Closed Bug 1532858 Opened 5 years ago Closed 5 years ago

UBSan: Value outside the range of representable values of type 'unsigned int' [@ mozilla::WebMDemuxer::ReadMetadata]

Categories

(Core :: Audio/Video: Playback, defect, P2)

Product:
Core
Component:
Audio/Video: Playback
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla67
Tracking Flags:
Tracking Status
firefox67 --- fixed

People

(Reporter: tsmith, Assigned: jya)

References

(Blocks 2 open bugs)

Details

(Keywords: csectype-undefined, testcase)

Attachments

(2 files)

testcase.webm
8.06 KB, video/webm
Details
Bug 1532858 - Ensure metadata values are sane. r?bryce
47 bytes, text/x-phabricator-request
Details | Review
Attached video testcase.webm

Found in m-c commit 78601cacfe69

This was build with undefined behavior sanitizer checks enabled via mozconfig.
ac_add_options --enable-undefined-sanitizer="enum"

src/dom/media/webm/WebMDemuxer.cpp:389:28: runtime error: -1.31667e+308 is outside the range of representable values of type 'unsigned int'
    #0 0x7f0500e53633 in mozilla::WebMDemuxer::ReadMetadata() src/dom/media/webm/WebMDemuxer.cpp:389:28
    #1 0x7f0500e5180f in mozilla::WebMDemuxer::Init() src/dom/media/webm/WebMDemuxer.cpp:181:7
    #2 0x7f050082ebb3 in operator() src/dom/media/MediaFormatReader.cpp:898:47
    #3 0x7f050082ebb3 in mozilla::detail::ProxyFunctionRunnable<mozilla::MediaFormatReader::DemuxerProxy::Init()::$_9, mozilla::MozPromise<mozilla::MediaResult, mozilla::MediaResult, true> >::Run() src/objdir-ff-ubsan/dist/include/mozilla/MozPromise.h:1419
    #4 0x7f04fb1c4450 in mozilla::TaskQueue::Runner::Run() src/xpcom/threads/TaskQueue.cpp:199:12
    #5 0x7f04fb1f3fc3 in nsThreadPool::Run() src/xpcom/threads/nsThreadPool.cpp:241:14
    #6 0x7f04fb1f433c in non-virtual thunk to nsThreadPool::Run() src/xpcom/threads/nsThreadPool.cpp
    #7 0x7f04fb1ebfd1 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1166:14
    #8 0x7f04fb1f09fd in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:482:10
    #9 0x7f04fc2eea5a in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:303:20
    #10 0x7f04fc1b5650 in RunHandler src/ipc/chromium/src/base/message_loop.cc:308:3
    #11 0x7f04fc1b5650 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
    #12 0x7f04fb1e6902 in nsThread::ThreadFunc(void*) src/xpcom/threads/nsThread.cpp:453:11
    #13 0x7f0521474592 in _pt_root src/nsprpub/pr/src/pthreads/ptthread.c:201:5
    #14 0x7f05210f46da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
    #15 0x7f05200d288e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Assignee: nobody → jyavenard
Rank: 15
Priority: -- → P2
Pushed by jyavenard@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e0fb5aa748b0
Ensure metadata values are sane. r=kinetik

https://hg.mozilla.org/mozilla-central/rev/e0fb5aa748b0

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox67: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: