Closed
Bug 1536243
Opened 7 years ago
Closed 1 month ago
Conditional jump or move depends on uninitialized values created by mozilla::FFmpegDataDecoder<57>::InitDecoder
Categories
(Core :: Audio/Video: Playback, defect, P4)
Core
Audio/Video: Playback
Tracking
()
RESOLVED
FIXED
150 Branch
People
(Reporter: tsmith, Assigned: padenot)
References
(Blocks 1 open bug)
Details
(Keywords: csectype-uninitialized, sec-low, testcase, Whiteboard: [adv-main150+r])
Attachments
(2 files)
==76355== Thread 55 MediaPD~oder #1:
==76355== Conditional jump or move depends on uninitialised value(s)
==76355== at 0x2D87F9D8: ff_h2645_extract_rbsp (h2645_parse.c:56)
==76355== by 0x2D87FEA3: ff_h2645_packet_split (h2645_parse.c:329)
==76355== by 0x2D8BCBAE: decode_extradata_ps (h264_parse.c:358)
==76355== by 0x2D8BE37F: ff_h264_decode_extradata (h264_parse.c:399)
==76355== by 0x2D63DCCE: h264_decode_init (h264dec.c:416)
==76355== by 0x2DC45A15: avcodec_open2 (utils.c:1023)
==76355== by 0x11C975C4: mozilla::FFmpegDataDecoder<57>::InitDecoder() (FFmpegDataDecoder.cpp:99)
==76355== by 0x11C99B81: mozilla::FFmpegVideoDecoder<57>::Init() (FFmpegVideoDecoder.cpp:141)
==76355== by 0x11C67E75: mozilla::detail::ProxyFunctionRunnable<mozilla::MediaChangeMonitor::Init()::$_0, mozilla::MozPromise<mozilla::TrackInfo::TrackType, mozilla::MediaResult, true> >::Run() (MediaChangeMonitor.cpp:235)
==76355== by 0xFD43DB3: mozilla::TaskQueue::Runner::Run() (TaskQueue.cpp:199)
==76355== by 0xFD54423: nsThreadPool::Run() (nsThreadPool.cpp:241)
==76355== by 0xFD5456C: non-virtual thunk to nsThreadPool::Run() (nsThreadPool.cpp:0)
==76355== Uninitialised value was created by a heap allocation
==76355== at 0x4C32373: memalign (vg_replace_malloc.c:908)
==76355== by 0x4C32476: posix_memalign (vg_replace_malloc.c:1072)
==76355== by 0x2EF27762: av_malloc (in /usr/lib/x86_64-linux-gnu/libavutil.so.55.78.100)
==76355== by 0x11C9750A: mozilla::FFmpegDataDecoder<57>::InitDecoder() (FFmpegDataDecoder.cpp:82)
==76355== by 0x11C99B81: mozilla::FFmpegVideoDecoder<57>::Init() (FFmpegVideoDecoder.cpp:141)
==76355== by 0x11C67E75: mozilla::detail::ProxyFunctionRunnable<mozilla::MediaChangeMonitor::Init()::$_0, mozilla::MozPromise<mozilla::TrackInfo::TrackType, mozilla::MediaResult, true> >::Run() (MediaChangeMonitor.cpp:235)
==76355== by 0xFD43DB3: mozilla::TaskQueue::Runner::Run() (TaskQueue.cpp:199)
==76355== by 0xFD54423: nsThreadPool::Run() (nsThreadPool.cpp:241)
==76355== by 0xFD5456C: non-virtual thunk to nsThreadPool::Run() (nsThreadPool.cpp:0)
==76355== by 0xFD50D47: nsThread::ProcessNextEvent(bool, bool*) (nsThread.cpp:1179)
==76355== by 0xFD52EA7: NS_ProcessNextEvent(nsIThread*, bool) (nsThreadUtils.cpp:482)
==76355== by 0x101E464C: mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) (MessagePump.cpp:333)
Flags: in-testsuite?
|
||
Comment 1•7 years ago
|
||
Nils, who should take a look?
Rank: 10
Flags: needinfo?(drno)
Priority: -- → P2
|
||
Updated•4 years ago
|
|
||
Updated•3 years ago
|
Severity: normal → S3
|
||
Comment 3•1 year ago
|
||
I would like to work on this issue and start working on it. Please assign to me if possible. Thanks.
|
Assignee | |
Comment 4•1 month ago
|
||
|
||
Updated•1 month ago
|
Assignee: nobody → padenot
Status: NEW → ASSIGNED
Pushed by padenot@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/ee4105f0e4ff
https://hg.mozilla.org/integration/autoland/rev/0e004b61c29e
Use av_mallocz to zero FFmpeg extradata padding. r=media-playback-reviewers,jolin
|
||
Comment 6•1 month ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 1 month ago
status-firefox150:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 150 Branch
|
||
Updated•29 days ago
|
QA Whiteboard: [qa-triage-done-c151/b150]
|
||
Updated•6 days ago
|
Whiteboard: [adv-main150+r]
|
||
Updated•1 day ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•