Closed Bug 1443198 Opened 6 years ago Closed 6 years ago

Crash [@ operator!]

Categories

(Core :: WebRTC, defect, P2)

Product:
Core
Component:
WebRTC
Version:
59 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla60
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox58 --- unaffected
firefox59 --- wontfix
firefox60 --- fixed

People

(Reporter: jkratzer, Assigned: bwc)

References

(Blocks 1 open bug)

Details

(Keywords: crash, testcase)

Attachments

(3 files)

trigger.html
365 bytes, text/html
Details
Bug 1443198 - Part 2: Check whether PC is closed before trying to create transceivers due to offerToReceive.
59 bytes, text/x-review-board-request
jib
: review+
Details
Bug 1443198 - Part 1: Test that offerToReceiveX doesn do anything silly when the PC is closed.
59 bytes, text/x-review-board-request
jib
: review+
Details
Attached file trigger.html 
Found while fuzzing mozilla-central rev 51200c0fdadd.

==22792==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000e0 (pc 0x7fa8c001e9b8 bp 0x7ffce7a17370 sp 0x7ffce7a17200 T0)
==22792==The signal is caused by a READ memory access.
==22792==Hint: address points to the zero page.
    #0 0x7fa8c001e9b7 in operator! /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h
    #1 0x7fa8c001e9b7 in mozilla::PeerConnectionMedia::AddTransceiver(mozilla::JsepTransceiver*, mozilla::dom::MediaStreamTrack&, mozilla::dom::MediaStreamTrack*, RefPtr<mozilla::TransceiverImpl>*) /builds/worker/workspace/build/src/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp:1138
    #2 0x7fa8c001f606 in CreateTransceiverImpl /builds/worker/workspace/build/src/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp:1209:17
    #3 0x7fa8c001f606 in mozilla::PeerConnectionImpl::CreateTransceiverImpl(nsTSubstring<char16_t> const&, mozilla::dom::MediaStreamTrack*, mozilla::ErrorResult&) /builds/worker/workspace/build/src/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp:1237
    #4 0x7fa8c1ec38ec in mozilla::dom::PeerConnectionImplBinding::createTransceiverImpl(JSContext*, JS::Handle<JSObject*>, mozilla::PeerConnectionImpl*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/PeerConnectionImplBinding.cpp:356:62
    #5 0x7fa8c3a16161 in mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3031:13
    #6 0x7fa8ca4f288e in CallJSNative /builds/worker/workspace/build/src/js/src/vm/JSContext-inl.h:290:15
    #7 0x7fa8ca4f288e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:467
    #8 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
    #9 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
    #10 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
    #11 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
    #12 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
    #13 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
    #14 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
    #15 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
    #16 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
    #17 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
    #18 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
    #19 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
    #20 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
    #21 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
    #22 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
    #23 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
    #24 0x7fa8ca4f33f3 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:535:10
    #25 0x7fa8cb0fa65f in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:3028:12
    #26 0x7fa8c205ca88 in mozilla::dom::RTCPeerConnectionJSImpl::CreateOffer(mozilla::dom::RTCOfferOptions const&, mozilla::ErrorResult&, JSCompartment*) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:6369:8
    #27 0x7fa8c213720f in CreateOffer /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:10100:17
    #28 0x7fa8c213720f in createOffer /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:1705
    #29 0x7fa8c213720f in mozilla::dom::RTCPeerConnectionBinding::createOffer_promiseWrapper(JSContext*, JS::Handle<JSObject*>, mozilla::dom::RTCPeerConnection*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:1789
    #30 0x7fa8c3a16f1f in mozilla::dom::GenericPromiseReturningBindingMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3073:13
    #31 0x7fa8ca4f288e in CallJSNative /builds/worker/workspace/build/src/js/src/vm/JSContext-inl.h:290:15
    #32 0x7fa8ca4f288e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:467
    #33 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
    #34 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
    #35 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
    #36 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
    #37 0x7fa8ca4f33f3 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:535:10
    #38 0x7fa8cb0fa65f in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:3028:12
    #39 0x7fa8c3157bef in mozilla::dom::EventListener::HandleEvent(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/EventListenerBinding.cpp:47:8
    #40 0x7fa8c41349a1 in HandleEvent<mozilla::dom::EventTarget *> /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/EventListenerBinding.h:66:12
    #41 0x7fa8c41349a1 in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, nsIDOMEvent*, mozilla::dom::EventTarget*) /builds/worker/workspace/build/src/dom/events/EventListenerManager.cpp:1104
    #42 0x7fa8c413609e in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*) /builds/worker/workspace/build/src/dom/events/EventListenerManager.cpp:1276:20
    #43 0x7fa8c411f967 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) /builds/worker/workspace/build/src/dom/events/EventDispatcher.cpp:527:16
    #44 0x7fa8c41236c3 in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) /builds/worker/workspace/build/src/dom/events/EventDispatcher.cpp:915:9
    #45 0x7fa8c41259bc in mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, nsIDOMEvent*, nsPresContext*, nsEventStatus*) /builds/worker/workspace/build/src/dom/events/EventDispatcher.cpp:994:12
    #46 0x7fa8c40e48c9 in mozilla::DOMEventTargetHelper::DispatchEvent(nsIDOMEvent*, bool*) /builds/worker/workspace/build/src/dom/events/DOMEventTargetHelper.cpp:269:5
    #47 0x7fa8c4143ac1 in mozilla::dom::EventTarget::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&) /builds/worker/workspace/build/src/dom/events/EventTarget.cpp:102:9
    #48 0x7fa8c32b917b in mozilla::dom::EventTargetBinding::dispatchEvent(JSContext*, JS::Handle<JSObject*>, mozilla::dom::EventTarget*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/EventTargetBinding.cpp:987:21
    #49 0x7fa8c32b5e24 in mozilla::dom::EventTargetBinding::genericMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/EventTargetBinding.cpp:1169:13
    #50 0x7fa8ca4f288e in CallJSNative /builds/worker/workspace/build/src/js/src/vm/JSContext-inl.h:290:15
    #51 0x7fa8ca4f288e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:467
    #52 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
    #53 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
    #54 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
    #55 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
    #56 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
    #57 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
    #58 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
    #59 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
    #60 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
    #61 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
    #62 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
    #63 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
    #64 0x7fa8ca4f33f3 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:535:10
    #65 0x7fa8cb0fa65f in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:3028:12
    #66 0x7fa8c1e1d701 in mozilla::dom::PeerConnectionObserverJSImpl::OnStateChange(mozilla::dom::PCObserverStateType, mozilla::ErrorResult&, JSCompartment*) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/PeerConnectionObserverBinding.cpp:2194:8
    #67 0x7fa8c0033d8b in mozilla::PeerConnectionImpl::SetSignalingState_m(mozilla::dom::PCImplSignalingState, bool) /builds/worker/workspace/build/src/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp:2889:8
    #68 0x7fa8c000e956 in mozilla::PeerConnectionImpl::Close() /builds/worker/workspace/build/src/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp:2655:3
    #69 0x7fa8c1ecd047 in Close /builds/worker/workspace/build/src/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.h:591:10
    #70 0x7fa8c1ecd047 in mozilla::dom::PeerConnectionImplBinding::close(JSContext*, JS::Handle<JSObject*>, mozilla::PeerConnectionImpl*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/PeerConnectionImplBinding.cpp:1081
    #71 0x7fa8c3a16161 in mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3031:13
    #72 0x7fa8ca4f288e in CallJSNative /builds/worker/workspace/build/src/js/src/vm/JSContext-inl.h:290:15
    #73 0x7fa8ca4f288e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:467
    #74 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
    #75 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
    #76 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
    #77 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
    #78 0x7fa8ca4f33f3 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:535:10
    #79 0x7fa8cb0fa65f in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:3028:12
    #80 0x7fa8c2080ad7 in mozilla::dom::RTCPeerConnectionJSImpl::Close(mozilla::ErrorResult&, JSCompartment*) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:8346:8
    #81 0x7fa8c214f7a7 in Close /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:10364:17
    #82 0x7fa8c214f7a7 in mozilla::dom::RTCPeerConnectionBinding::close(JSContext*, JS::Handle<JSObject*>, mozilla::dom::RTCPeerConnection*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/RTCPeerConnectionBinding.cpp:4202
    #83 0x7fa8c3a16161 in mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3031:13
    #84 0x7fa8ca4f288e in CallJSNative /builds/worker/workspace/build/src/js/src/vm/JSContext-inl.h:290:15
    #85 0x7fa8ca4f288e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:467
    #86 0x7fa8ca4db250 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:522:12
    #87 0x7fa8ca4db250 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3085
    #88 0x7fa8ca4bd424 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:417:12
    #89 0x7fa8ca4f2687 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:489:15
    #90 0x7fa8ca4f33f3 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:535:10
    #91 0x7fa8ca703afe in PromiseReactionJob(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/js/src/builtin/Promise.cpp:1237:14
    #92 0x7fa8ca4f288e in CallJSNative /builds/worker/workspace/build/src/js/src/vm/JSContext-inl.h:290:15
    #93 0x7fa8ca4f288e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:467
    #94 0x7fa8ca4f33f3 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:535:10
    #95 0x7fa8cb0fa65f in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:3028:12
    #96 0x7fa8c1ffafb2 in mozilla::dom::PromiseJobCallback::Call(JSContext*, JS::Handle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/PromiseBinding.cpp:21:8
    #97 0x7fa8be0da515 in Call /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/PromiseBinding.h:90:12
    #98 0x7fa8be0da515 in Call /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/PromiseBinding.h:103
    #99 0x7fa8be0da515 in mozilla::PromiseJobRunnable::Run(mozilla::AutoSlowOperation&) /builds/worker/workspace/build/src/xpcom/base/CycleCollectedJSContext.cpp:205
    #100 0x7fa8be0bf621 in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint() /builds/worker/workspace/build/src/xpcom/base/CycleCollectedJSContext.cpp:543:17
    #101 0x7fa8be0bfe6d in mozilla::CycleCollectedJSContext::AfterProcessTask(unsigned int) /builds/worker/workspace/build/src/xpcom/base/CycleCollectedJSContext.cpp:374:3
    #102 0x7fa8bfcdc73d in XPCJSContext::AfterProcessTask(unsigned int) /builds/worker/workspace/build/src/js/xpconnect/src/XPCJSContext.cpp:1246:30
    #103 0x7fa8be266d12 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1056:24
    #104 0x7fa8be2825d0 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:517:10
    #105 0x7fa8bf1432ca in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:97:21
    #106 0x7fa8bf093229 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10
    #107 0x7fa8bf093229 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319
    #108 0x7fa8bf093229 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299
    #109 0x7fa8c5d592ea in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:157:27
    #110 0x7fa8ca1ec47b in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:892:22
    #111 0x7fa8bf093229 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10
    #112 0x7fa8bf093229 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319
    #113 0x7fa8bf093229 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299
    #114 0x7fa8ca1ebe5a in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:718:34
    #115 0x4f6f2c in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:50:30
    #116 0x4f6f2c in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:280
    #117 0x7fa8dddfd82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
Flags: in-testsuite?
Rank: 19
Priority: -- → P2
Looks like JS is calling createOffer() inside the state change callback caused by a call to close(), but PeerConnection.js is allowing it. Shouldn't be hard to fix I think...
Assignee: nobody → docfaraday
Comment on attachment 8956486 [details]
Bug 1443198 - Part 1: Test that offerToReceiveX doesn do anything silly when the PC is closed.

https://reviewboard.mozilla.org/r/225404/#review231368
Attachment #8956486 - Flags: review?(jib) → review+
Comment on attachment 8956463 [details]
Bug 1443198 - Part 2: Check whether PC is closed before trying to create transceivers due to offerToReceive.

https://reviewboard.mozilla.org/r/225358/#review231376

Not right for the legacy callback API.

::: dom/media/PeerConnection.js:823
(Diff revision 2)
>    _ensureTransceiversForOfferToReceive(options) {
> +    this._checkClosed();

In general, spec-mandated state checks are best done higher up, in the calling function IMHO.

Looks like this won't fire the error callback correctly if the legacy callback API is used. Normally I wouldn't care, except offerToReceiveX is also legacy. 

See [1]. Moving the _ensureTransceiversForOfferToReceive() call to this._createOffer should fix it.

[1] https://searchfox.org/mozilla-central/rev/bffd3e0225b65943364be721881470590b9377c1/dom/media/PeerConnection.js#787,795-797,801
Attachment #8956463 - Flags: review?(jib) → review-
Comment on attachment 8956463 [details]
Bug 1443198 - Part 2: Check whether PC is closed before trying to create transceivers due to offerToReceive.

https://reviewboard.mozilla.org/r/225358/#review231936
Attachment #8956463 - Flags: review?(jib) → review+
Pushed by bcampen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/14858f6bea8d
Part 1: Test that offerToReceiveX doesn do anything silly when the PC is closed. r=jib
https://hg.mozilla.org/integration/autoland/rev/a34f669a52e1
Part 2: Check whether PC is closed before trying to create transceivers due to offerToReceive. r=jib
https://hg.mozilla.org/mozilla-central/rev/14858f6bea8d
https://hg.mozilla.org/mozilla-central/rev/a34f669a52e1
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox60: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
status-firefox58: --- → unaffected
status-firefox59: --- → wontfix
status-firefox-esr52: --- → unaffected
Flags: in-testsuite? → in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: