Closed Bug 1533211 Opened 5 years ago Closed 5 years ago

Assertion failure: false (MOZ_ASSERT_UNREACHABLE: Should always be able to find the appropriate sample description! Malformed mp4?), at src/dom/media/mp4/Index.cpp:260

Categories

(Core :: Audio/Video: Playback, defect, P3)

Product:
Core
Component:
Audio/Video: Playback
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla68
Tracking Flags:
Tracking Status
firefox-esr60 --- wontfix
firefox67 --- wontfix
firefox68 --- fixed

People

(Reporter: tsmith, Assigned: bryce)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase)

Attachments

(3 files)

testcase.mp4
193.67 KB, video/mp4
Details
Bug 1533211 - Add crashtest for MP4 with a bad sample description index. r?jya
47 bytes, text/x-phabricator-request
Details | Review
Bug 1533211 - Remove assertion for if MP4 sample description index is invalid. r?jya
47 bytes, text/x-phabricator-request
Details | Review
Attached video testcase.mp4

Assertion failure: false (MOZ_ASSERT_UNREACHABLE: Should always be able to find the appropriate sample description! Malformed mp4?), at src/dom/media/mp4/Index.cpp:260

32|0|libxul.so|mozilla::SampleIterator::GetSampleDescriptionEntry()|hg:hg.mozilla.org/mozilla-central:dom/media/mp4/Index.cpp:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|258|0x0
32|1|libxul.so|mozilla::SampleIterator::GetNext()|hg:hg.mozilla.org/mozilla-central:dom/media/mp4/Index.cpp:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|121|0x8
32|2|libxul.so|mozilla::MP4TrackDemuxer::GetNextSample()|hg:hg.mozilla.org/mozilla-central:dom/media/mp4/MP4Demuxer.cpp:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|424|0x10
32|3|libxul.so|mozilla::MP4TrackDemuxer::GetSamples(int)|hg:hg.mozilla.org/mozilla-central:dom/media/mp4/MP4Demuxer.cpp:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|499|0xb
32|4|libxul.so|mozilla::detail::ProxyFunctionRunnable<mozilla::MediaFormatReader::DemuxerProxy::Wrapper::GetSamples(int)::{lambda()#1}, mozilla::MozPromise<RefPtr<mozilla::MediaTrackDemuxer::SamplesHolder>, mozilla::MediaResult, true> >::Run()|hg:hg.mozilla.org/mozilla-central:dom/media/MediaFormatReader.cpp:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|781|0xd
32|5|libxul.so|mozilla::TaskQueue::Runner::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskQueue.cpp:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|199|0x15
32|6|libxul.so|nsThreadPool::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadPool.cpp:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|241|0x15
32|7|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|1166|0x15
32|8|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|482|0x11
32|9|libxul.so|mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|333|0xd
32|10|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|315|0x17
32|11|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|308|0x8
32|12|libxul.so|nsThread::ThreadFunc(void*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|453|0x8
32|13|libnspr4.so|_pt_root|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/pthreads/ptthread.c:4ab143dde4dc3424cfedc74b3648fbf2e47fb7bf|201|0x7
32|14|libpthread-2.23.so||||0x76ba
32|15|libc-2.23.so||||0x10741d
Flags: in-testsuite?

Bryce, would you mind taking the first pass triage here?

Flags: needinfo?(bvandyk)

Holding NI to investigate. Suspicion is that if we don't get any sample description entries in the metadata we can still reach this and then fail when we try lookup. We should probably fail if we don't encounter any sample description entries earlier, as such files would be fairly badly malformed.

Priority: -- → P3

Add an mp4 with a bad sample description index to crashtests. When samples in a
fragment are encountered, they should reference a sample description entry found
in the mp4 header. However, it's possible that the index contained in the
fragment may refer to an entry that doesn't exist in the header, as in this
file.

It's possible for a malformed mp4 to contain invalid sample description index in
fragments, that do not reference any sample description entries found in the
header. E.g. the header may contain 2 sample description entries (which should
be indexed with indices 1 and 2), but for a fragment to contain an index to 4.
Instead of asserting in this case we should gracefully fail.

Bug 1547328 plans to add logging for this case, so we have a means to still
detect failures here from bad files.

Depends on D29733

Pushed by bvandyk@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/acbe63c7a420
Add crashtest for MP4 with a bad sample description index. r=jya
https://hg.mozilla.org/integration/autoland/rev/9de7d7669f41
Remove assertion for if MP4 sample description index is invalid. r=jya

https://hg.mozilla.org/mozilla-central/rev/acbe63c7a420
https://hg.mozilla.org/mozilla-central/rev/9de7d7669f41

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox68: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
Assignee: nobody → bvandyk
Flags: in-testsuite? → in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: