Closed
Bug 1492365
Opened 6 years ago
Closed 6 years ago
Crash in mozilla::Span<T>::First
Categories
(Core :: Audio/Video: Playback, defect)
Tracking
()
RESOLVED
FIXED
mozilla64
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | unaffected |
firefox62 | --- | unaffected |
firefox63 | --- | fixed |
firefox64 | --- | fixed |
People
(Reporter: calixte, Assigned: jya)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
46 bytes,
text/x-phabricator-request
|
mozbugz
:
review+
pascalc
:
approval-mozilla-beta+
|
Details | Review |
This bug was filed from the Socorro interface and is report bp-2274a51e-92de-4f19-a16f-833c60180918. ============================================================= Top 10 frames of crashing thread: 0 xul.dll class mozilla::Span<char, 18446744073709551615> mozilla::Span<char, 18446744073709551615>::First mfbt/Span.h:679 1 xul.dll class mozilla::Result<unsigned int, nsresult> mozilla::MediaCacheStream::ReadBlockFromCache dom/media/MediaCache.cpp:2637 2 xul.dll nsresult mozilla::MediaCacheStream::Read dom/media/MediaCache.cpp:2698 3 xul.dll mozilla::MediaCacheStream::ReadAt dom/media/MediaCache.cpp:2778 4 xul.dll nsresult mozilla::MediaResourceIndex::CacheOrReadAt dom/media/MediaResource.cpp:301 5 xul.dll mozilla::MediaResourceIndex::ReadAt dom/media/MediaResource.cpp:266 6 xul.dll mozilla::ResourceStream::ReadAt dom/media/mp4/ResourceStream.cpp:34 7 xul.dll mozilla::SampleIterator::GetNext dom/media/mp4/Index.cpp:120 8 xul.dll struct already_AddRefed<mozilla::MediaRawData> mozilla::MP4TrackDemuxer::GetNextSample dom/media/mp4/MP4Demuxer.cpp:459 9 xul.dll mozilla::MP4TrackDemuxer::GetSamples dom/media/mp4/MP4Demuxer.cpp:534 ============================================================= There are 9 crashes (from 2 installations) in nightly 64 with buildid 20180918075510. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1491132. [1] https://hg.mozilla.org/mozilla-central/rev?node=e0bd55a3e557
Flags: needinfo?(jyavenard)
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → jyavenard
Flags: needinfo?(jyavenard)
Assignee | ||
Comment 1•6 years ago
|
||
Should mStreamLength be > 2^32, we could have overflowed leading to false positive test.
Comment on attachment 9010166 [details] Bug 1492365 - Prevent arithmetic overflow. Gerald Squelart [:gerald] has approved the revision.
Attachment #9010166 -
Flags: review+
Pushed by jyavenard@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e52cb4ceec89 Prevent arithmetic overflow. r=gerald
Comment 4•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/e52cb4ceec89
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Assignee | ||
Comment 5•6 years ago
|
||
Comment on attachment 9010166 [details] Bug 1492365 - Prevent arithmetic overflow. Approval Request Comment [Feature/Bug causing the regression]: 1491132 [User impact if declined]: boom on > 4GB video file [Is this code covered by automated tests?]: no unless we're willing to make the repository size explode [Has the fix been verified in Nightly?]: no [Needs manual test from QE? If yes, steps to reproduce]: no [List of other uplifts needed for the feature/fix]: none [Is the change risky?]: no [Why is the change risky/not risky?]: we prevent casting a 64 bits int into 32 [String changes made/needed]: none
Attachment #9010166 -
Flags: approval-mozilla-beta?
Comment 6•6 years ago
|
||
Comment on attachment 9010166 [details] Bug 1492365 - Prevent arithmetic overflow. Crash fix, uplift approved for 63 beta 8, thanks.
Attachment #9010166 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 7•6 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/d7d69ea0353c
Updated•6 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•