Closed Bug 1799057 Opened 2 years ago Closed 2 years ago

Perma gtest | application crashed [@ MOZ_Crash(char const*, int, char const*)]

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
108 Branch
Tracking Flags:
Tracking Status
firefox-esr102 108+ fixed
firefox106 --- wontfix
firefox107 --- fixed
firefox108 --- fixed

People

(Reporter: intermittent-bug-filer, Assigned: glandium)

References

Details

(Keywords: crash)

Crash Data

Attachments

(3 files)

Bug 1799057 - Enable rust 1.57 features of the fallible_collections crate.
48 bytes, text/x-phabricator-request
Details | Review
Bug 1799057 - Enable rust 1.57 features of the fallible_collections crate.
48 bytes, text/x-phabricator-request
dmeehan
: approval-mozilla-beta+
Details | Review
Bug 1799057 - Don't allow allocations sizes larger than isize::MAX in vec_try_extend.
48 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-esr102+
Details | Review

Filed by: mh [at] glandium.org
Parsed log: https://treeherder.mozilla.org/logviewer?job_id=395473771&repo=autoland
Full log: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/RPpq-KXnT6SBZ9lKAo63ag/runs/0/artifacts/public/logs/live_backing.log

[task 2022-11-04T01:13:07.168Z] 01:13:07     INFO -  Hit MOZ_CRASH(Invalid layout: LayoutError) at /builds/worker/checkouts/gecko/third_party/rust/fallible_collections/src/vec.rs:486
[task 2022-11-04T01:13:07.257Z] 01:13:07     INFO -  Initializing stack-fixing for the first stack frame, this may take a while...
[task 2022-11-04T01:13:29.615Z] 01:13:29     INFO -  #01: RustMozCrash(char const*, int, char const*) [mozglue/static/rust/wrappers.cpp:17]
[task 2022-11-04T01:13:29.619Z] 01:13:29     INFO -  #02: mozglue_static::panic_hook(core::panic::panic_info::PanicInfo*) [mozglue/static/rust/lib.rs:91]
[task 2022-11-04T01:13:29.620Z] 01:13:29     INFO -  #03: core::ops::function::Fn::call<void (*)(ref$<core::panic::panic_info::PanicInfo>),tuple$<ref$<core::panic::panic_info::PanicInfo> > >(void (**)(core::panic::panic_info::PanicInfo*), core::panic::panic_info::PanicInfo*) [git:github.com/rust-lang/rust:../897e37553bba8b42751c67658967889d11ecd120/library/core/src/ops/function.rs:897e37553bba8b42751c67658967889d11ecd120:77]
[task 2022-11-04T01:13:29.621Z] 01:13:29     INFO -  #04: std::panicking::rust_panic_with_hook() [git:github.com/rust-lang/rust:library/std/src/panicking.rs:897e37553bba8b42751c67658967889d11ecd120:702]
[task 2022-11-04T01:13:29.621Z] 01:13:29     INFO -  #05: std::panicking::begin_panic_handler::closure$0() [git:github.com/rust-lang/rust:library/std/src/panicking.rs:897e37553bba8b42751c67658967889d11ecd120:588]
[task 2022-11-04T01:13:29.621Z] 01:13:29     INFO -  #06: std::sys_common::backtrace::__rust_end_short_backtrace<std::panicking::begin_panic_handler::closure_env$0,never$>() [git:github.com/rust-lang/rust:library/std/src/sys_common/backtrace.rs:897e37553bba8b42751c67658967889d11ecd120:138]
[task 2022-11-04T01:13:29.622Z] 01:13:29     INFO -  #07: fallible_collections::vec::std_io::TryRead::read_into_try_vec<mp4parse::BMFFBox<mp4parse::BMFFBox<mp4parse::OffsetReader<mp4parse_capi::Mp4parseIo> > > >(mp4parse::BMFFBox<mp4parse::BMFFBox<mp4parse::OffsetReader<mp4parse_capi::Mp4parseIo> > >*) [third_party/rust/fallible_collections/src/vec.rs:225]
[task 2022-11-04T01:13:29.622Z] 01:13:29     INFO -  #08: mp4parse::read_avif_meta<mp4parse::OffsetReader<mp4parse_capi::Mp4parseIo> >(mp4parse::BMFFBox<mp4parse::OffsetReader<mp4parse_capi::Mp4parseIo> >*, mp4parse::ParseStrictness, mp4parse::UnsupportedFeatures*) [third_party/rust/mp4parse/src/lib.rs:2504]
[task 2022-11-04T01:13:29.622Z] 01:13:29     INFO -  #09: mp4parse_capi::mp4parse_avif_new(mp4parse_capi::Mp4parseIo*, mp4parse::ParseStrictness, mp4parse_capi::Mp4parseAvifParser**) [third_party/rust/mp4parse_capi/src/lib.rs:483]
[task 2022-11-04T01:13:29.623Z] 01:13:29     INFO -  #10: mozilla::image::AVIFParser::Init() [image/decoders/nsAVIFDecoder.cpp:261]
[task 2022-11-04T01:13:29.623Z] 01:13:29     INFO -  #11: mozilla::image::AVIFParser::Create(Mp4parseIo const*, mozilla::UniquePtr<mozilla::image::AVIFParser,mozilla::DefaultDelete<mozilla::image::AVIFParser> >&) [image/decoders/nsAVIFDecoder.cpp:215]
[task 2022-11-04T01:13:29.623Z] 01:13:29     INFO -  #12: mozilla::image::nsAVIFDecoder::Decode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*) [image/decoders/nsAVIFDecoder.cpp:1243]
[task 2022-11-04T01:13:29.624Z] 01:13:29     INFO -  #13: mozilla::image::nsAVIFDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*) [image/decoders/nsAVIFDecoder.cpp:1169]
[task 2022-11-04T01:13:29.624Z] 01:13:29     INFO -  #14: mozilla::image::Decoder::Decode(mozilla::image::IResumable*) [image/Decoder.cpp:177]
[task 2022-11-04T01:13:29.624Z] 01:13:29     INFO -  #15: mozilla::image::AnonymousDecodingTask::Run() [image/IDecodingTask.cpp:191]
[task 2022-11-04T01:13:29.625Z] 01:13:29     INFO -  #16: WithSingleChunkDecode<`lambda at /builds/worker/checkouts/gecko/image/test/gtest/TestDecoders.cpp:170:25'>(mozilla::image::ImageTestCase const&, mozilla::Maybe<mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> > const&, bool, CheckDecoderSingleChunk::<lambda_126>) [image/test/gtest/TestDecoders.cpp:164]
[task 2022-11-04T01:13:29.625Z] 01:13:29     INFO -  #17: ImageDecoders_CorruptAVIFSingleChunk_Test::TestBody() [image/test/gtest/TestDecoders.cpp:962]
[task 2022-11-04T01:13:29.625Z] 01:13:29     INFO -  #18: testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test,void>(testing::Test*, void (testing::Test::*)(), char const*) [third_party/googletest/googletest/src/gtest.cc:2601]
[task 2022-11-04T01:13:29.625Z] 01:13:29     INFO -  #19: testing::internal::HandleExceptionsInMethodIfSupported<testing::Test,void>(testing::Test*, void (testing::Test::*)(), char const*) [third_party/googletest/googletest/src/gtest.cc:2654]
[task 2022-11-04T01:13:29.626Z] 01:13:29     INFO -  #20: testing::Test::Run() [third_party/googletest/googletest/src/gtest.cc:2674]
[task 2022-11-04T01:13:29.626Z] 01:13:29     INFO -  #21: testing::TestInfo::Run() [third_party/googletest/googletest/src/gtest.cc:2856]
[task 2022-11-04T01:13:29.627Z] 01:13:29     INFO -  #22: testing::TestSuite::Run() [third_party/googletest/googletest/src/gtest.cc:3014]
Assignee: nobody → mh+mozilla
Blocks: rustc-1.65
See Also: → https://github.com/vcombey/fallible_collections/issues/30

To work around issues the older code has with 1.65.

To work around issues the older code has with 1.65.

Pushed by mh@glandium.org:
https://hg.mozilla.org/integration/autoland/rev/f34445641c88
Enable rust 1.57 features of the fallible_collections crate. r=RyanVM

Comment on attachment 9301913 [details]
Bug 1799057 - Enable rust 1.57 features of the fallible_collections crate.

Beta/Release Uplift Approval Request

  • User impact if declined: (Note: this is the same patch as D161234, but for crafted for beta)
    Crashes on some forms of invalid mp4 media when built downstream with rustc 1.65
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): It's effectively replacing code from a rust crate with equivalent code from the rust standard library.
  • String changes made/needed:
  • Is Android affected?: No
Attachment #9301913 - Flags: approval-mozilla-beta?

On ESR, we have a version of fallible_collections that doesn't have the
rust_1_57 feature, and newer versions that do also pull a new version
of hashbrown, which is an heavy weight change (and would create a
duplicate of hashbrown).

Instead, backport https://github.com/vcombey/fallible_collections/pull/31/commits/f26cad643c852d6b31f0287a517a88d6a0c5b6ac

We're probably going to want this on ESR eventually as there are downstreams which will build with rust 1.65. However, given the relatively obscure circumstances these crashes occur under, we don't need to rush the fix into this cycle still.

status-firefox106: --- → wontfix
status-firefox107: --- → affected
status-firefox108: --- → affected
status-firefox-esr102: --- → affected
tracking-firefox-esr102: --- → 108+

Comment on attachment 9301916 [details]
Bug 1799057 - Don't allow allocations sizes larger than isize::MAX in vec_try_extend.

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Crashes on some forms of invalid mp4 media when built downstream with rustc 1.65
  • User impact if declined:
  • Fix Landed on Version: 108
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Fix is different than on central, but is simple enough (adding an overflow check)
Attachment #9301916 - Flags: approval-mozilla-esr102?

https://hg.mozilla.org/mozilla-central/rev/f34445641c88

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox108: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 108 Branch

Comment on attachment 9301913 [details]
Bug 1799057 - Enable rust 1.57 features of the fallible_collections crate.

Approved for 107.0RC1

Attachment #9301913 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Comment on attachment 9301916 [details]
Bug 1799057 - Don't allow allocations sizes larger than isize::MAX in vec_try_extend.

Approved for 102.6esr.

Attachment #9301916 - Flags: approval-mozilla-esr102? → approval-mozilla-esr102+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: