crash at null [@ mozilla::WebMContainerParser::ParseStartAndEndTimestamps]
Categories
(Core :: Audio/Video: Playback, defect, P3)
Tracking
()
People
(Reporter: tsmith, Assigned: jya)
References
(Blocks 1 open bug)
Details
(Keywords: crash, csectype-nullptr, testcase)
Crash Data
Attachments
(3 files)
Reduced with m-c 20200116-3f72a81bd12c
dom/media/mediasource/ContainerParser.cpp:198:25: runtime error: member call on null pointer of type 'nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>'
#0 0x7f462fa49f38 in mozilla::WebMContainerParser::ParseStartAndEndTimestamps(mozilla::MediaSpan const&, long&, long&) dom/media/mediasource/ContainerParser.cpp:198:25
#1 0x7f462fa1e699 in mozilla::TrackBuffersManager::SegmentParserLoop() dom/media/mediasource/TrackBuffersManager.cpp:831:18
#2 0x7f462fa7b04a in mozilla::detail::RunnableMethodImpl<mozilla::TrackBuffersManager*, void (mozilla::TrackBuffersManager::*)(), true, (mozilla::RunnableKind)0>::Run() objdir-ff-ubsan/dist/include/nsThreadUtils.h:1216:13
#3 0x7f46285ec2b7 in mozilla::TaskQueue::Runner::Run() xpcom/threads/TaskQueue.cpp:207:18
#4 0x7f4628607c18 in nsThreadPool::Run() xpcom/threads/nsThreadPool.cpp:299:14
#5 0x7f462860838c in non-virtual thunk to nsThreadPool::Run() xpcom/threads/nsThreadPool.cpp
#6 0x7f46285fdbf9 in nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:1220:14
#7 0x7f4628604bc6 in NS_ProcessNextEvent(nsIThread*, bool) xpcom/threads/nsThreadUtils.cpp:486:10
#8 0x7f46299fc5a4 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:332:5
#9 0x7f462983f0a4 in MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:290:3
#10 0x7f46285f8e59 in nsThread::ThreadFunc(void*) xpcom/threads/nsThread.cpp:464:10
#11 0x7f465000d3e8 in _pt_root nsprpub/pr/src/pthreads/ptthread.c:201:5
#12 0x7f46544d66da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
#13 0x7f46534b488e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Reporter | |
Comment 1•4 years ago
|
||
The test case must be served via a web server to trigger the issue.
|
|
Reporter | |
Comment 2•4 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/pslryWxNAd1pYO091ka8hw/index.html
jya, are you still looking at this?
|
Assignee | |
Comment 4•4 years ago
|
||
Here we get into a weird combination between having a mediasegment and what looks like an init segment but still have invalid data.
We don't error on stream with invalid data, instead we skip over it normally.
https://searchfox.org/mozilla-central/source/dom/media/mediasource/TrackBuffersManager.cpp#781
// 2. If the input buffer contains bytes that violate the SourceBuffer
// byte stream format specification, then run the append error algorithm
// with the decode error parameter set to true and abort this algorithm.
// TODO
simple fix.
|
|
Assignee | |
Comment 5•4 years ago
|
||
An error will be returned should it occur, we keep the code flow as-is in order to closely follow the MSE spec steps (https://w3c.github.io/media-source/#sourcebuffer-segment-parser-loop)
Pushed by jyavenard@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/889a6414e2d2 Never use the ContainerParser for media segments unless we have first received an init segment. r=bryce
|
||
Comment 7•4 years ago
|
||
| bugherder | ||
|
||
Comment 8•4 years ago
|
||
Since the status are different for nightly and release, what's the status for beta?
For more information, please visit auto_nag documentation.
|
||
Updated•4 years ago
|
|
||
Updated•4 years ago
|
|
||
Updated•4 years ago
|
|
||
Comment 9•4 years ago
|
||
This is fairly low volume, but feel free to request uplift if you think it's worth it.
|
|
||
Updated•4 years ago
|
Description
•