Assertion failure: !Failed(), at /builds/worker/workspace/obj-build/dist/include/mozilla/ErrorResult.h:583 [@ mozilla::gmp::ChromiumCDMParent::SetServerCertificate]
Categories
(Core :: Audio/Video, defect, P2)
Tracking
()
People
(Reporter: jkratzer, Assigned: bryce)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: assertion, regression, testcase)
Attachments
(1 file)
Testcase found while fuzzing mozilla-central rev e958c1008b99 (built with --enable-debug).
I've uploaded a pernosco session for this bug:
https://pernos.co/debug/RZxw9vavBG8V31X1Gf959Q/index.html
Assertion failure: !Failed(), at /builds/worker/workspace/obj-build/dist/include/mozilla/ErrorResult.h:583
#0 0x7f95293fe0be in mozilla::binding_danger::TErrorResult<mozilla::binding_danger::AssertAndSuppressCleanupPolicy>::AssertReportedOrSuppressed() /home/jkratzer/source/mozilla-central/objdir-ff-debug-pernosco/dist/include/mozilla/ErrorResult.h:583:5
#1 0x7f95293fe014 in mozilla::binding_danger::TErrorResult<mozilla::binding_danger::AssertAndSuppressCleanupPolicy>::~TErrorResult() /home/jkratzer/source/mozilla-central/objdir-ff-debug-pernosco/dist/include/mozilla/ErrorResult.h:183:7
#2 0x7f95293f3bd7 in mozilla::ErrorResult::~ErrorResult() /home/jkratzer/source/mozilla-central/objdir-ff-debug-pernosco/dist/include/mozilla/ErrorResult.h:693:7
#3 0x7f952f5df855 in mozilla::gmp::ChromiumCDMParent::RejectPromiseWithStateError(unsigned int, nsTString<char> const&) /home/jkratzer/source/mozilla-central/dom/media/gmp/ChromiumCDMParent.cpp:469:1
#4 0x7f952f5df7a0 in mozilla::gmp::ChromiumCDMParent::RejectPromiseShutdown(unsigned int) /home/jkratzer/source/mozilla-central/dom/media/gmp/ChromiumCDMParent.cpp:461:3
#5 0x7f952f5dfb3a in mozilla::gmp::ChromiumCDMParent::SetServerCertificate(unsigned int, nsTArray<unsigned char> const&) /home/jkratzer/source/mozilla-central/dom/media/gmp/ChromiumCDMParent.cpp:160:5
#6 0x7f952f62fa78 in decltype(*(fp).*fp0(Get<0ul>(fp1).PassAsParameter(), Get<1ul>(fp1).PassAsParameter())) mozilla::detail::RunnableMethodArguments<unsigned int, nsTArray<unsigned char> >::applyImpl<mozilla::gmp::ChromiumCDMParent, void (mozilla::gmp::ChromiumCDMParent::*)(unsigned int, nsTArray<unsigned char> const&), StoreCopyPassByConstLRef<unsigned int>, StoreCopyPassByConstLRef<nsTArray<unsigned char> >, 0ul, 1ul>(mozilla::gmp::ChromiumCDMParent*, void (mozilla::gmp::ChromiumCDMParent::*)(unsigned int, nsTArray<unsigned char> const&), mozilla::Tuple<StoreCopyPassByConstLRef<unsigned int>, StoreCopyPassByConstLRef<nsTArray<unsigned char> > >&, std::integer_sequence<unsigned long, 0ul, 1ul>) /home/jkratzer/source/mozilla-central/objdir-ff-debug-pernosco/dist/include/nsThreadUtils.h:1148:12
#7 0x7f952f62f9ac in decltype(applyImpl(fp, fp0, *(this).mArguments, std::integer_sequence<unsigned long, 0ul, 1ul>{})) mozilla::detail::RunnableMethodArguments<unsigned int, nsTArray<unsigned char> >::apply<mozilla::gmp::ChromiumCDMParent, void (mozilla::gmp::ChromiumCDMParent::*)(unsigned int, nsTArray<unsigned char> const&)>(mozilla::gmp::ChromiumCDMParent*, void (mozilla::gmp::ChromiumCDMParent::*)(unsigned int, nsTArray<unsigned char> const&)) /home/jkratzer/source/mozilla-central/objdir-ff-debug-pernosco/dist/include/nsThreadUtils.h:1154:12
#8 0x7f952f62f75f in mozilla::detail::RunnableMethodImpl<RefPtr<mozilla::gmp::ChromiumCDMParent>, void (mozilla::gmp::ChromiumCDMParent::*)(unsigned int, nsTArray<unsigned char> const&), true, (mozilla::RunnableKind)0, unsigned int, nsTArray<unsigned char> >::Run() /home/jkratzer/source/mozilla-central/objdir-ff-debug-pernosco/dist/include/nsThreadUtils.h:1201:13
#9 0x7f952957cab3 in nsThread::ProcessNextEvent(bool, bool*) /home/jkratzer/source/mozilla-central/xpcom/threads/nsThread.cpp:1152:16
#10 0x7f9529583056 in NS_ProcessNextEvent(nsIThread*, bool) /home/jkratzer/source/mozilla-central/xpcom/threads/nsThreadUtils.cpp:548:10
#11 0x7f952a75615f in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /home/jkratzer/source/mozilla-central/ipc/glue/MessagePump.cpp:302:20
#12 0x7f952a5dd056 in MessageLoop::RunInternal() /home/jkratzer/source/mozilla-central/ipc/chromium/src/base/message_loop.cc:335:10
#13 0x7f952a5dcfd4 in MessageLoop::RunHandler() /home/jkratzer/source/mozilla-central/ipc/chromium/src/base/message_loop.cc:328:3
#14 0x7f952a5dcf92 in MessageLoop::Run() /home/jkratzer/source/mozilla-central/ipc/chromium/src/base/message_loop.cc:310:3
#15 0x7f9529578b14 in nsThread::ThreadFunc(void*) /home/jkratzer/source/mozilla-central/xpcom/threads/nsThread.cpp:391:10
#16 0x7f954296444d in _pt_root /home/jkratzer/source/mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:201:5
#17 0x7f9542ec9608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477:8
#18 0x7f9542a92292 in clone /build/glibc-eX1tMB/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 1•3 years ago
|
||
Similar to bug 1642735 -- we need to suppress the exception if we can't keep passing it up the stack. Fix incoming.
Updated•3 years ago
|
Assignee | ||
Comment 2•3 years ago
|
||
Assignee | ||
Comment 3•3 years ago
|
||
My assumption is the path leading to this is racy, but to make sure, do you have a reliable repro? I'm fairly confident in my fix, but it wouldn't hurt to have a test too.
Reporter | ||
Comment 4•3 years ago
|
||
(In reply to Bryce Seager van Dyk (:bryce) from comment #3)
My assumption is the path leading to this is racy, but to make sure, do you have a reliable repro? I'm fairly confident in my fix, but it wouldn't hurt to have a test too.
:bryce, I do have a somewhat reliable repro but not one that would be suitable (raw fuzzer output) for landing as a test. I have tested against the patch above and can no longer reproduce the issue.
Assignee | ||
Comment 5•3 years ago
|
||
Thanks for checking! Good to know it does fix the case even if we don't land the case in central.
Pushed by bvandyk@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c833495ba8ec Stop ChromiumCDMParent triggering assert during early return of RejectPromise. r=jbauman
Updated•3 years ago
|
Comment 7•3 years ago
|
||
bugherder |
Description
•