Closed
Bug 1578760
Opened 5 years ago
Closed 5 years ago
crash at null in [@ mozilla::BitReader::BitReader]
Categories
(Core :: Audio/Video: Playback, defect)
Core
Audio/Video: Playback
Tracking
()
RESOLVED
DUPLICATE
of bug 1579136
| Tracking | Status | |
|---|---|---|
| firefox71 | --- | fixed |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(4 keywords)
Attachments
(1 file)
|
78.50 KB,
video/mp4
|
Details |
Found with m-c 20190904-c2a533696457
==3867==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f87b4185a3f bp 0x7f8790661930 sp 0x7f8790661930 T37)
==3867==The signal is caused by a READ memory access.
==3867==Hint: address points to the zero page.
#0 0x7f87b4185a3e in Hdr src/obj-firefox/dist/include/nsTArray.h:493:32
#1 0x7f87b4185a3e in Elements src/obj-firefox/dist/include/nsTArray.h:1054
#2 0x7f87b4185a3e in mozilla::BitReader::BitReader(mozilla::MediaByteBuffer const*) src/dom/media/BitReader.cpp:12
#3 0x7f87b4a705cc in mozilla::H264::GetFrameType(mozilla::MediaRawData const*) src/dom/media/platforms/agnostic/bytestreams/H264.cpp:991:17
#4 0x7f87b4df6356 in mozilla::MP4TrackDemuxer::GetNextSample() src/dom/media/mp4/MP4Demuxer.cpp:392:30
#5 0x7f87b4df723a in mozilla::MP4TrackDemuxer::GetSamples(int) src/dom/media/mp4/MP4Demuxer.cpp:460:35
#6 0x7f87b4477051 in operator() src/dom/media/MediaFormatReader.cpp:603:54
#7 0x7f87b4477051 in mozilla::detail::ProxyFunctionRunnable<mozilla::MediaFormatReader::DemuxerProxy::Wrapper::GetSamples(int)::'lambda'(), mozilla::MozPromise<RefPtr<mozilla::MediaTrackDemuxer::SamplesHolder>, mozilla::MediaResult, true> >::Run() src/obj-firefox/dist/include/mozilla/MozPromise.h:1440
#8 0x7f87acac8a41 in mozilla::TaskQueue::Runner::Run() src/xpcom/threads/TaskQueue.cpp:199:12
#9 0x7f87acafd40a in nsThreadPool::Run() src/xpcom/threads/nsThreadPool.cpp:246:14
#10 0x7f87acafdfcc in non-virtual thunk to nsThreadPool::Run() src/xpcom/threads/nsThreadPool.cpp
#11 0x7f87acaf3b86 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1225:14
#12 0x7f87acaf9a88 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:486:10
#13 0x7f87adcff7b1 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:303:20
#14 0x7f87adbfae72 in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#15 0x7f87adbfae72 in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
#16 0x7f87adbfae72 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#17 0x7f87acaed4da in nsThread::ThreadFunc(void*) src/xpcom/threads/nsThread.cpp:458:11
#18 0x7f87d00180bd in _pt_root src/nsprpub/pr/src/pthreads/ptthread.c:198:5
#19 0x7f87cfc616b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#20 0x7f87cec8741c in clone /build/glibc-LK5gWL/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Flags: in-testsuite?
|
Reporter | |
Updated•5 years ago
|
Blocks: fuzzing-mp4
|
||
Comment 1•5 years ago
|
||
Alastor, do you think this is a duplicate of bug 1579136?
Flags: needinfo?(alwu)
|
||
Comment 2•5 years ago
|
||
Yes.
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(alwu)
Resolution: --- → DUPLICATE
|
||
Updated•5 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•