Closed
Bug 1587244
Opened 5 years ago
Closed 5 years ago
Assertion failure: destP[n] == 0.0 || fabs(destP[n]) > 1.17549435082228750797e-38F (output should not be subnormal), at /builds/worker/workspace/build/src/dom/media/webaudio/blink/IIRFilter.cpp:110
Categories
(Core :: Web Audio, defect, P2)
Core
Web Audio
Tracking
()
RESOLVED
FIXED
mozilla72
People
(Reporter: jkratzer, Assigned: padenot)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(2 files)
Testcase found while fuzzing mozilla-central rev 035f52aed442.
Assertion failure: destP[n] == 0.0 || fabs(destP[n]) > 1.17549435082228750797e-38F (output should not be subnormal), at /builds/worker/workspace/build/src/dom/media/webaudio/blink/IIRFilter.cpp:110
rax = 0x000055bbc7e28340 rdx = 0x0000000000000000
rcx = 0x00007f6facbe2bb4 rbx = 0x00007f6f9e24cc10
rsi = 0x00007f6fb855d8b0 rdi = 0x00007f6fb855c680
rbp = 0x00007f6f9d187000 rsp = 0x00007f6f9d186f90
r8 = 0x00007f6fb855d8b0 r9 = 0x00007f6f9d188700
r10 = 0x0000000000000002 r11 = 0x0000000000000000
r12 = 0x00007f6f9f0926f0 r13 = 0x00007f6f9e242d60
r14 = 0x0000000000000066 r15 = 0x00007f6f9e243468
rip = 0x00007f6fa8bc789f
OS|Linux|0.0.0 Linux 5.0.0-29-generic #31~18.04.1-Ubuntu SMP Thu Sep 12 18:29:21 UTC 2019 x86_64
CPU|amd64|family 6 model 94 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|33
33|0|libxul.so|blink::IIRFilter::process(float const*, float*, unsigned long)|hg:hg.mozilla.org/mozilla-central:dom/media/webaudio/blink/IIRFilter.cpp:035f52aed4427b22facfa883067e298f10ef9e97|109|0x0
33|1|libxul.so|mozilla::dom::IIRFilterNodeEngine::ProcessBlock(mozilla::AudioNodeTrack*, long, mozilla::AudioBlock const&, mozilla::AudioBlock*, bool*)|hg:hg.mozilla.org/mozilla-central:dom/media/webaudio/IIRFilterNode.cpp:035f52aed4427b22facfa883067e298f10ef9e97|96|0x20
33|2|libxul.so|mozilla::AudioNodeTrack::ProcessInput(long, long, unsigned int)|hg:hg.mozilla.org/mozilla-central:dom/media/webaudio/AudioNodeTrack.cpp:035f52aed4427b22facfa883067e298f10ef9e97|517|0x1b
33|3|libxul.so|mozilla::MediaTrackGraphImpl::ProduceDataForTracksBlockByBlock(unsigned int, int)|hg:hg.mozilla.org/mozilla-central:dom/media/MediaTrackGraph.cpp:035f52aed4427b22facfa883067e298f10ef9e97|1041|0x7
33|4|libxul.so|mozilla::MediaTrackGraphImpl::Process()|hg:hg.mozilla.org/mozilla-central:dom/media/MediaTrackGraph.cpp:035f52aed4427b22facfa883067e298f10ef9e97|1207|0xe
33|5|libxul.so|mozilla::MediaTrackGraphImpl::OneIterationImpl(long)|hg:hg.mozilla.org/mozilla-central:dom/media/MediaTrackGraph.cpp:035f52aed4427b22facfa883067e298f10ef9e97|1308|0x5
33|6|libxul.so|mozilla::ThreadedDriver::RunThread()|hg:hg.mozilla.org/mozilla-central:dom/media/GraphDriver.cpp:035f52aed4427b22facfa883067e298f10ef9e97|296|0xc
33|7|libxul.so|mozilla::MediaTrackGraphInitThreadRunnable::Run()|hg:hg.mozilla.org/mozilla-central:dom/media/GraphDriver.cpp:035f52aed4427b22facfa883067e298f10ef9e97|209|0x10
33|8|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:035f52aed4427b22facfa883067e298f10ef9e97|1225|0x15
33|9|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:035f52aed4427b22facfa883067e298f10ef9e97|486|0x11
33|10|libxul.so|mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:035f52aed4427b22facfa883067e298f10ef9e97|303|0xa
33|11|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:035f52aed4427b22facfa883067e298f10ef9e97|315|0x17
33|12|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:035f52aed4427b22facfa883067e298f10ef9e97|290|0x8
33|13|libxul.so|nsThread::ThreadFunc(void*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:035f52aed4427b22facfa883067e298f10ef9e97|458|0x38
33|14|libnspr4.so|_pt_root|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/pthreads/ptthread.c:035f52aed4427b22facfa883067e298f10ef9e97|201|0x7
33|15|libpthread-2.27.so||||0x76db
33|16|libc-2.27.so||||0x12188f
Flags: in-testsuite?
|
Reporter | |
Comment 1•5 years ago
|
||
Testcase bisects back further than a year.
|
||
Comment 2•5 years ago
|
||
Paul looks like this is code from Blink. Could you please check if it's fixed upstream already?
Flags: needinfo?(padenot)
Priority: -- → P2
|
Assignee | |
Comment 3•5 years ago
|
||
It's perfectly possible to create unstable filter, that can easily go to
infinity, so this assert is not valid.
|
|
Assignee | |
Updated•5 years ago
|
Assignee: nobody → padenot
Flags: needinfo?(padenot)
|
|
Assignee | |
Comment 4•5 years ago
|
||
Upstream doesn't have this, the assert is buggy.
|
||
Updated•5 years ago
|
Attachment #9101860 -
Attachment description: Bug 1587244 - Allow NaN and Infinity in IIR filter output. r?karlt → Bug 1587244 - Allow NaN in IIR filter output. r?karlt
Pushed by padenot@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9705aa1abff2
Allow NaN in IIR filter output. r=karlt
|
||
Comment 6•5 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox72:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
|
|
Assignee | |
Comment 8•5 years ago
|
||
Probably not, this is just a fix to an assert that is only enabled in debug builds.
Flags: needinfo?(padenot)
|
||
Comment 9•5 years ago
|
||
Thanks, adjusting flags to keep it out of my queries then :)
|
||
Updated•5 years ago
|
status-firefox67:
--- → wontfix
status-firefox68:
--- → wontfix
status-firefox69:
--- → wontfix
status-firefox70:
--- → wontfix
status-firefox-esr68:
--- → wontfix
Flags: in-testsuite? → in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•