Closed
Bug 1573536
Opened 5 years ago
Closed 5 years ago
AddressSanitizer: SEGV /src/obj-firefox/dist/include/mozilla/RefPtr.h:91:27 near [@ mozilla::SourceListener::InitializeAsync]
Categories
(Core :: WebRTC: Audio/Video, defect, P2)
Core
WebRTC: Audio/Video
Tracking
()
RESOLVED
FIXED
mozilla70
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox-esr68 | --- | unaffected |
| firefox68 | --- | unaffected |
| firefox69 | --- | unaffected |
| firefox70 | --- | fixed |
People
(Reporter: jkratzer, Assigned: pehrsons)
References
(Blocks 2 open bugs, Regression)
Details
(Keywords: crash, regression, testcase)
Attachments
(3 files)
Testcase found while fuzzing mozilla-central rev 58400ee2747a.
==13565==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000040 (pc 0x7f828e8bb79b bp 0x7fffd83b6930 sp 0x7fffd83b6800 T0)
==13565==The signal is caused by a READ memory access.
==13565==Hint: address points to the zero page.
#0 0x7f828e8bb79a in RefPtr /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:91:27
#1 0x7f828e8bb79a in mozilla::SourceListener::InitializeAsync() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:4056
#2 0x7f828e9b17a9 in mozilla::GetUserMediaStreamRunnable::Run() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:1233:22
#3 0x7f828708fb50 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1225:14
#4 0x7f8287095f68 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:486:10
#5 0x7f828828425f in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:88:21
#6 0x7f82881815c2 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
#7 0x7f82881815c2 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308
#8 0x7f82881815c2 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290
#9 0x7f8290392c79 in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:137:27
#10 0x7f82942845af in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:934:20
#11 0x7f82881815c2 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
#12 0x7f82881815c2 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308
#13 0x7f82881815c2 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290
#14 0x7f8294283e56 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:769:34
#15 0x558caf84bf13 in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#16 0x558caf84bf13 in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:267
#17 0x7f82a88d2b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
Flags: in-testsuite?
|
||
Comment 1•5 years ago
|
||
Andreas, would you mind taking a first pass triage on this?
Flags: needinfo?(apehrson)
|
Assignee | |
Updated•5 years ago
|
Assignee: nobody → apehrson
Status: NEW → ASSIGNED
Component: Audio/Video → WebRTC: Audio/Video
Flags: needinfo?(apehrson)
Priority: -- → P2
|
|
Assignee | |
Updated•5 years ago
|
Has Regression Range: --- → yes
Has STR: --- → yes
status-firefox68:
--- → unaffected
status-firefox69:
--- → unaffected
status-firefox-esr60:
--- → unaffected
status-firefox-esr68:
--- → unaffected
Regressed by: 1493613
|
|
Assignee | |
Comment 2•5 years ago
|
||
|
|
Assignee | |
Comment 3•5 years ago
|
||
Depends on D42530
|
||
Updated•5 years ago
|
Keywords: regression
Pushed by pehrsons@gmail.com: https://hg.mozilla.org/integration/autoland/rev/b33102d31be2 Add crashtest. r=padenot https://hg.mozilla.org/integration/autoland/rev/4b772d42c3ca Allow gUM with audio:{mediaSource:audioCapture} and video:true simultaneously. r=padenot
|
||
Comment 5•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/b33102d31be2
https://hg.mozilla.org/mozilla-central/rev/4b772d42c3ca
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
|
||
Updated•4 years ago
|
Blocks: asan-maintenance
You need to log in
before you can comment on or make changes to this bug.
Description
•