Closed Bug 1822103 Opened 2 years ago Closed 2 years ago

gecko/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp:1125:19: runtime error: load of value 70, which is not a valid value for type 'enum AVColorSpace'

Categories

(Core :: Audio/Video: Playback, defect)

Product:
Core
Component:
Audio/Video: Playback
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox-esr102 --- wontfix
firefox111 --- wontfix
firefox112 --- wontfix
firefox113 --- wontfix
firefox114 --- fix-optional

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: csectype-undefined, regression, testcase, Whiteboard: [bugmon:bisected,confirmed])

Attachments

(1 file)

testcase.mp4
19.76 KB, video/mp4
Details
Attached video testcase.mp4

Found while fuzzing m-c 20230310-0565e88d9452 (--enable-address-sanitizer --enable-fuzzing)

To reproduce via Grizzly Replay:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -a --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.mp4

/builds/worker/checkouts/gecko/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp:1125:19: runtime error: load of value 70, which is not a valid value for type 'enum AVColorSpace'
    #0 0x7f97506cc726 in mozilla::FFmpegVideoDecoder<46465650>::GetFrameColorSpace() const /builds/worker/checkouts/gecko/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp:1125:19
    #1 0x7f97506cb541 in mozilla::FFmpegVideoDecoder<46465650>::CreateImage(long, long, long, nsTArray<RefPtr<mozilla::MediaData>>&) const /builds/worker/checkouts/gecko/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp:1249:22
    #2 0x7f97506c7b36 in mozilla::FFmpegVideoDecoder<46465650>::DoDecode(mozilla::MediaRawData*, unsigned char*, int, bool*, nsTArray<RefPtr<mozilla::MediaData>>&) /builds/worker/checkouts/gecko/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp:969:12
    #3 0x7f97506bb1cd in mozilla::FFmpegDataDecoder<46465650>::DoDecode(mozilla::MediaRawData*, bool*, nsTArray<RefPtr<mozilla::MediaData>>&) /builds/worker/checkouts/gecko/dom/media/platforms/ffmpeg/FFmpegDataDecoder.cpp:193:10
    #4 0x7f97506ba973 in mozilla::FFmpegDataDecoder<46465650>::ProcessDecode(mozilla::MediaRawData*) /builds/worker/checkouts/gecko/dom/media/platforms/ffmpeg/FFmpegDataDecoder.cpp:147:20
    #5 0x7f97506d2bdb in applyImpl<mozilla::FFmpegDataDecoder<46465650>, RefPtr<mozilla::MozPromise<nsTArray<RefPtr<mozilla::MediaData> >, mozilla::MediaResult, true> > (mozilla::FFmpegDataDecoder<46465650>::*)(mozilla::MediaRawData *), StoreRefPtrPassByPtr<mozilla::MediaRawData>, 0UL> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:12
    #6 0x7f97506d2bdb in apply<mozilla::FFmpegDataDecoder<46465650>, RefPtr<mozilla::MozPromise<nsTArray<RefPtr<mozilla::MediaData> >, mozilla::MediaResult, true> > (mozilla::FFmpegDataDecoder<46465650>::*)(mozilla::MediaRawData *)> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1169:12
    #7 0x7f97506d2bdb in mozilla::detail::MethodCall<mozilla::MozPromise<nsTArray<RefPtr<mozilla::MediaData>>, mozilla::MediaResult, true>, RefPtr<mozilla::MozPromise<nsTArray<RefPtr<mozilla::MediaData>>, mozilla::MediaResult, true>> (mozilla::FFmpegDataDecoder<46465650>::*)(mozilla::MediaRawData*), mozilla::FFmpegDataDecoder<46465650>, mozilla::MediaRawData*>::Invoke() /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:1547:47
    #8 0x7f97506d26ed in mozilla::detail::ProxyRunnable<mozilla::MozPromise<nsTArray<RefPtr<mozilla::MediaData>>, mozilla::MediaResult, true>, RefPtr<mozilla::MozPromise<nsTArray<RefPtr<mozilla::MediaData>>, mozilla::MediaResult, true>> (mozilla::FFmpegDataDecoder<46465650>::*)(mozilla::MediaRawData*), mozilla::FFmpegDataDecoder<46465650>, mozilla::MediaRawData*>::Run() /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:1567:42
    #9 0x7f97497041cc in mozilla::TaskQueue::Runner::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskQueue.cpp:259:20
    #10 0x7f9749731bcb in nsThreadPool::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadPool.cpp:343:14
    #11 0x7f97497242d4 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1233:16
    #12 0x7f974972df84 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:477:10
    #13 0x7f974af3a9f4 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:300:20
    #14 0x7f974adb7bc7 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
    #15 0x7f974adb7bc7 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
    #16 0x7f974adb7bc7 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
    #17 0x7f974971bb75 in nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:391:10
    #18 0x7f976bdeb628 in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
    #19 0x7f976c553b42 in start_thread nptl/pthread_create.c:442:8
    #20 0x7f976c5e59ff  misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
Flags: in-testsuite?

Verified bug as reproducible on mozilla-central 20230313172201-a3447f709bef.
The bug appears to have been introduced in the following build range:

Start: 7d3600925e24a1c8cf634968d0afa43e41e00d1d (20220329114347)
End: ac056c06d8cac6a625c33f5d3e003548ccd2ec57 (20220329130731)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=7d3600925e24a1c8cf634968d0afa43e41e00d1d&tochange=ac056c06d8cac6a625c33f5d3e003548ccd2ec57

Keywords: regression
Whiteboard: [bugmon:bisected,confirmed]
Regressed by: 1761471

Set release status flags based on info from the regressing bug 1761471

:stransky, since you are the author of the regressor, bug 1761471, could you take a look?

For more information, please visit auto_nag documentation.

status-firefox111: --- → affected
status-firefox-esr102: --- → affected
Flags: needinfo?(stransky)
Flags: needinfo?(stransky)
Flags: needinfo?(stransky)

This falls back to DefaultColorSpace({mFrame->width, mFrame->height});

Flags: needinfo?(stransky)

Not sure what to do with this bug. Alastor you reviewed the patch that regressed this, maybe you can have a look?

Flags: needinfo?(alwu)
Severity: -- → S4

I think this is not an actually error, mFrame->colorspace is set by the ffmpeg, which is not something we can control. If that value is set to some incorrect value like this, we always use default path to handle the color space so there won't be any problem.

Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(alwu)
Resolution: --- → WONTFIX

No valid actions for resolution (WONTFIX).
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

Keywords: bugmon
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: