377c1/dom/media/PeerConnection.js#787,795-797,801
Attachment #8956463 -
Flags: review?(jib) → review-
| Comment hidden (mozreview-request) |
|
|
||
Comment 8•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8956463 [details]
Bug 1443198 - Part 2: Check whether PC is closed before trying to create transceivers due to offerToReceive.
https://reviewboard.mozilla.org/r/225358/#review231936
Attachment #8956463 -
Flags: review?(jib) → review+
Pushed by bcampen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/14858f6bea8d
Part 1: Test that offerToReceiveX doesn do anything silly when the PC is closed. r=jib
https://hg.mozilla.org/integration/autoland/rev/a34f669a52e1
Part 2: Check whether PC is closed before trying to create transceivers due to offerToReceive. r=jib
|
||
Comment 10•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/14858f6bea8d
https://hg.mozilla.org/mozilla-central/rev/a34f669a52e1
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox60:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
|
||
Updated•7 years ago
|
status-firefox58:
--- → unaffected
status-firefox59:
--- → wontfix
status-firefox-esr52:
--- → unaffected
Flags: in-testsuite? → in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•